Server error; Authenticate/Decrypt packet error: packet HMAC authentication failed

[vpnstarter]

im trying to start vpn server on my OVH VPS,
i disabled the fiewall in the ovh windows,

i configed all, and moved the files to my client, now im trying to connect with my openvpn client, but i get this error in the openvpn SERVER;

server:
Authenticate/Decrypt packet error: packet HMAC authentication failed
TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:MYIP

and in the client i get this error:
at Apr 01 16:05:20 2017 Restart pause, 5 second(s)
Sat Apr 01 16:05:25 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 01 16:05:25 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 01 16:05:25 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]92.222.80.204:1194
Sat Apr 01 16:05:25 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 01 16:05:25 2017 UDP link local: (not bound)
Sat Apr 01 16:05:25 2017 UDP link remote: [AF_INET]92.222.80.204:1194
Sat Apr 01 16:05:25 2017 MANAGEMENT: >STATE:1491051925,WAIT,,,,,,
Sat Apr 01 16:06:25 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 01 16:06:25 2017 TLS Error: TLS handshake failed
Sat Apr 01 16:06:25 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 01 16:06:25 2017 MANAGEMENT: >STATE:1491051985,RECONNECTING,tls-error,,,,,
Sat Apr 01 16:06:25 2017 Restart pause, 5 second(s)


i tried to disable the tls-auth in the server file and in the client file but its not disabled... "tls-auth ta.key 0" its what i tried, its wont disable this error.
the time in client and the server computers is the same.
please help,
thanks

[TinCanTech]

Please see:
HOWTO: Request Help !

[vpnstarter]

View OriginalSERVER

;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
;topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
;push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
tls-auth ta.key 0
cipher AES-256-CBC
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
;max-clients 100
;user nobody
;group nobody
;log openvpn.log
;log-append openvpn.log
verb 4
;mute 20
explicit-exit-notify 1

View OriginalCLIENT

client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto udp
remote 92.222.80.204 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert ovh.crt
key ovh.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
#comp-lzo
verb 3
;mute 20

