HELP - TLS key negotiation failed to occur

[adamh128]

I had been using 2.0.9 configured to use TCP because I need to tunnel through a proxy server. Both server & client are running Windows XP SP3. Server has ethernet bridging of network card + tap interface.

All was working great for many months, then suddenly (actually after the clocks went back to standard time) it stopped working (or does occasionally connect but only maybe once in 5 hours - and when it does connect it's rock solid).

I tried upgrading to OpenVPN 2.1_rc21 but it's made no difference.


Server config:

Code: Select all

port 1194
proto tcp
float

dev tap
dev-node VPN-Tap0

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\server.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh1024.pem"

ifconfig-pool-persist ipp.txt

server-bridge 192.168.1.13 255.255.255.0 192.168.1.50 192.168.1.59

keepalive 10 120

tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ta.key" 0

comp-lzo

max-clients 10

persist-key
persist-tun

status openvpn-status.log

verb 5

Client config:

Code: Select all

client
dev tap
proto tcp
remote xxxx 1194

resolv-retry infinite

nobind

persist-key
persist-tun

http-proxy myproxy 1080 stdin

mute-replay-warnings

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client.key"

ns-cert-type server

tls-auth "C:\\Program Files\\OpenVPN\\easy-rsa\\ta.key" 1

comp-lzo

verb 4

Server log:

