I recently went out to Las Vegas, and while I was out there, I tried to connect via openvpn to my home lan, and it failed.
Last time I used openvpn, it worked, however, that was before covid, since we have been working from home ever since, so I have not needed to use a tunnel. Unfortunately (fortunately, actually), that has been almost 6 1/2 years.
So when I got home, I started testing using the wifi connection in the house, which is on a DMZ on my pfsense firewall. By default, the DMZ only routes to the WAN, so to get to the internal network, I still need a vpn connection.
So in messing with it on the wifi link, what I found is that when I have tls-auth turned on (0 on the server/firewall, 1 on the client/laptop), it will give me a constant P_CONTROL_HARD_RESET_CLIENT_V2 error. If I run tcpdump on the firewall side, I see packets incoming from the laptop, but no responses going back out. However, if I turn off tls-auth on both sides, it connects just fine.
I tried generating new tls keys and sharing the new key to both client and server, but neither the old key nor the new work.
The server end is running on pfsense 2.8.1-RELEASE, and the client is running on FreeBSD 15.0-RELEASE-p6 (though the behavior was also on -p5). I know I could whack everything and install OPNsense with wireguard and set up that infrastructure, but that is a future me problem, and is on the todo list.
Anyone got suggestions of what might be the problem? I'm happy to provide more information, but didn't want to spam the channel with log messages.
Last time I used openvpn, it worked, however, that was before covid, since we have been working from home ever since, so I have not needed to use a tunnel. Unfortunately (fortunately, actually), that has been almost 6 1/2 years.
So when I got home, I started testing using the wifi connection in the house, which is on a DMZ on my pfsense firewall. By default, the DMZ only routes to the WAN, so to get to the internal network, I still need a vpn connection.
So in messing with it on the wifi link, what I found is that when I have tls-auth turned on (0 on the server/firewall, 1 on the client/laptop), it will give me a constant P_CONTROL_HARD_RESET_CLIENT_V2 error. If I run tcpdump on the firewall side, I see packets incoming from the laptop, but no responses going back out. However, if I turn off tls-auth on both sides, it connects just fine.
I tried generating new tls keys and sharing the new key to both client and server, but neither the old key nor the new work.
The server end is running on pfsense 2.8.1-RELEASE, and the client is running on FreeBSD 15.0-RELEASE-p6 (though the behavior was also on -p5). I know I could whack everything and install OPNsense with wireguard and set up that infrastructure, but that is a future me problem, and is on the todo list.
Anyone got suggestions of what might be the problem? I'm happy to provide more information, but didn't want to spam the channel with log messages.