View OriginalSTART LOG OF SERVER

Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_private_mode = 00000000
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_cert_private = DISABLED
Sat Apr 01 18:22:26 2017 pkcs11_pin_cache_period = -1
Sat Apr 01 18:22:26 2017 pkcs11_id = '[UNDEF]'
Sat Apr 01 18:22:26 2017 pkcs11_id_management = DISABLED
Sat Apr 01 18:22:26 2017 server_network = 10.8.0.0
Sat Apr 01 18:22:26 2017 server_netmask = 255.255.255.0
Sat Apr 01 18:22:26 2017 server_network_ipv6 = ::
Sat Apr 01 18:22:26 2017 server_netbits_ipv6 = 0
Sat Apr 01 18:22:26 2017 server_bridge_ip = 0.0.0.0
Sat Apr 01 18:22:26 2017 server_bridge_netmask = 0.0.0.0
Sat Apr 01 18:22:26 2017 server_bridge_pool_start = 0.0.0.0
Sat Apr 01 18:22:26 2017 server_bridge_pool_end = 0.0.0.0
Sat Apr 01 18:22:26 2017 push_entry = 'route 10.8.0.1'
Sat Apr 01 18:22:26 2017 push_entry = 'topology net30'
Sat Apr 01 18:22:26 2017 push_entry = 'ping 10'
Sat Apr 01 18:22:26 2017 push_entry = 'ping-restart 120'
Sat Apr 01 18:22:26 2017 ifconfig_pool_defined = ENABLED
Sat Apr 01 18:22:26 2017 ifconfig_pool_start = 10.8.0.4
Sat Apr 01 18:22:26 2017 ifconfig_pool_end = 10.8.0.251
Sat Apr 01 18:22:26 2017 ifconfig_pool_netmask = 0.0.0.0
Sat Apr 01 18:22:26 2017 ifconfig_pool_persist_filename = 'ipp.txt'
Sat Apr 01 18:22:26 2017 ifconfig_pool_persist_refresh_freq = 600
Sat Apr 01 18:22:26 2017 ifconfig_ipv6_pool_defined = DISABLED
Sat Apr 01 18:22:26 2017 ifconfig_ipv6_pool_base = ::
Sat Apr 01 18:22:26 2017 ifconfig_ipv6_pool_netbits = 0
Sat Apr 01 18:22:26 2017 n_bcast_buf = 256
Sat Apr 01 18:22:26 2017 tcp_queue_limit = 64
Sat Apr 01 18:22:26 2017 real_hash_size = 256
Sat Apr 01 18:22:26 2017 virtual_hash_size = 256
Sat Apr 01 18:22:26 2017 client_connect_script = '[UNDEF]'
Sat Apr 01 18:22:26 2017 learn_address_script = '[UNDEF]'
Sat Apr 01 18:22:26 2017 client_disconnect_script = '[UNDEF]'
Sat Apr 01 18:22:26 2017 client_config_dir = '[UNDEF]'
Sat Apr 01 18:22:26 2017 ccd_exclusive = DISABLED
Sat Apr 01 18:22:26 2017 tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\1\'
Sat Apr 01 18:22:26 2017 push_ifconfig_defined = DISABLED
Sat Apr 01 18:22:26 2017 push_ifconfig_local = 0.0.0.0
Sat Apr 01 18:22:26 2017 push_ifconfig_remote_netmask = 0.0.0.0
Sat Apr 01 18:22:26 2017 push_ifconfig_ipv6_defined = DISABLED
Sat Apr 01 18:22:26 2017 push_ifconfig_ipv6_local = ::/0
Sat Apr 01 18:22:26 2017 push_ifconfig_ipv6_remote = ::
Sat Apr 01 18:22:26 2017 enable_c2c = DISABLED
Sat Apr 01 18:22:26 2017 duplicate_cn = DISABLED
Sat Apr 01 18:22:26 2017 cf_max = 0
Sat Apr 01 18:22:26 2017 cf_per = 0
Sat Apr 01 18:22:26 2017 max_clients = 1024
Sat Apr 01 18:22:26 2017 max_routes_per_client = 256
Sat Apr 01 18:22:26 2017 auth_user_pass_verify_script = '[UNDEF]'
Sat Apr 01 18:22:26 2017 auth_user_pass_verify_script_via_file = DISABLED
Sat Apr 01 18:22:26 2017 auth_token_generate = DISABLED
Sat Apr 01 18:22:26 2017 auth_token_lifetime = 0
Sat Apr 01 18:22:26 2017 client = DISABLED
Sat Apr 01 18:22:26 2017 pull = DISABLED
Sat Apr 01 18:22:26 2017 auth_user_pass_file = '[UNDEF]'
Sat Apr 01 18:22:26 2017 show_net_up = DISABLED
Sat Apr 01 18:22:26 2017 route_method = 0
Sat Apr 01 18:22:26 2017 block_outside_dns = DISABLED
Sat Apr 01 18:22:26 2017 ip_win32_defined = DISABLED
Sat Apr 01 18:22:26 2017 ip_win32_type = 3
Sat Apr 01 18:22:26 2017 dhcp_masq_offset = 0
Sat Apr 01 18:22:26 2017 dhcp_lease_time = 31536000
Sat Apr 01 18:22:26 2017 tap_sleep = 10
Sat Apr 01 18:22:26 2017 dhcp_options = DISABLED
Sat Apr 01 18:22:26 2017 dhcp_renew = DISABLED
Sat Apr 01 18:22:26 2017 dhcp_pre_release = DISABLED
Sat Apr 01 18:22:26 2017 domain = '[UNDEF]'
Sat Apr 01 18:22:26 2017 netbios_scope = '[UNDEF]'
Sat Apr 01 18:22:26 2017 netbios_node_type = 0
Sat Apr 01 18:22:26 2017 disable_nbt = DISABLED
