Connect. OK with shared key and not with public and private

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See https://forums.openvpn.net/viewtopic.php?f=30&t=21589 for an example.
jc.lanza@gmail.com
OpenVpn Newbie
Posts: 1
Joined: Thu Nov 07, 2013 9:46 am

Connect. OK with shared key and not with public and private

Postby jc.lanza@gmail.com » Thu Nov 07, 2013 10:53 am

Hello everybody
here is my problem
I'm working on Windows 2008 server for the Openvpn server(located in Africa), and Windows 7 for the client (located in France)
I have configured my Openpvn using, shared key and, public and private keys
With the first config, shared key, it's ok, connection ok, and I can do my job
With the 2sd config, public and private key, I can do any access

for the "public, private keys" config, I used those same parameters as in the shared keys :
port 1195
same network and tap card
same openvpn server
nat translation on the router is OK


the second config, (with private and public keys)
is :
on the african windows/openvpn server
local 192.168.100.152 1195
port 1195
proto udp

dev tap
dev-node tap

ca "keys\\ca.crt"
cert "keys\\server.crt"
key "keys\\server.key" # This file should be kept secret
dh "keys\\dh1024.pem"

server 172.31.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"

keepalive 10 120
comp-lzo
persist-key
persist-tun

status "c:\\program files\\openvpn\\log\\openvpn-status.log"
verb 4


on the frensh widows 7 client :

client

dev tap
dev-node tap
proto udp

remote myremoteserver 1195
resolv-retry infinite
persist-key
persist-tun

ca "keys\\ca.crt"
cert "keys\\client1.crt"
key "keys\\client1.key"
ns-cert-type server

comp-lzo
verb 4

--------------------------------
I tryed to use UDP and TCP
here is the client log (partial)

with UDP
OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
LZO compression initialized
Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options hash (VER=V4): 'd79ca330'
Expected Remote Options hash (VER=V4): 'f7df56b8'
Socket Buffers: R=[8192->8192] S=[8192->8192]
UDPv4 link local (bound): [undef]:1195
UDPv4 link remote: myremoteserver:1195

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 2 second(s)
Re-using SSL/TLS context
LZO compression initialized
Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Local Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

Expected Remote Options String: 'V4,dev-type tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options hash (VER=V4): 'd79ca330'
Expected Remote Options hash (VER=V4): 'f7df56b8'
Socket Buffers: R=[8192->8192] S=[8192->8192]
UDPv4 link local (bound): [undef]:1195
UDPv4 link remote: myremoteserver:1195
TCP/UDP: Closing socket
SIGTERM[hard,] received, process exiting


with TCP
OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
LZO compression initialized
Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Local Options hash (VER=V4): '31fdf004'
Expected Remote Options hash (VER=V4): '3e6d1056'
Attempting to establish TCP connection with myremoteserver:1195
TCP: connect to myremoteserver:1195 failed, will try again in 5 seconds
TCP/UDP: Closing socket
SIGTERM[hard,init_instance] received, process exiting


I have configured another client (client2) on the same network server, with the same client configuration information (exept client keys and remote IP), and it's fonctionning

I can ping my "myremoteserver" from my workstation
I looked all information given in case of :
1) "TCP: connect to myremoteserver:1195 failed, will try again in 5 seconds", but no change,
2) "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed", but no change

any idea ?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2436
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connect. OK with shared key and not with public and private

Postby TinCanTech » Thu Jun 15, 2017 12:50 pm

Did you manage to fix this ?


Return to “Configuration”

Who is online

Users browsing this forum: asweo and 3 guests