Code: Select all

Mon Nov 16 10:37:26 2009 us=375000 Current Parameter Settings:
Mon Nov 16 10:37:26 2009 us=375000   config = 'server.ovpn'
Mon Nov 16 10:37:26 2009 us=375000   mode = 1
Mon Nov 16 10:37:26 2009 us=375000   show_ciphers = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   show_digests = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   show_engines = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   genkey = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   key_pass_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   show_tls_ciphers = DISABLED
Mon Nov 16 10:37:26 2009 us=375000 Connection profiles [default]:
Mon Nov 16 10:37:26 2009 us=375000   proto = tcp-server
Mon Nov 16 10:37:26 2009 us=375000   local = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   local_port = 1194
Mon Nov 16 10:37:26 2009 us=375000   remote = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   remote_port = 1194
Mon Nov 16 10:37:26 2009 us=375000   remote_float = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   bind_defined = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   bind_local = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   connect_retry_seconds = 5
Mon Nov 16 10:37:26 2009 us=375000   connect_timeout = 10
Mon Nov 16 10:37:26 2009 us=375000   connect_retry_max = 0
Mon Nov 16 10:37:26 2009 us=375000   socks_proxy_server = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   socks_proxy_port = 0
Mon Nov 16 10:37:26 2009 us=375000   socks_proxy_retry = DISABLED
Mon Nov 16 10:37:26 2009 us=375000 Connection profiles END
Mon Nov 16 10:37:26 2009 us=375000   remote_random = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   ipchange = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   dev = 'tap'
Mon Nov 16 10:37:26 2009 us=375000   dev_type = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   dev_node = 'VPN-Tap0'
Mon Nov 16 10:37:26 2009 us=375000   lladdr = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   topology = 1
Mon Nov 16 10:37:26 2009 us=375000   tun_ipv6 = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   ifconfig_local = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   ifconfig_remote_netmask = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   ifconfig_noexec = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   ifconfig_nowarn = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   shaper = 0
Mon Nov 16 10:37:26 2009 us=375000   tun_mtu = 1500
Mon Nov 16 10:37:26 2009 us=375000   tun_mtu_defined = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   link_mtu = 1500
Mon Nov 16 10:37:26 2009 us=375000   link_mtu_defined = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   tun_mtu_extra = 32
Mon Nov 16 10:37:26 2009 us=375000   tun_mtu_extra_defined = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   fragment = 0
Mon Nov 16 10:37:26 2009 us=375000   mtu_discover_type = -1
Mon Nov 16 10:37:26 2009 us=375000   mtu_test = 0
Mon Nov 16 10:37:26 2009 us=375000   mlock = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   keepalive_ping = 10
Mon Nov 16 10:37:26 2009 us=375000   keepalive_timeout = 120
Mon Nov 16 10:37:26 2009 us=375000   inactivity_timeout = 0
Mon Nov 16 10:37:26 2009 us=375000   ping_send_timeout = 10
Mon Nov 16 10:37:26 2009 us=375000   ping_rec_timeout = 240
Mon Nov 16 10:37:26 2009 us=375000   ping_rec_timeout_action = 2
Mon Nov 16 10:37:26 2009 us=375000   ping_timer_remote = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   remap_sigusr1 = 0
Mon Nov 16 10:37:26 2009 us=375000   explicit_exit_notification = 0
Mon Nov 16 10:37:26 2009 us=375000   persist_tun = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   persist_local_ip = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   persist_remote_ip = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   persist_key = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   mssfix = 1450
Mon Nov 16 10:37:26 2009 us=375000   resolve_retry_seconds = 1000000000
Mon Nov 16 10:37:26 2009 us=375000   username = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   groupname = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   chroot_dir = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   cd_dir = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   writepid = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   up_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   down_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   down_pre = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   up_restart = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   up_delay = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   daemon = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   inetd = 0
Mon Nov 16 10:37:26 2009 us=375000   log = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   suppress_timestamps = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   nice = 0
Mon Nov 16 10:37:26 2009 us=375000   verbosity = 5
Mon Nov 16 10:37:26 2009 us=375000   mute = 0
Mon Nov 16 10:37:26 2009 us=375000   gremlin = 0
Mon Nov 16 10:37:26 2009 us=375000   status_file = 'openvpn-status.log'
Mon Nov 16 10:37:26 2009 us=375000   status_file_version = 1
Mon Nov 16 10:37:26 2009 us=375000   status_file_update_freq = 60
Mon Nov 16 10:37:26 2009 us=375000   occ = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   rcvbuf = 0
Mon Nov 16 10:37:26 2009 us=375000   sndbuf = 0
Mon Nov 16 10:37:26 2009 us=375000   sockflags = 0
Mon Nov 16 10:37:26 2009 us=375000   fast_io = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   lzo = 7
Mon Nov 16 10:37:26 2009 us=375000   route_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   route_default_gateway = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   route_default_metric = 0
Mon Nov 16 10:37:26 2009 us=375000   route_noexec = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   route_delay = 0
Mon Nov 16 10:37:26 2009 us=375000   route_delay_window = 30