Sat Apr 01 18:22:26 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sat Apr 01 18:22:26 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 01 18:22:26 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sat Apr 01 18:22:26 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 01 18:22:26 2017 Need hold release from management interface, waiting...
Sat Apr 01 18:22:27 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 01 18:22:27 2017 MANAGEMENT: CMD 'state on'
Sat Apr 01 18:22:27 2017 MANAGEMENT: CMD 'log all on'
Sat Apr 01 18:22:27 2017 MANAGEMENT: CMD 'echo all on'
Sat Apr 01 18:22:27 2017 MANAGEMENT: CMD 'hold off'
Sat Apr 01 18:22:27 2017 MANAGEMENT: CMD 'hold release'
Sat Apr 01 18:22:27 2017 Diffie-Hellman initialized with 2048 bit key
Sat Apr 01 18:22:27 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 01 18:22:27 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 01 18:22:27 2017 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sat Apr 01 18:22:27 2017 interactive service msg_channel=0
Sat Apr 01 18:22:27 2017 ROUTE_GATEWAY 92.222.64.1
Sat Apr 01 18:22:27 2017 open_tun
Sat Apr 01 18:22:27 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1F6C8FF6-85C5-4EBE-87D8-695553229603}.tap
Sat Apr 01 18:22:27 2017 TAP-Windows Driver Version 9.21
Sat Apr 01 18:22:27 2017 TAP-Windows MTU=1500
Sat Apr 01 18:22:27 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {1F6C8FF6-85C5-4EBE-87D8-695553229603} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sat Apr 01 18:22:27 2017 Sleeping for 10 seconds...
Sat Apr 01 18:22:37 2017 Successful ARP Flush on interface [17] {1F6C8FF6-85C5-4EBE-87D8-695553229603}
Sat Apr 01 18:22:37 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Apr 01 18:22:37 2017 MANAGEMENT: >STATE:1491060157,ASSIGN_IP,,10.8.0.1,,,,
Sat Apr 01 18:22:37 2017 MANAGEMENT: >STATE:1491060157,ADD_ROUTES,,,,,,
Sat Apr 01 18:22:37 2017 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sat Apr 01 18:22:37 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sat Apr 01 18:22:37 2017 Route addition via IPAPI succeeded [adaptive]
Sat Apr 01 18:22:37 2017 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sat Apr 01 18:22:37 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sat Apr 01 18:22:37 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 01 18:22:37 2017 setsockopt(IPV6_V6ONLY=0)
Sat Apr 01 18:22:37 2017 UDPv6 link local (bound): [AF_INET6][undef]:1194
Sat Apr 01 18:22:37 2017 UDPv6 link remote: [AF_UNSPEC]
Sat Apr 01 18:22:37 2017 MULTI: multi_init called, r=256 v=256
Sat Apr 01 18:22:37 2017 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sat Apr 01 18:22:37 2017 IFCONFIG POOL LIST
Sat Apr 01 18:22:37 2017 Initialization Sequence Completed
Sat Apr 01 18:22:37 2017 MANAGEMENT: >STATE:1491060157,CONNECTED,SUCCESS,10.8.0.1,,,,
Sat Apr 01 18:24:49 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:24:49 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:62289
Sat Apr 01 18:24:52 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:24:52 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:62289
Sat Apr 01 18:24:55 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:24:55 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:62289
Sat Apr 01 18:25:04 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:25:04 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:62289
Sat Apr 01 18:25:19 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:25:19 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:62289
Sat Apr 01 18:25:54 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:25:54 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:49697
Sat Apr 01 18:25:56 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:25:56 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:49697
Sat Apr 01 18:26:01 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:26:01 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:49697
Sat Apr 01 18:26:08 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:26:08 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:49697

