My workplace hadn't used a server prior, and we wanted employees who work remotely to be able to VPN to the server to access files. We don't have a network administrator, so I guess that makes me the network administrator. We have a server with FreeNAS 11 STABLE installed. I followed this guide and confirmed that OpenVPN was running inside the FreeNAS jail @ IP 10.1.10.2. I configured my router to forward port 1194 to the FreeNas server @ 10.1.10.225 (Maybe the wrong port?). I went home and installed the OpenVPN GUI and imported my client config file. I tried to use the GUI to VPN to the network, but I got an error about the keys and certificates not being available. I grabbed my keys and certificate and moved them to the proper location. I tried to VPN again, but I get this:
Code: Select all
Wed Sep 13 09:45:08 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 13 09:45:08 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 13 09:45:08 2017 MANAGEMENT: >STATE:1505321108,RESOLVE,,,,,,
Wed Sep 13 09:45:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]73.xx.xx.xxx:443
Wed Sep 13 09:45:08 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Sep 13 09:45:08 2017 UDP link local: (not bound)
Wed Sep 13 09:45:08 2017 UDP link remote: [AF_INET]73.xx.xx.xxx:443
Wed Sep 13 09:45:08 2017 MANAGEMENT: >STATE:1505321108,WAIT,,,,,,
Wed Sep 13 09:46:08 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 13 09:46:08 2017 TLS Error: TLS handshake failed
Wed Sep 13 09:46:08 2017 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 13 09:46:08 2017 MANAGEMENT: >STATE:1505321168,RECONNECTING,tls-error,,,,,
Code: Select all
The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.
Client config
client
dev tun
proto udp
remote 73.xx.xx.xxx 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert nickh.crt
key nickh.key
remote-cert-tls server
cipher AES-256-CBC
tls-auth ta.key 1
#dhcp-option DNS 0.0.0.0
#redirect-gateway def1
comp-lzo
verb 3
float
dev tun
proto udp
remote 73.xx.xx.xxx 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert nickh.crt
key nickh.key
remote-cert-tls server
cipher AES-256-CBC
tls-auth ta.key 1
#dhcp-option DNS 0.0.0.0
#redirect-gateway def1
comp-lzo
verb 3
float
Server config
port 10011
proto udp
dev tun
ca ca.crt
cert openvpn-server.crt #Server public key
key openvpn-server.key #Server private key
dh dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 73.xx.xx.xxx 255.255.255.0" #Yellow network
tls-auth ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3
proto udp
dev tun
ca ca.crt
cert openvpn-server.crt #Server public key
key openvpn-server.key #Server private key
dh dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 73.xx.xx.xxx 255.255.255.0" #Yellow network
tls-auth ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3