Mon Nov 16 10:37:26 2009 us=375000   route_delay_defined = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   route_nopull = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   route_gateway_via_dhcp = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   max_routes = 100
Mon Nov 16 10:37:26 2009 us=375000   allow_pull_fqdn = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   management_addr = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   management_port = 0
Mon Nov 16 10:37:26 2009 us=375000   management_user_pass = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   management_log_history_cache = 250
Mon Nov 16 10:37:26 2009 us=375000   management_echo_buffer_size = 100
Mon Nov 16 10:37:26 2009 us=375000   management_write_peer_info_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   management_client_user = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   management_client_group = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   management_flags = 0
Mon Nov 16 10:37:26 2009 us=375000   shared_secret_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   key_direction = 1
Mon Nov 16 10:37:26 2009 us=375000   ciphername_defined = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   ciphername = 'BF-CBC'
Mon Nov 16 10:37:26 2009 us=375000   authname_defined = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   authname = 'SHA1'
Mon Nov 16 10:37:26 2009 us=375000   prng_hash = 'SHA1'
Mon Nov 16 10:37:26 2009 us=375000   prng_nonce_secret_len = 16
Mon Nov 16 10:37:26 2009 us=375000   keysize = 0
Mon Nov 16 10:37:26 2009 us=375000   engine = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   replay = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   mute_replay_warnings = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   replay_window = 64
Mon Nov 16 10:37:26 2009 us=375000   replay_time = 15
Mon Nov 16 10:37:26 2009 us=375000   packet_id_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   use_iv = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   test_crypto = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   tls_server = ENABLED
Mon Nov 16 10:37:26 2009 us=375000   tls_client = DISABLED
Mon Nov 16 10:37:26 2009 us=375000   key_method = 2
Mon Nov 16 10:37:26 2009 us=375000   ca_file = 'C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt'
Mon Nov 16 10:37:26 2009 us=375000   ca_path = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=375000   dh_file = 'C:\Program Files\OpenVPN\easy-rsa\keys\dh1024.pem'
Mon Nov 16 10:37:26 2009 us=375000   cert_file = 'C:\Program Files\OpenVPN\easy-rsa\keys\server.crt'
Mon Nov 16 10:37:26 2009 us=375000   priv_key_file = 'C:\Program Files\OpenVPN\easy-rsa\keys\server.key'
Mon Nov 16 10:37:26 2009 us=390000   pkcs12_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   cryptoapi_cert = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   cipher_list = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   tls_verify = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   tls_remote = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   crl_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   ns_cert_type = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_ku[i] = 0
Mon Nov 16 10:37:26 2009 us=390000   remote_cert_eku = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   tls_timeout = 2
Mon Nov 16 10:37:26 2009 us=390000   renegotiate_bytes = 0
Mon Nov 16 10:37:26 2009 us=390000   renegotiate_packets = 0
Mon Nov 16 10:37:26 2009 us=390000   renegotiate_seconds = 3600
Mon Nov 16 10:37:26 2009 us=390000   handshake_window = 60
Mon Nov 16 10:37:26 2009 us=390000   transition_window = 3600
Mon Nov 16 10:37:26 2009 us=390000   single_session = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   tls_exit = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   tls_auth_file = 'C:\Program Files\OpenVPN\easy-rsa\keys\ta.key'
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_protected_authentication = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_private_mode = 00000000
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_cert_private = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_pin_cache_period = -1
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_id = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   pkcs11_id_management = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   server_network = 0.0.0.0
Mon Nov 16 10:37:26 2009 us=390000   server_netmask = 0.0.0.0
Mon Nov 16 10:37:26 2009 us=390000   server_bridge_ip = 192.168.1.13
Mon Nov 16 10:37:26 2009 us=390000   server_bridge_netmask = 255.255.255.0
Mon Nov 16 10:37:26 2009 us=390000   server_bridge_pool_start = 192.168.1.50
Mon Nov 16 10:37:26 2009 us=390000   server_bridge_pool_end = 192.168.1.59
Mon Nov 16 10:37:26 2009 us=390000   push_entry = 'route-gateway 192.168.1.13'
Mon Nov 16 10:37:26 2009 us=390000   push_entry = 'ping 10'
Mon Nov 16 10:37:26 2009 us=390000   push_entry = 'ping-restart 120'
Mon Nov 16 10:37:26 2009 us=390000   ifconfig_pool_defined = ENABLED
Mon Nov 16 10:37:26 2009 us=390000   ifconfig_pool_start = 192.168.1.50
Mon Nov 16 10:37:26 2009 us=390000   ifconfig_pool_end = 192.168.1.59
Mon Nov 16 10:37:26 2009 us=390000   ifconfig_pool_netmask = 255.255.255.0
Mon Nov 16 10:37:26 2009 us=390000   ifconfig_pool_persist_filename = 'ipp.txt'
Mon Nov 16 10:37:26 2009 us=390000   ifconfig_pool_persist_refresh_freq = 600
Mon Nov 16 10:37:26 2009 us=390000   n_bcast_buf = 256
Mon Nov 16 10:37:26 2009 us=390000   tcp_queue_limit = 64
Mon Nov 16 10:37:26 2009 us=390000   real_hash_size = 256
Mon Nov 16 10:37:26 2009 us=390000   virtual_hash_size = 256
Mon Nov 16 10:37:26 2009 us=390000   client_connect_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   learn_address_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   client_disconnect_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   client_config_dir = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   ccd_exclusive = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   tmp_dir = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   push_ifconfig_defined = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   push_ifconfig_local = 0.0.0.0
