TLS hanshake failed

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
SignumPL
OpenVpn Newbie
Posts: 1
Joined: Fri Apr 28, 2017 9:39 am

TLS hanshake failed

Post by SignumPL » Fri Apr 28, 2017 10:07 am

I want to setup OpenVPN server on Ubuntu 16.04. At first, OpenVPN server was not starting at all for some reason. Solution was to comment out "LimitNPROC=10" line in /lib/systemd/system/openvpn@.service. Now OpenVPN process is starting but clients cannot connect. Connection fails with error message: "TLS Error: TLS key negotiation failed to occur within 60 seconds" (both server and client side, same message in logs). Firewall is disabled so we can rule that out. Also I think it's not related to client's internet connection, because I was using OpenVPN few days ago but with another server and everything was ok, problem occurred on my new server, so it's definitely configuration issue. I have no idea what I did wrong. OpenVPN is configured via Webmin's "OpenVPN + CA" plugin panel if that matters.
server
port 1194
proto udp
dev tun0
ca keys/mydomain.com-ca/ca.crt
cert keys/mydomain.com-ca/mydomain.com-srv.crt
key keys/mydomain.com-ca/mydomain.com-srv.key
dh keys/mydomain.com-ca/dh2048.pem
server 10.8.0.0 255.255.255.0
crl-verify keys/mydomain.com-ca/crl.pem
cipher AES-128-CBC
user nobody
group nogroup
status servers/mydomain.com-VPN/logs/openvpn-status.log
log-append servers/mydomain.com-VPN/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/mydomain.com-VPN/ccd
comp-lzo
persist-key
persist-tun
ccd-exclusive
client
client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert mydomain.com-vpn-client.crt
key mydomain.com-vpn-client.key
remote x.x.x.x 1194
cipher AES-128-CBC
user nobody
group nogroup
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind

Post Reply