I am using openvpn linux server and windows xp as client. Firewall is disabled in both the client and server. I don't understand why I am getting as "TLS error: TLS handshake failed". I am using UDP port 1194 in both the server and client. TLS initial packet is sent from the server but client could not respond to it. Could any one please help me in resolving this problem.TLS Authentication key is 2048 bit key and diffie hiellman is 1024 bit. I connected my server and client back to back(ethernet interfacee) using a switch and there are no other intermediate interfaces. Please find config and log files.
server Config
Code: Select all
port 1194
Code: Select all
proto udp
Code: Select all
dev tun
Code: Select all
ca /etc/OpenVPN/openvpn-2.3.14/ca.crt
Code: Select all
cert /etc/OpenVPN/openvpn-2.3.14/server.crt
Code: Select all
key /etc/OpenVPN/openvpn-2.3.14/server.key # This file should be kept secret
Code: Select all
dh /etc/OpenVPN/openvpn-2.3.14/dh1024.pem
Code: Select all
server 192.168.2.0 255.255.255.0
Code: Select all
ifconfig-pool-persist ipp.txt
Code: Select all
keepalive 10 120
Code: Select all
tls-auth /etc/OpenVPN/easy-rsa-old-master/easy-rsa/2.0/keys/ta.key 0
Code: Select all
cipher AES-256-CFB
Code: Select all
persist-key
Code: Select all
persist-tun
Code: Select all
status openvpn-status.log
Code: Select all
verb 3
Client Config
Code: Select all
client
Code: Select all
dev tun
Code: Select all
proto udp
Code: Select all
remote 192.168.2.66 1194
Code: Select all
resolv-retry infinite
Code: Select all
nobind
Code: Select all
persist-key
Code: Select all
persist-tun
Code: Select all
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
Code: Select all
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt"
Code: Select all
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key"
Code: Select all
remote-cert-tls server
Code: Select all
tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 1
Code: Select all
cipher AES-256-CFB
Code: Select all
verb 3
[root@localhost openvpn-2.3.14]# openvpn server.conf
Wed Apr 19 09:28:42 2017 OpenVPN 2.3.14 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 10 2017
Wed Apr 19 09:28:42 2017 library versions: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008, LZO 2.09
Wed Apr 19 09:28:42 2017 Diffie-Hellman initialized with 1024 bit key
Wed Apr 19 09:28:42 2017 Control Channel Authentication: using '/etc/OpenVPN/easy-rsa-old-master/easy-rsa/2.0/keys/ta.key' as a OpenVPN static key file
Wed Apr 19 09:28:42 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 09:28:42 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 09:28:42 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 19 09:28:42 2017 ROUTE_GATEWAY 192.168.2.27/255.255.255.0 IFACE=eth0 HWADDR=74:d4:35:e3:ff:5b
Wed Apr 19 09:28:42 2017 TUN/TAP device tun0 opened
Wed Apr 19 09:28:42 2017 TUN/TAP TX queue length set to 100
Wed Apr 19 09:28:42 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 19 09:28:42 2017 /sbin/ifconfig tun0 192.168.2.1 pointopoint 192.168.2.2 mtu 1500
Wed Apr 19 09:28:42 2017 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.2
Wed Apr 19 09:28:42 2017 Listening for incoming TCP connection on [undef]
Wed Apr 19 09:28:42 2017 TCPv4_SERVER link local (bound): [undef]
Wed Apr 19 09:28:42 2017 TCPv4_SERVER link remote: [undef]
Wed Apr 19 09:28:42 2017 MULTI: multi_init called, r=256 v=256
Wed Apr 19 09:28:42 2017 IFCONFIG POOL: base=192.168.2.4 size=62, ipv6=0
Wed Apr 19 09:28:42 2017 ifconfig_pool_read(), in='client1,192.168.2.4', TODO: IPv6
Wed Apr 19 09:28:42 2017 succeeded -> ifconfig_pool_set()
Wed Apr 19 09:28:42 2017 IFCONFIG POOL LIST
Wed Apr 19 09:28:42 2017 client1,192.168.2.4
Wed Apr 19 09:28:42 2017 MULTI: TCP INIT maxclients=1024 maxevents=1028
Wed Apr 19 09:28:42 2017 Initialization Sequence Completed
Wed Apr 19 09:29:12 2017 /sbin/route del -net 192.168.2.0 netmask 255.255.255.0
Wed Apr 19 09:29:12 2017 Closing TUN/TAP interface
Wed Apr 19 09:29:12 2017 /sbin/ifconfig tun0 0.0.0.0
Wed Apr 19 09:29:12 2017 SIGINT[hard,] received, process exiting
[root@localhost openvpn-2.3.14]#
[root@localhost openvpn-2.3.14]#
[root@localhost openvpn-2.3.14]# openvpn server.conf
Wed Apr 19 09:58:42 2017 OpenVPN 2.3.14 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 10 2017
Wed Apr 19 09:58:42 2017 library versions: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008, LZO 2.09
Wed Apr 19 09:58:42 2017 Diffie-Hellman initialized with 1024 bit key
Wed Apr 19 09:58:42 2017 Control Channel Authentication: using '/etc/OpenVPN/easy-rsa-old-master/easy-rsa/2.0/keys/ta.key' as a OpenVPN static key file
Wed Apr 19 09:58:42 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 09:58:42 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 19 09:58:42 2017 Socket Buffers: R=[110592->110592] S=[110592->110592]
Wed Apr 19 09:58:42 2017 ROUTE_GATEWAY 192.168.2.27/255.255.255.0 IFACE=eth0 HWADDR=74:d4:35:e3:ff:5b
