0

I am attempting to connect to an openVPN server that I created on pfSense 2.2.3 by using tunnelblick on my Macbook. Whenever I attempt to connect using either OpenVPN version 2.3.6 or 2.3.7 (all that is available on this version of tunnelblick), the openVPN server receives the packet that starts the TCP handshake to establish a connection, but never responds to it. I have pasted the log of what happens whenever a connection is attempted below. I am unsure of what the problem could be at this point, please let me know if any more information is required to help resolve this issue.

> 2015-07-07 16:28:28 OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)]
> [LZO] [PKCS11] [MH] [IPv6] built on Jun 12 2015 2015-07-07 16:28:28
> library versions: OpenSSL 1.0.2c 12 Jun 2015, LZO 2.09 2015-07-07
> 16:28:28 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
> 2015-07-07 16:28:28 Need hold release from management interface,
> waiting... 2015-07-07 16:28:26 *Tunnelblick: OS X 10.7.5; Tunnelblick
> 3.6beta06 (build 4346) 2015-07-07 16:28:27 *Tunnelblick: Attempting connection with config using shadow copy; Set nameserver = 1;
> monitoring connection 2015-07-07 16:28:27 *Tunnelblick: openvpnstart
> start config.tblk 1337 1 0 1 0 16688 -ptADGNWradsgnw 2.3.6 2015-07-07
> 16:28:30 *Tunnelblick: openvpnstart log:
>      OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
>      
>           /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6/openvpn
>           --daemon
>           --log
>           /Library/Application Support/Tunnelblick/Logs/-SUsers-Scw-SLibrary-SApplication
> Support-STunnelblick-SConfigurations-Sconfig.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_16688.1337.openvpn.log
>           --cd
>           /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
>           --verb
>           3
>           --config
>           /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources/config.ovpn
>           --cd
>           /Library/Application Support/Tunnelblick/Users/cw/config.tblk/Contents/Resources
>           --management
>           127.0.0.1
>           1337
>           --management-query-passwords
>           --management-hold
>           --script-security
>           2
>           --up
>           /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh
> -d -f -m -w -ptADGNWradsgnw
>           --down
>           /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh
> -d -f -m -w -ptADGNWradsgnw
> 
> 2015-07-07 16:28:27 *Tunnelblick: openvpnstart starting OpenVPN
> 2015-07-07 16:28:30 MANAGEMENT: Client connected from
> [AF_INET]127.0.0.1:1337 2015-07-07 16:28:30 *Tunnelblick: Established
> communication with OpenVPN 2015-07-07 16:28:30 MANAGEMENT: CMD 'pid'
> 2015-07-07 16:28:30 MANAGEMENT: CMD 'state on' 2015-07-07 16:28:30
> MANAGEMENT: CMD 'state' 2015-07-07 16:28:30 MANAGEMENT: CMD 'bytecount
> 1' 2015-07-07 16:28:30 MANAGEMENT: CMD 'hold release' 2015-07-07
> 16:28:30 NOTE: the current --script-security setting may allow this
> configuration to call user-defined scripts 2015-07-07 16:28:30 Socket
> Buffers: R=[262140->65536] S=[131070->65536] 2015-07-07 16:28:30
> Attempting to establish TCP connection with
> [AF_INET]128.151.18.205:443 [nonblock] 2015-07-07 16:28:30 MANAGEMENT:
> >STATE:1436300910,TCP_CONNECT,,, 2015-07-07 16:28:40 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:28:45 MANAGEMENT:
> >STATE:1436300925,TCP_CONNECT,,, 2015-07-07 16:28:55 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:00 MANAGEMENT:
> >STATE:1436300940,TCP_CONNECT,,, 2015-07-07 16:29:10 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:15 MANAGEMENT:
> >STATE:1436300955,TCP_CONNECT,,, 2015-07-07 16:29:25 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:30 MANAGEMENT:
> >STATE:1436300970,TCP_CONNECT,,, 2015-07-07 16:29:40 TCP: connect to [AF_INET]128.151.18.205:443 failed, will try again in 5 seconds:
> Operation timed out 2015-07-07 16:29:41 *Tunnelblick: Disconnecting;
> VPN Details… window disconnect button pressed 2015-07-07 16:29:41
> *Tunnelblick: Disconnecting using 'kill' 2015-07-07 16:29:42 SIGTERM[hard,init_instance] received, process exiting 2015-07-07
> 16:29:42 MANAGEMENT: >STATE:1436300982,EXITING,init_instance,,
> 2015-07-07 16:29:43 *Tunnelblick: No 'post-disconnect.sh' script to
> execute 2015-07-07 16:29:43 *Tunnelblick: Expected disconnection
> occurred.
Craig
  • 109
  • 1
  • 2
  • How have you verified that the server receives the TCP SYN packet? Doesn't send the SYN-ACK packet? The log you posted doesn't contain enough troubleshooting info, and contains too much other stuff. – austinian Jul 08 '15 at 00:29

1 Answers1

1

What are you seeing re: "receives the packet"? It doesn't appear it's responding at all. Try to telnet to the port where you're running OpenVPN.

Guessing maybe you didn't add a firewall rule on WAN allowing traffic to reach the OpenVPN server instance and it's getting blocked. You'll see that in the firewall log if that's the case.

You're best off using UDP, not TCP, unless you're in a situation where TCP is a requirement for some reason. But that's unrelated to the issue at hand.

Chris Buechler
  • 2,938
  • 14
  • 18