View OriginalSTART LOG OF CLIENT

Sat Apr 01 18:24:15 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sat Apr 01 18:24:15 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Apr 01 18:24:15 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sat Apr 01 18:24:15 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Apr 01 18:24:15 2017 Need hold release from management interface, waiting...
Sat Apr 01 18:24:15 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Apr 01 18:24:15 2017 MANAGEMENT: CMD 'state on'
Sat Apr 01 18:24:15 2017 MANAGEMENT: CMD 'log all on'
Sat Apr 01 18:24:15 2017 MANAGEMENT: CMD 'echo all on'
Sat Apr 01 18:24:15 2017 MANAGEMENT: CMD 'hold off'
Sat Apr 01 18:24:15 2017 MANAGEMENT: CMD 'hold release'
Sat Apr 01 18:24:21 2017 MANAGEMENT: CMD 'password [...]'
Sat Apr 01 18:24:21 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Apr 01 18:24:21 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 01 18:24:21 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Apr 01 18:24:21 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]92.222.80.204:1194
Sat Apr 01 18:24:21 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 01 18:24:21 2017 UDP link local: (not bound)
Sat Apr 01 18:24:21 2017 UDP link remote: [AF_INET]92.222.80.204:1194
Sat Apr 01 18:24:21 2017 MANAGEMENT: >STATE:1491060261,WAIT,,,,,,
Sat Apr 01 18:25:21 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 01 18:25:21 2017 TLS Error: TLS handshake failed
Sat Apr 01 18:25:21 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 01 18:25:21 2017 MANAGEMENT: >STATE:1491060321,RECONNECTING,tls-error,,,,,
Sat Apr 01 18:25:21 2017 Restart pause, 5 second(s)
Sat Apr 01 18:25:26 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]92.222.80.204:1194
Sat Apr 01 18:25:26 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Apr 01 18:25:26 2017 UDP link local: (not bound)
Sat Apr 01 18:25:26 2017 UDP link remote: [AF_INET]92.222.80.204:1194
Sat Apr 01 18:25:26 2017 MANAGEMENT: >STATE:1491060326,WAIT,,,,,,

[vpnstarter]

More Info,
in the server i use Windows 2012 R2
in the client i use Windows 10
if you need more info, im here
please help me,
thanks

[TiTex]

try removing 'remote-cert-tls server' from your client config , and also check if all your files are in the folder where the config is , cert,key,ca,ta.key (hmac) , and check if the correct data is in them

[TinCanTech]

Because of this:

Server Log:
Sat Apr 01 18:22:37 2017 Initialization Sequence Completed
Sat Apr 01 18:22:37 2017 MANAGEMENT: >STATE:1491060157,CONNECTED,SUCCESS,10.8.0.1,,,,

being immediately followed by this:

Server Log:
Sat Apr 01 18:24:49 2017 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sat Apr 01 18:24:49 2017 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:79.176.167.68:62289

I think the --tls-auth file might be the wrong one

[Pippin]

ta.key is the same file on both sides?
To disable tls-auth, remove it from server and client configs.

[vpnstarter]

Thanks for help, i think the ta.key in the client not was the same file, now its fixed - but i have new error, please help
the client is connected but i get same ip, its wont change, and in the server i get some error after client is connecting:

View OriginalCLIENT START LOG

Sun Apr 02 14:51:04 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sun Apr 02 14:51:04 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Apr 02 14:51:04 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sun Apr 02 14:51:04 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 02 14:51:04 2017 Need hold release from management interface, waiting...
Sun Apr 02 14:51:04 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 02 14:51:04 2017 MANAGEMENT: CMD 'state on'
Sun Apr 02 14:51:04 2017 MANAGEMENT: CMD 'log all on'
Sun Apr 02 14:51:04 2017 MANAGEMENT: CMD 'echo all on'
Sun Apr 02 14:51:04 2017 MANAGEMENT: CMD 'hold off'
Sun Apr 02 14:51:04 2017 MANAGEMENT: CMD 'hold release'
Sun Apr 02 14:51:08 2017 MANAGEMENT: CMD 'password [...]'
Sun Apr 02 14:51:08 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr 02 14:51:08 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 02 14:51:08 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 02 14:51:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]92.222.80.204:1194
Sun Apr 02 14:51:08 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 02 14:51:08 2017 UDP link local: (not bound)
Sun Apr 02 14:51:08 2017 UDP link remote: [AF_INET]92.222.80.204:1194
Sun Apr 02 14:51:08 2017 MANAGEMENT: >STATE:1491133868,WAIT,,,,,,
Sun Apr 02 14:51:09 2017 MANAGEMENT: >STATE:1491133869,AUTH,,,,,,
Sun Apr 02 14:51:09 2017 TLS: Initial packet from [AF_INET]92.222.80.204:1194, sid=88257f8e 71d6b72a
Sun Apr 02 14:51:09 2017 VERIFY OK: depth=1, CN=OpenVPN-OVH, emailAddress=ovh@ovh
Sun Apr 02 14:51:09 2017 VERIFY KU OK
Sun Apr 02 14:51:09 2017 Validating certificate extended key usage
Sun Apr 02 14:51:09 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 02 14:51:09 2017 VERIFY EKU OK
Sun Apr 02 14:51:09 2017 VERIFY OK: depth=0, CN=server, name=server
Sun Apr 02 14:51:09 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sun Apr 02 14:51:09 2017 [server] Peer Connection Initiated with [AF_INET]92.222.80.204:1194
Sun Apr 02 14:51:10 2017 MANAGEMENT: >STATE:1491133870,GET_CONFIG,,,,,,
Sun Apr 02 14:51:10 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Apr 02 14:51:10 2017 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Sun Apr 02 14:51:10 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sun Apr 02 14:51:10 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 02 14:51:10 2017 OPTIONS IMPORT: route options modified
Sun Apr 02 14:51:10 2017 OPTIONS IMPORT: peer-id set
Sun Apr 02 14:51:10 2017 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Apr 02 14:51:10 2017 OPTIONS IMPORT: data channel crypto options modified
Sun Apr 02 14:51:10 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 02 14:51:10 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 02 14:51:10 2017 interactive service msg_channel=992
Sun Apr 02 14:51:10 2017 ROUTE_GATEWAY 10.0.0.138/255.255.255.0 I=14 HWADDR=02:1d:65:d1:5a:25
Sun Apr 02 14:51:10 2017 open_tun
Sun Apr 02 14:51:10 2017 TAP-WIN32 device [‏‏Ethernet 4] opened: \\.\Global\{74F6FED0-0233-4A29-82EF-314C63F7A2F5}.tap
Sun Apr 02 14:51:10 2017 TAP-Windows Driver Version 9.21
Sun Apr 02 14:51:10 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {74F6FED0-0233-4A29-82EF-314C63F7A2F5} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sun Apr 02 14:51:10 2017 Successful ARP Flush on interface [13] {74F6FED0-0233-4A29-82EF-314C63F7A2F5}
Sun Apr 02 14:51:10 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Apr 02 14:51:10 2017 MANAGEMENT: >STATE:1491133870,ASSIGN_IP,,10.8.0.6,,,,
Sun Apr 02 14:51:15 2017 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Sun Apr 02 14:51:15 2017 MANAGEMENT: >STATE:1491133875,ADD_ROUTES,,,,,,
Sun Apr 02 14:51:15 2017 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sun Apr 02 14:51:15 2017 Route addition via service succeeded
Sun Apr 02 14:51:15 2017 Initialization Sequence Completed
Sun Apr 02 14:51:15 2017 MANAGEMENT: >STATE:1491133875,CONNECTED,SUCCESS,10.8.0.6,92.222.80.204,1194,,

