[pfSense] OpenVPN with pfSense and TLS handshake problems

Sat, 23 Dec 2017 17:00:07 -0800 

Hi,

I've tried to set up a VPN tunnel using the this guide (
https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/#additional
) which covers the setting up of the tunnel and relative firewall rules
for ExpressVPN. However, it seems like I was having trouble at the early
stages (where it says "Confirm connection success". Instead of seeing
"UP" under "status" when I go to STATUS > OPENVPN, I see "reconnecting;
tls-error".

Inspection of the logs reveals several batches of the following:

Dec 24 00:53:16         openvpn         10563   Restart pause, 2 second(s)
Dec 24 00:53:16         openvpn         10563   SIGUSR1[soft,tls-error] 
received,
process restarting
Dec 24 00:53:16         openvpn         10563   TLS Error: TLS handshake failed
Dec 24 00:53:16         openvpn         10563   TLS Error: TLS object -> 
incoming
plaintext read error
Dec 24 00:53:16         openvpn         10563   TLS_ERROR: BIO read 
tls_read_plaintext
error
Dec 24 00:53:16         openvpn         10563   OpenSSL: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Dec 24 00:53:16         openvpn         10563   VERIFY ERROR: depth=0, 
error=unable to
get local issuer certificate: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN,
CN=Server-2720-0a, [email protected]
Dec 24 00:53:16         openvpn         10563   TLS: Initial packet from
[AF_INET]185.183.105.216:1195, sid=83a90840 8590b2bf
Dec 24 00:53:16         openvpn         10563   UDPv4 link remote:
[AF_INET]185.183.105.216:1195
Dec 24 00:53:16         openvpn         10563   UDPv4 link local (bound):
[AF_INET]192.168.0.2
Dec 24 00:53:16         openvpn         10563   Socket Buffers: 
R=[42080->524288]
S=[57344->524288]
Dec 24 00:53:16         openvpn         10563   NOTE: the current 
--script-security
setting may allow this configuration to call user-defined scripts

I have the same setup with dd-WRT and its working fine. So it can't be a
problem with ExpressVPN. Any suggestions. THey have this web page (
https://www.expressvpn.com/support/troubleshooting/log-items/unable-to-connect-tls-handshake-failed/
) for

TLS handshake problem but its generic and windows oriented so pretty
much useless.


Thanks for any suggestion or help you may be able to provide.


-- 


Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to