OVPN (Roadwarrior) Handshake Problem

focmin93 · 7 December 2020 10:50

Hello there,

here the next VPN problem. Since the last update of the ipFire the OVPN connections doesn’t work anymore.
I allready have deleted all connections and also the certificates and generated everything new. But wihtout any result.
The ipFire is installed behind a FritzBox from Vodafone with an static ip address and is configured as exposed host.
Does anyone have the same problem and solved it?

Kind regards Andre

ummeegge · 7 December 2020 13:48

Hi Andre,
the last update didn´t include OpenVPN changes as far as i know --> https://blog.ipfire.org/post/ipfire-2-25-core-update-152-released --> https://git.ipfire.org/?p=ipfire-2.x.git;a=shortlog;h=refs/heads/core152 . So there is probably somewhere else the problem.

A better help can also be given if you have log portions of the problem, best, from server and client side.

Best,

Erik

focmin93 · 11 December 2020 15:01

Hi Erik,

thanks for the quick response. What about the update before. Did this had any changes to OpenVPN. When I updated the ipFire I had to make two version steps.

And the next question do I have to make any rules to get the tunnel up?

THX Andre

ummeegge · 11 December 2020 16:57

Hi Andre,
your welcome.

no also not, the upcoming core update includes also an OpenVPN update. The last changes has been made with Core 149 --> https://blog.ipfire.org/post/ipfire-2-25-core-update-149-released whereby tls-version min has been set to TLSv1.2 .

I don´t think so if you have had before also none.

May you have some log portions of the problem ?

Best,

Erik

focmin93 · 16 December 2020 12:09

Hi Erik,

as written on top of this threat I’m using the ipFire behind a FritzBox 6591 Cable from Vodafone Business. This means that I have 4 static ip addresses. I have configured the RED interface to one of this addresses and the gateway is the ip address of the FritzBox. The ipFire is also a exposed host on the FritzBox, but it is shown on the FritzBox with a different ip address than I have configured on the RED interface.
Do I have to configure the RED interface different, because it is not possible to receive a ping.

THX Andre

krasnal · 16 December 2020 18:09

Erik has asked for log entries showing the problem but I see you have provided none. Unfortunately, without hard information, like logs, it’s very difficult to know what is happening. In addition, your last post talks about various IP addresses without actually mentioning what they actually are. These details can be important.