View OriginalSERVER START LOG

Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_private_mode = 00000000
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_cert_private = DISABLED
Sun Apr 02 14:50:59 2017 pkcs11_pin_cache_period = -1
Sun Apr 02 14:50:59 2017 pkcs11_id = '[UNDEF]'
Sun Apr 02 14:50:59 2017 pkcs11_id_management = DISABLED
Sun Apr 02 14:50:59 2017 server_network = 10.8.0.0
Sun Apr 02 14:50:59 2017 server_netmask = 255.255.255.0
Sun Apr 02 14:50:59 2017 server_network_ipv6 = ::
Sun Apr 02 14:50:59 2017 server_netbits_ipv6 = 0
Sun Apr 02 14:50:59 2017 server_bridge_ip = 0.0.0.0
Sun Apr 02 14:50:59 2017 server_bridge_netmask = 0.0.0.0
Sun Apr 02 14:50:59 2017 server_bridge_pool_start = 0.0.0.0
Sun Apr 02 14:50:59 2017 server_bridge_pool_end = 0.0.0.0
Sun Apr 02 14:50:59 2017 push_entry = 'route 10.8.0.1'
Sun Apr 02 14:50:59 2017 push_entry = 'topology net30'
Sun Apr 02 14:50:59 2017 push_entry = 'ping 10'
Sun Apr 02 14:50:59 2017 push_entry = 'ping-restart 120'
Sun Apr 02 14:50:59 2017 ifconfig_pool_defined = ENABLED
Sun Apr 02 14:50:59 2017 ifconfig_pool_start = 10.8.0.4
Sun Apr 02 14:50:59 2017 ifconfig_pool_end = 10.8.0.251
Sun Apr 02 14:50:59 2017 ifconfig_pool_netmask = 0.0.0.0
Sun Apr 02 14:50:59 2017 ifconfig_pool_persist_filename = 'ipp.txt'
Sun Apr 02 14:50:59 2017 ifconfig_pool_persist_refresh_freq = 600
Sun Apr 02 14:50:59 2017 ifconfig_ipv6_pool_defined = DISABLED
Sun Apr 02 14:50:59 2017 ifconfig_ipv6_pool_base = ::
Sun Apr 02 14:50:59 2017 ifconfig_ipv6_pool_netbits = 0
Sun Apr 02 14:50:59 2017 n_bcast_buf = 256
Sun Apr 02 14:50:59 2017 tcp_queue_limit = 64
Sun Apr 02 14:50:59 2017 real_hash_size = 256
Sun Apr 02 14:50:59 2017 virtual_hash_size = 256
Sun Apr 02 14:50:59 2017 client_connect_script = '[UNDEF]'
Sun Apr 02 14:50:59 2017 learn_address_script = '[UNDEF]'
Sun Apr 02 14:50:59 2017 client_disconnect_script = '[UNDEF]'
Sun Apr 02 14:50:59 2017 client_config_dir = '[UNDEF]'
Sun Apr 02 14:50:59 2017 ccd_exclusive = DISABLED
Sun Apr 02 14:50:59 2017 tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\1\'
Sun Apr 02 14:50:59 2017 push_ifconfig_defined = DISABLED
Sun Apr 02 14:50:59 2017 push_ifconfig_local = 0.0.0.0
Sun Apr 02 14:50:59 2017 push_ifconfig_remote_netmask = 0.0.0.0
Sun Apr 02 14:50:59 2017 push_ifconfig_ipv6_defined = DISABLED
Sun Apr 02 14:50:59 2017 push_ifconfig_ipv6_local = ::/0
Sun Apr 02 14:50:59 2017 push_ifconfig_ipv6_remote = ::
Sun Apr 02 14:50:59 2017 enable_c2c = DISABLED
Sun Apr 02 14:50:59 2017 duplicate_cn = DISABLED
Sun Apr 02 14:50:59 2017 cf_max = 0
Sun Apr 02 14:50:59 2017 cf_per = 0
Sun Apr 02 14:50:59 2017 max_clients = 1024
Sun Apr 02 14:50:59 2017 max_routes_per_client = 256
Sun Apr 02 14:50:59 2017 auth_user_pass_verify_script = '[UNDEF]'
Sun Apr 02 14:50:59 2017 auth_user_pass_verify_script_via_file = DISABLED
Sun Apr 02 14:50:59 2017 auth_token_generate = DISABLED
Sun Apr 02 14:50:59 2017 auth_token_lifetime = 0
Sun Apr 02 14:50:59 2017 client = DISABLED
Sun Apr 02 14:50:59 2017 pull = DISABLED
Sun Apr 02 14:50:59 2017 auth_user_pass_file = '[UNDEF]'
Sun Apr 02 14:50:59 2017 show_net_up = DISABLED
Sun Apr 02 14:50:59 2017 route_method = 0
Sun Apr 02 14:50:59 2017 block_outside_dns = DISABLED
Sun Apr 02 14:50:59 2017 ip_win32_defined = DISABLED
Sun Apr 02 14:50:59 2017 ip_win32_type = 3
Sun Apr 02 14:50:59 2017 dhcp_masq_offset = 0
Sun Apr 02 14:50:59 2017 dhcp_lease_time = 31536000
Sun Apr 02 14:50:59 2017 tap_sleep = 10
Sun Apr 02 14:50:59 2017 dhcp_options = DISABLED
Sun Apr 02 14:50:59 2017 dhcp_renew = DISABLED
Sun Apr 02 14:50:59 2017 dhcp_pre_release = DISABLED
Sun Apr 02 14:50:59 2017 domain = '[UNDEF]'
Sun Apr 02 14:50:59 2017 netbios_scope = '[UNDEF]'
Sun Apr 02 14:50:59 2017 netbios_node_type = 0
Sun Apr 02 14:50:59 2017 disable_nbt = DISABLED
Sun Apr 02 14:50:59 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sun Apr 02 14:50:59 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Apr 02 14:50:59 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sun Apr 02 14:50:59 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 02 14:50:59 2017 Need hold release from management interface, waiting...
Sun Apr 02 14:51:00 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 02 14:51:00 2017 MANAGEMENT: CMD 'state on'
Sun Apr 02 14:51:00 2017 MANAGEMENT: CMD 'log all on'
Sun Apr 02 14:51:00 2017 MANAGEMENT: CMD 'echo all on'
Sun Apr 02 14:51:00 2017 MANAGEMENT: CMD 'hold off'
Sun Apr 02 14:51:00 2017 MANAGEMENT: CMD 'hold release'
Sun Apr 02 14:51:00 2017 Diffie-Hellman initialized with 2048 bit key
