TLS Key Negotiation Failed

[distance]

Hello,

I have tried to set up OpenVPN about 5 times on my server, none have worked. I am doing everything correctly (or so I think), but when I put the files in the 'config' folder on my computer and connect, all I get is the 60 second timeout and "TLS Key Negotiation Failed (handshake failed)."

I'm running Ubuntu 15.04 on my server and Windows 10 on my PC.

Here is my client.ovpn file:
http://pastebin.com/f3EFMtfW

Here is my server.conf file:
http://pastebin.com/4qZs8B63

Here is my OpenVPN client log:
http://pastebin.com/Q4180UwC

What I've already tried:

• Opening TCP/UDP port 1194 (server side)
• Adding anti-malware and firewall exceptions on my PC
• Running the GUI as an administrator and in compatibility mode

Any and all help is greatly appreciated.

[maikcat]

please post configs (without comments) here.

also post logs.

Michael.

[Traffic]

Your client log (Line 1):

Thu Aug 27 04:12:37 2015 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client.log: Access is denied. (errno=5)

Not running as administrator ..

Also, how did you install OpenVPN .. I thought Windows 10 blocked the installation of the TAP driver ?
https://community.openvpn.net/openvpn/ticket/592

[distance]

Your client log (Line 1):

Thu Aug 27 04:12:37 2015 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client.log: Access is denied. (errno=5)

Not running as administrator ..

Also, how did you install OpenVPN .. I thought Windows 10 blocked the installation of the TAP driver ?
https://community.openvpn.net/openvpn/ticket/592

No, downloaded the installer and ran it, prompted me to install the TAP driver. I have it pre-set to run as an administrator.

please post configs (without comments) here.

also post logs.

Michael.

I have posted the configs, their in the Pastebin links.

[distance]

please post configs (without comments) here.

also post logs.

Michael.

client.ovpn:

client
dev tun
proto udp
remote 103.250.80.13 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert test.crt
key test.key
ns-cert-type server
verb 3

server.conf

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 4.4.4.4"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
verb 3
persist-key
persist-tun
status openvpn-status.log

Client Log (Windows 10, ran as administrator, TAP drivers installed):

Thu Aug 27 04:12:37 2015 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\client.log: Access is denied. (errno=5)
Thu Aug 27 04:12:37 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Thu Aug 27 04:12:37 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Thu Aug 27 04:12:37 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Aug 27 04:12:37 2015 Need hold release from management interface, waiting...
Thu Aug 27 04:12:37 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Aug 27 04:12:37 2015 MANAGEMENT: CMD 'state on'
Thu Aug 27 04:12:37 2015 MANAGEMENT: CMD 'log all on'
Thu Aug 27 04:12:37 2015 MANAGEMENT: CMD 'hold off'
Thu Aug 27 04:12:37 2015 MANAGEMENT: CMD 'hold release'
Thu Aug 27 04:12:38 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 27 04:12:38 2015 UDPv4 link local: [undef]
Thu Aug 27 04:12:38 2015 UDPv4 link remote: [AF_INET]103.250.80.13:1194
Thu Aug 27 04:12:38 2015 MANAGEMENT: >STATE:1440663158,WAIT,,,
Thu Aug 27 04:13:38 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Aug 27 04:13:38 2015 TLS Error: TLS handshake failed
Thu Aug 27 04:13:38 2015 SIGUSR1[soft,tls-error] received, process restarting
Thu Aug 27 04:13:38 2015 MANAGEMENT: >STATE:1440663218,RECONNECTING,tls-error,,
Thu Aug 27 04:13:38 2015 Restart pause, 2 second(s)
Thu Aug 27 04:13:40 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 27 04:13:40 2015 UDPv4 link local: [undef]
Thu Aug 27 04:13:40 2015 UDPv4 link remote: [AF_INET]103.250.80.13:1194
Thu Aug 27 04:13:40 2015 MANAGEMENT: >STATE:1440663220,WAIT,,,
Thu Aug 27 04:14:40 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Aug 27 04:14:40 2015 TLS Error: TLS handshake failed
Thu Aug 27 04:14:40 2015 SIGUSR1[soft,tls-error] received, process restarting
Thu Aug 27 04:14:40 2015 MANAGEMENT: >STATE:1440663280,RECONNECTING,tls-error,,
Thu Aug 27 04:14:40 2015 Restart pause, 2 second(s)
Thu Aug 27 04:14:42 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 27 04:14:42 2015 UDPv4 link local: [undef]
Thu Aug 27 04:14:42 2015 UDPv4 link remote: [AF_INET]103.250.80.13:1194
Thu Aug 27 04:14:42 2015 MANAGEMENT: >STATE:1440663282,WAIT,,,
Thu Aug 27 04:15:42 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Aug 27 04:15:42 2015 TLS Error: TLS handshake failed
Thu Aug 27 04:15:42 2015 SIGUSR1[soft,tls-error] received, process restarting
Thu Aug 27 04:15:42 2015 MANAGEMENT: >STATE:1440663342,RECONNECTING,tls-error,,
Thu Aug 27 04:15:42 2015 Restart pause, 2 second(s)
Thu Aug 27 04:15:44 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 27 04:15:44 2015 UDPv4 link local: [undef]
Thu Aug 27 04:15:44 2015 UDPv4 link remote: [AF_INET]103.250.80.13:1194
Thu Aug 27 04:15:44 2015 MANAGEMENT: >STATE:1440663344,WAIT,,,

[maikcat]

i saw the pastebin links but while i am at work our policy filters out pastebin.....

so i suggested to post them here (as you did) as also forum rules suggests...


can you also post server side logs as well?

usually TLS based errors occur due to filtering packets along the way...

Michael.

[distance]

My OpenVPN magically works now...?

Here's what I did:

• Disabled ufw

  Code: Select all

  ufw disable /* since been re-enabled with no problems */

• Added an iptables exception

  Code: Select all

  iptables -A INPUT -p udp --dport 1194 -j ACCEPT

• Changed the server.conf

  Code: Select all

  log-append /var/log/openvpn.log

Still don't realize how I got it to work considering when I added an iptables exception for the first time it didn't work. It only worked after I changed the rules of the log in the server.conf. Very strange...