Hi @suschi ,
{i posted the last paragraph in the wrong topic, don´t get confused have already deleted it}
so your CRL is updated and can be used until Aug 7 , can you try to connect with your VPN client another time and if possible, run a
tail -f /var/log/messages | grep openvpn
before to get a real time log of the connection attempt so you can post the results if it is not working ?
Hello Erik,
I executed the command in the console and tried to establish a connection with the VPN client (Windows 10) but nothing happened.
Neither the connection works nor does anything happen on the console
You are trying to connect from a local IP 192.168.0.200 which won´t work if you are going from green0 to green0 since IPFire does not operate in bridged mode but in routing mode. If you are trying it from blue0 to green0 this might work, may the FW needs then to be adapted since
2024-07-08 11:13:05 UDP link local: (not bound)
2024-07-08 11:13:05 UDP link remote: [AF_INET]192.168.0.200:1194
OK,
What I donât understand is that it used to work (2-3 weeks ago) and now it doesnât anymore. There are no computers in the green network, all of them are in blue.
I seem to remember that I activated the TLS channel security for this current problem and then nothing worked anymore.
The two Ipfire machines connect at certain times with IPSec and that works well. I can then go from 192.168.2.x to 192.168.3.x without any problems and the server can then make a backup.
In addition, I connected the 192.168.3.x network to 192.168.2.x via the Windows VPN Client (OpenVPN) and that worked great. But not until recently.
If something is wrong with the TLS-Channel security something like TLS Error: cannot locate HMAC in incoming packet from
will apear. If you do not get any logs from server side from the connection attempt, it looks like
you have the wrong âLocal VPN Hostname/IPâ or
the firewall blocks the connection attempts.
If everything is in blue, you will have the same problem if everything is in green. The LAN subnets which you want to reach via OpenVPN needs to be different. Your first questions in this thread does include the same error like the last one TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
so i don´t know where you get the CRL error from but in any case you would need an existing connection attempt to get those kind of errors which is now not the case.
So it might be an idea if you check the above mentioned points for your infrastructure.
No it does not. From where to where you want to communicate ?
If the FW drops the connection attempt you can see it in the FW logs too. But please check the above written and check your subnets. If you have âOpenVPN auf Rotâ active and for âLokaler VPN Hostname/IPâ is configured for a LAN IP, no FW rules will manage blue0 â green0 since red0 is not blue0.
If there are no openvpn logs, then nothing is getting into Red. (assuming it is 192.168.0.200). Have you done something to prevent RFC1918 addressed being accepted by Red? Perhaps a new or updated blocklist?
So now I always connect the two Ipfire machines manually via the root console using IPSec.
The OpenVPN doesnât work and I canât get it to work.
Then I have to do it this way. Thank you for your help anyway