Sun Apr 02 14:51:00 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 02 14:51:00 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Apr 02 14:51:00 2017 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Apr 02 14:51:00 2017 interactive service msg_channel=0
Sun Apr 02 14:51:00 2017 ROUTE_GATEWAY 92.222.64.1
Sun Apr 02 14:51:00 2017 open_tun
Sun Apr 02 14:51:00 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{1F6C8FF6-85C5-4EBE-87D8-695553229603}.tap
Sun Apr 02 14:51:00 2017 TAP-Windows Driver Version 9.21
Sun Apr 02 14:51:00 2017 TAP-Windows MTU=1500
Sun Apr 02 14:51:00 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {1F6C8FF6-85C5-4EBE-87D8-695553229603} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Sun Apr 02 14:51:00 2017 Sleeping for 10 seconds...
Sun Apr 02 14:51:10 2017 Successful ARP Flush on interface [17] {1F6C8FF6-85C5-4EBE-87D8-695553229603}
Sun Apr 02 14:51:10 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Apr 02 14:51:10 2017 MANAGEMENT: >STATE:1491133870,ASSIGN_IP,,10.8.0.1,,,,
Sun Apr 02 14:51:10 2017 MANAGEMENT: >STATE:1491133870,ADD_ROUTES,,,,,,
Sun Apr 02 14:51:10 2017 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Sun Apr 02 14:51:10 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Sun Apr 02 14:51:10 2017 Route addition via IPAPI succeeded [adaptive]
Sun Apr 02 14:51:10 2017 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sun Apr 02 14:51:10 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Sun Apr 02 14:51:10 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 02 14:51:10 2017 setsockopt(IPV6_V6ONLY=0)
Sun Apr 02 14:51:10 2017 UDPv6 link local (bound): [AF_INET6][undef]:1194
Sun Apr 02 14:51:10 2017 UDPv6 link remote: [AF_UNSPEC]
Sun Apr 02 14:51:10 2017 MULTI: multi_init called, r=256 v=256
Sun Apr 02 14:51:10 2017 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Sun Apr 02 14:51:10 2017 ifconfig_pool_read(), in='OVH,10.8.0.4', TODO: IPv6
Sun Apr 02 14:51:10 2017 succeeded -> ifconfig_pool_set()
Sun Apr 02 14:51:10 2017 IFCONFIG POOL LIST
Sun Apr 02 14:51:10 2017 OVH,10.8.0.4
Sun Apr 02 14:51:10 2017 Initialization Sequence Completed
Sun Apr 02 14:51:10 2017 MANAGEMENT: >STATE:1491133870,CONNECTED,SUCCESS,10.8.0.1,,,,
Sun Apr 02 14:51:38 2017 MULTI: multi_create_instance called
Sun Apr 02 14:51:38 2017 79.176.167.68 Re-using SSL/TLS context
Sun Apr 02 14:51:38 2017 79.176.167.68 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Apr 02 14:51:38 2017 79.176.167.68 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Sun Apr 02 14:51:38 2017 79.176.167.68 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sun Apr 02 14:51:38 2017 79.176.167.68 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sun Apr 02 14:51:38 2017 79.176.167.68 TLS: Initial packet from [AF_INET6]::ffff:79.176.167.68:54624, sid=9871a503 1591b66e
Sun Apr 02 14:51:38 2017 79.176.167.68 VERIFY OK: depth=1, CN=OpenVPN-OVH, emailAddress=ovh@ovh
Sun Apr 02 14:51:38 2017 79.176.167.68 VERIFY OK: depth=0, OU=OVH, CN=OVH, name=OVH
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_VER=2.4.1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_PLAT=win
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_PROTO=2
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_NCP=2
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_LZ4=1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_LZ4v2=1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_LZO=1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_COMP_STUB=1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_COMP_STUBv2=1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_TCPNL=1
Sun Apr 02 14:51:38 2017 79.176.167.68 peer info: IV_GUI_VER=OpenVPN_GUI_11
Sun Apr 02 14:51:38 2017 79.176.167.68 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Sun Apr 02 14:51:38 2017 79.176.167.68 [OVH] Peer Connection Initiated with [AF_INET6]::ffff:79.176.167.68:54624
Sun Apr 02 14:51:38 2017 OVH/79.176.167.68 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sun Apr 02 14:51:38 2017 OVH/79.176.167.68 MULTI: Learn: 10.8.0.6 -> OVH/79.176.167.68
Sun Apr 02 14:51:38 2017 OVH/79.176.167.68 MULTI: primary virtual IP for OVH/79.176.167.68: 10.8.0.6
Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 PUSH: Received control message: 'PUSH_REQUEST'
Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 SENT CONTROL [OVH]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 MULTI: bad source address from client [::], packet dropped