Wed Apr 19 09:58:42 2017 TUN/TAP device tun0 opened
Wed Apr 19 09:58:42 2017 TUN/TAP TX queue length set to 100
Wed Apr 19 09:58:42 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 19 09:58:42 2017 /sbin/ifconfig tun0 192.168.2.1 pointopoint 192.168.2.2 mtu 1500
Wed Apr 19 09:58:42 2017 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.2
Wed Apr 19 09:58:42 2017 UDPv4 link local (bound): [undef]
Wed Apr 19 09:58:42 2017 UDPv4 link remote: [undef]
Wed Apr 19 09:58:42 2017 MULTI: multi_init called, r=256 v=256
Wed Apr 19 09:58:42 2017 IFCONFIG POOL: base=192.168.2.4 size=62, ipv6=0
Wed Apr 19 09:58:42 2017 ifconfig_pool_read(), in='client1,192.168.2.4', TODO: IPv6
Wed Apr 19 09:58:42 2017 succeeded -> ifconfig_pool_set()
Wed Apr 19 09:58:42 2017 IFCONFIG POOL LIST
Wed Apr 19 09:58:42 2017 client1,192.168.2.4
Wed Apr 19 09:58:42 2017 Initialization Sequence Completed
Wed Apr 19 09:58:56 2017 192.168.2.27:1062 TLS: Initial packet from [AF_INET]192.168.2.27:1062, sid=8cf524e8 5e0c2e97
Wed Apr 19 09:59:56 2017 192.168.2.27:1062 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 19 09:59:56 2017 192.168.2.27:1062 TLS Error: TLS handshake failed
Wed Apr 19 09:59:56 2017 192.168.2.27:1062 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Apr 19 09:59:59 2017 192.168.2.27:1065 TLS: Initial packet from [AF_INET]192.168.2.27:1065, sid=ef43d119 ab145c22
Wed Apr 19 10:00:59 2017 192.168.2.27:1065 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 19 10:00:59 2017 192.168.2.27:1065 TLS Error: TLS handshake failed
Wed Apr 19 10:00:59 2017 192.168.2.27:1065 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Apr 19 10:01:02 2017 192.168.2.27:1070 TLS: Initial packet from [AF_INET]192.168.2.27:1070, sid=e36d1038 63e494ed
Wed Apr 19 10:02:02 2017 192.168.2.27:1070 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 19 10:02:02 2017 192.168.2.27:1070 TLS Error: TLS handshake failed
Wed Apr 19 10:02:02 2017 192.168.2.27:1070 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Apr 19 10:02:05 2017 192.168.2.27:1073 TLS: Initial packet from [AF_INET]192.168.2.27:1073, sid=24a7e80e d71664b7
Wed Apr 19 10:03:05 2017 192.168.2.27:1073 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 19 10:03:05 2017 192.168.2.27:1073 TLS Error: TLS handshake failed
Wed Apr 19 10:03:05 2017 192.168.2.27:1073 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Apr 19 10:03:07 2017 192.168.2.27:1076 TLS: Initial packet from [AF_INET]192.168.2.27:1076, sid=8acf37bc adbb9f35
Wed Apr 19 10:04:07 2017 192.168.2.27:1076 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 19 10:04:07 2017 192.168.2.27:1076 TLS Error: TLS handshake failed
Wed Apr 19 10:04:07 2017 192.168.2.27:1076 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Apr 19 10:04:09 2017 192.168.2.27:1081 TLS: Initial packet from [AF_INET]192.168.2.27:1081, sid=2d82cfd4 a0c399a5
Wed Apr 19 10:05:09 2017 192.168.2.27:1081 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 19 10:05:09 2017 192.168.2.27:1081 TLS Error: TLS handshake failed
client log
Tue Apr 18 10:46:54 2017 OpenVPN 2.3.14 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 1 2017
Tue Apr 18 10:46:54 2017 Windows version 5.1 (Windows XP) 32bit
Tue Apr 18 10:46:54 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Tue Apr 18 10:46:54 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 18 10:46:54 2017 Need hold release from management interface, waiting...
Tue Apr 18 10:46:54 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 18 10:46:54 2017 MANAGEMENT: CMD 'state on'
Tue Apr 18 10:46:54 2017 MANAGEMENT: CMD 'log all on'
Tue Apr 18 10:46:54 2017 MANAGEMENT: CMD 'hold off'
Tue Apr 18 10:46:54 2017 MANAGEMENT: CMD 'hold release'
Tue Apr 18 10:46:54 2017 Control Channel Authentication: using 'C:\Program Files\OpenVPN\easy-rsa\keys\ta.key' as a OpenVPN static key file
Tue Apr 18 10:46:54 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 18 10:46:54 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 18 10:46:54 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Apr 18 10:46:54 2017 UDPv4 link local: [undef]
Tue Apr 18 10:46:54 2017 UDPv4 link remote: [AF_INET]192.168.2.66:1194
Tue Apr 18 10:46:54 2017 MANAGEMENT: >STATE:1492492614,WAIT,,,
Tue Apr 18 10:49:23 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Apr 18 10:49:23 2017 TLS Error: TLS handshake failed
Tue Apr 18 10:49:23 2017 SIGUSR1[soft,tls-error] received, process restarting
Tue Apr 18 10:49:23 2017 MANAGEMENT: >STATE:1492492763,RECONNECTING,tls-error,,
Tue Apr 18 10:49:23 2017 Restart pause, 2 second(s)
Tue Apr 18 10:49:25 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Apr 18 10:49:25 2017 UDPv4 link local: [undef]
Tue Apr 18 10:49:25 2017 UDPv4 link remote: [AF_INET]192.168.2.66:1194
Tue Apr 18 10:49:25 2017 MANAGEMENT: >STATE:1492492765,WAIT,,,
Please help me in solving this....