Skip to content
Need help troubleshooting: Connection to pfSense OpenVPN no longer works
Got a problem with Viscosity or need help? Ask here!
- Posts: 14
- Joined: Wed May 30, 2018 3:49 pm
A while back I followed the instructions for how to set up an OpenVPN server on pfSense. I got it to work beautifully. A few months later it no longer works.
The OpenVPN log file on my pfSense box reveals nothing. Neither do the logs in Viscosity Details.
For troubleshooting I hop on my neighbor’s network and try to make a connection with Viscosity to my OpenVPN server. I checked all the firewall rules, and they check out. The firewall log file reveals no blocked connection attempt from the Viscosity client.
while the firewall log shows nothing related to the WAN-facing IP address of the client.
I am completely stumped.
The OpenVPN log file on my pfSense box reveals nothing. Neither do the logs in Viscosity Details.
For troubleshooting I hop on my neighbor’s network and try to make a connection with Viscosity to my OpenVPN server. I checked all the firewall rules, and they check out. The firewall log file reveals no blocked connection attempt from the Viscosity client.
Code: Select all
Meanwhile the pfSense OpenVPN log file shows only this (note that the Viscosity log above displays EDT, while the pfSense log uses Zulu, a four-hour difference:2020-10-30 18:38:41: Viscosity Mac 1.8.6 (1546)
2020-10-30 18:38:41: Viscosity OpenVPN Engine Started
2020-10-30 18:38:41: Running on macOS 10.15.7
2020-10-30 18:38:41: ---------
2020-10-30 18:38:41: State changed to Connecting
2020-10-30 18:38:41: Checking reachability status of connection...
2020-10-30 18:38:41: Connection is reachable. Starting connection attempt.
2020-10-30 18:38:42: OpenVPN 2.4.9 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jun 13 2020
2020-10-30 18:38:42: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-10-30 18:38:42: Resolving address: xxx.xxx.net
2020-10-30 18:38:42: Valid endpoint found: xxx.xxx.xxx.xxx:443:tcp4-client
2020-10-30 18:38:42: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:443
2020-10-30 18:38:42: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:443 [nonblock]
while the firewall log shows nothing related to the WAN-facing IP address of the client.
I am completely stumped.
- Posts: 14
- Joined: Wed May 30, 2018 3:49 pm
Update: When I connect my laptop through my phone the Viscosity log shows a few more lines:
Why would the connection reset itself?
Code: Select all
It then cycles.2020-10-30 18:55:49: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:443
2020-10-30 18:55:49: TCPv4_CLIENT link local: (not bound)
2020-10-30 18:55:49: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:443
2020-10-30 18:55:55: Connection reset, restarting [-1]
2020-10-30 18:55:55: SIGUSR1[soft,connection-reset] received, process restarting
Why would the connection reset itself?
Hi DominikHoffmann,
This indicates that the TCP connection is being severed. The initial underlying TCP connection starts, but it's then blocked/terminated shortly afterwards. It could point to firewall problems (make sure to check both incoming and outgoing), problems with the NAT rules on the device, or a problem or filtering on the network between the client and the server.
You could try increasing the OpenVPN log verbosity on the server to see whether it contains more information. However judging from the error messages posted this is likely unrelated to OpenVPN and more likely to a firewall/NAT/filtering issue either on the server, or on the network/internet connection.
Cheers,
James
This indicates that the TCP connection is being severed. The initial underlying TCP connection starts, but it's then blocked/terminated shortly afterwards. It could point to firewall problems (make sure to check both incoming and outgoing), problems with the NAT rules on the device, or a problem or filtering on the network between the client and the server.
You could try increasing the OpenVPN log verbosity on the server to see whether it contains more information. However judging from the error messages posted this is likely unrelated to OpenVPN and more likely to a firewall/NAT/filtering issue either on the server, or on the network/internet connection.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
3 posts
Page 1 of 1