It did not like the cipher that I was using, not enough bits, so I replaced:
old
cipher BF-CBC
new
cipher AES-128-CBC
Code: Select all
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Code: Select all
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]213.138.xxx.xxx:1194
VERIFY ERROR: depth=0, error=certificate signature failure: C=GB, ST=Greater London, O=XXX Ltd, OU=XXX, CN=bytemark.phcomp.co.uk, emailAddress=addw@phcomp.co.uk
OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
client
client
dev tun
proto udp
remote xxx
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca BYTEMARK-PHCOMP/keys/bytemark-ca.crt
cert BYTEMARK-PHCOMP/keys/freshmint.phcomp.co.uk.crt
key BYTEMARK-PHCOMP/keys/freshmint.phcomp.co.uk.key
tls-auth BYTEMARK-PHCOMP/keys/bytemark.phcomp.co.uk-ta.key 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
dev tun
proto udp
remote xxx
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca BYTEMARK-PHCOMP/keys/bytemark-ca.crt
cert BYTEMARK-PHCOMP/keys/freshmint.phcomp.co.uk.crt
key BYTEMARK-PHCOMP/keys/freshmint.phcomp.co.uk.key
tls-auth BYTEMARK-PHCOMP/keys/bytemark.phcomp.co.uk-ta.key 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
server
local x.x.x.x
port 1194
proto udp
dev tun
ca ca.crt
cert bytemark.phcomp.co.uk.crt
key bytemark.phcomp.co.uk.key
dh dh1024.pem
tls-auth ta.key 0
server 10.200.201.0 255.255.255.0
reneg-sec 60
keepalive 10 120
ifconfig-pool-persist External-ipp.txt
status openvpn-status.log
up "/etc/openvpn/AllowRunForwarding"
comp-lzo
cipher AES-128-CBC
user nobody
group nobody
persist-key
persist-tun
verb 1
client-config-dir bytemark-ServerClients
push "route 10.200.201.0 255.255.255.0"
port 1194
proto udp
dev tun
ca ca.crt
cert bytemark.phcomp.co.uk.crt
key bytemark.phcomp.co.uk.key
dh dh1024.pem
tls-auth ta.key 0
server 10.200.201.0 255.255.255.0
reneg-sec 60
keepalive 10 120
ifconfig-pool-persist External-ipp.txt
status openvpn-status.log
up "/etc/openvpn/AllowRunForwarding"
comp-lzo
cipher AES-128-CBC
user nobody
group nobody
persist-key
persist-tun
verb 1
client-config-dir bytemark-ServerClients
push "route 10.200.201.0 255.255.255.0"
client specific
ifconfig-push 10.200.201.8 10.200.201.1