[TinCanTech]

i have new error, please help the client is connected but i get same ip,

You mean this:
HOWTO: Routing all client traffic (including web-traffic) through the VPN

in the server i get some error after client is connecting

You mean this:

Sun Apr 02 14:51:39 2017 OVH/79.176.167.68 MULTI: bad source address from client [::], packet dropped

You can ignore that .. it is not an error.

[bwanajag]

Trying to setup OVPN server on a VPS (KVM) and I'm getting the same error, I've double checked my keys are the same, and tried removing TLS from both server and client (which gave a different error), but I'm still receiving the following error on the server:

Code: Select all

Aug 29 02:13:37 PUBLIC.SERVER.IP ovpn-server[691]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Aug 29 02:13:37 PUBLIC.SERVER.IP ovpn-server[691]: TLS Error: incoming packet authentication failed from [AF_INET]WAN.IP:15009

This is what viscosity logs:

Code: Select all

2017-08-29 14:13:31: UDP link remote: [AF_INET]PUBLIC.SERVER.IP:2017
2017-08-29 14:14:31: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2017-08-29 14:14:31: TLS Error: TLS handshake failed

My server config is:

Code: Select all

port 2017
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-128-CBC
auth SHA256
comp-lzo
max-clients 5
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
mode server
tls-server

My client config is:

Code: Select all

client
dev tun
proto udp
remote PUBLIC.SERVER.IP 2017
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
# ca ca.crt
# cert client.crt
# key client.key
remote-cert-tls server
tls-auth ta.key 1
key-direction 1
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 3
tls-client

# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
Certificate:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

I've verified port 2017 is open to WAN, and my VPS assures me that there are no ports blocked on it's side. Any suggestions on how to resolve this issue?

[TinCanTech]

Please see:
HOWTO: Request Help ! {2}