Mon Nov 16 10:37:26 2009 us=390000   push_ifconfig_remote_netmask = 0.0.0.0
Mon Nov 16 10:37:26 2009 us=390000   enable_c2c = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   duplicate_cn = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   cf_max = 0
Mon Nov 16 10:37:26 2009 us=390000   cf_per = 0
Mon Nov 16 10:37:26 2009 us=390000   max_clients = 10
Mon Nov 16 10:37:26 2009 us=390000   max_routes_per_client = 256
Mon Nov 16 10:37:26 2009 us=390000   auth_user_pass_verify_script = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   auth_user_pass_verify_script_via_file = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   ssl_flags = 0
Mon Nov 16 10:37:26 2009 us=390000   client = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   pull = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   auth_user_pass_file = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   show_net_up = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   route_method = 0
Mon Nov 16 10:37:26 2009 us=390000   ip_win32_defined = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   ip_win32_type = 3
Mon Nov 16 10:37:26 2009 us=390000   dhcp_masq_offset = 0
Mon Nov 16 10:37:26 2009 us=390000   dhcp_lease_time = 31536000
Mon Nov 16 10:37:26 2009 us=390000   tap_sleep = 10
Mon Nov 16 10:37:26 2009 us=390000   dhcp_options = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   dhcp_renew = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   dhcp_pre_release = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   dhcp_release = DISABLED
Mon Nov 16 10:37:26 2009 us=390000   domain = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   netbios_scope = '[UNDEF]'
Mon Nov 16 10:37:26 2009 us=390000   netbios_node_type = 0
Mon Nov 16 10:37:26 2009 us=390000   disable_nbt = DISABLED
Mon Nov 16 10:37:26 2009 us=390000 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009
Mon Nov 16 10:37:26 2009 us=390000 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Nov 16 10:37:26 2009 us=390000 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon Nov 16 10:37:26 2009 us=390000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Nov 16 10:37:26 2009 us=531000 Diffie-Hellman initialized with 1024 bit key
Mon Nov 16 10:37:26 2009 us=531000 Control Channel Authentication: using 'C:\Program Files\OpenVPN\easy-rsa\keys\ta.key' as a OpenVPN static key file
Mon Nov 16 10:37:26 2009 us=531000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 16 10:37:26 2009 us=531000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 16 10:37:26 2009 us=531000 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Nov 16 10:37:26 2009 us=531000 TAP-WIN32 device [VPN-Tap0] opened: \\.\Global\{97E5B4EA-2C43-4235-B353-999FBA78943E}.tap
Mon Nov 16 10:37:26 2009 us=531000 NOTE: could not get adapter index for {97E5B4EA-2C43-4235-B353-999FBA78943E}
Mon Nov 16 10:37:26 2009 us=531000 TAP-Win32 Driver Version 9.6 
Mon Nov 16 10:37:26 2009 us=531000 TAP-Win32 MTU=1500
Mon Nov 16 10:37:26 2009 us=531000 Sleeping for 10 seconds...
Mon Nov 16 10:37:36 2009 us=531000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 16 10:37:36 2009 us=531000 Listening for incoming TCP connection on [undef]:1194
Mon Nov 16 10:37:36 2009 us=531000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Nov 16 10:37:36 2009 us=531000 TCPv4_SERVER link local (bound): [undef]:1194
Mon Nov 16 10:37:36 2009 us=531000 TCPv4_SERVER link remote: [undef]
Mon Nov 16 10:37:36 2009 us=531000 MULTI: multi_init called, r=256 v=256
Mon Nov 16 10:37:36 2009 us=531000 IFCONFIG POOL: base=192.168.1.50 size=10
Mon Nov 16 10:37:36 2009 us=531000 IFCONFIG POOL LIST
Mon Nov 16 10:37:36 2009 us=531000 MULTI: TCP INIT maxclients=10 maxevents=14
Mon Nov 16 10:37:36 2009 us=531000 Initialization Sequence Completed
Mon Nov 16 10:37:50 2009 us=968000 MULTI: multi_create_instance called
Mon Nov 16 10:37:50 2009 us=968000 Re-using SSL/TLS context
Mon Nov 16 10:37:50 2009 us=968000 LZO compression initialized
Mon Nov 16 10:37:50 2009 us=968000 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Nov 16 10:37:50 2009 us=968000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 16 10:37:50 2009 us=968000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Nov 16 10:37:50 2009 us=968000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Nov 16 10:37:50 2009 us=968000 Local Options hash (VER=V4): '3c14feac'
Mon Nov 16 10:37:50 2009 us=968000 Expected Remote Options hash (VER=V4): 'e39a3273'
Mon Nov 16 10:37:50 2009 us=968000 TCP connection established with 83.195.186.142:62091
Mon Nov 16 10:37:50 2009 us=968000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Nov 16 10:37:50 2009 us=968000 TCPv4_SERVER link local: [undef]
Mon Nov 16 10:37:50 2009 us=968000 TCPv4_SERVER link remote: 83.195.186.142:62091
Mon Nov 16 10:37:50 2009 us=968000 83.195.186.142:62091 TLS: Initial packet from 83.195.186.142:62091, sid=3c642e78 c7f52bc7
Mon Nov 16 10:38:50 2009 us=406000 83.195.186.142:62091 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 16 10:38:50 2009 us=406000 83.195.186.142:62091 TLS Error: TLS handshake failed
Mon Nov 16 10:38:50 2009 us=406000 83.195.186.142:62091 Fatal TLS error (check_tls_errors_co), restarting
Mon Nov 16 10:38:50 2009 us=406000 83.195.186.142:62091 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Nov 16 10:38:50 2009 us=406000 TCP/UDP: Closing socket
Mon Nov 16 10:39:00 2009 us=93000 MULTI: multi_create_instance called
Mon Nov 16 10:39:00 2009 us=93000 Re-using SSL/TLS context
Mon Nov 16 10:39:00 2009 us=93000 LZO compression initialized
Mon Nov 16 10:39:00 2009 us=93000 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Nov 16 10:39:00 2009 us=93000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 16 10:39:00 2009 us=93000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Nov 16 10:39:00 2009 us=93000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Nov 16 10:39:00 2009 us=93000 Local Options hash (VER=V4): '3c14feac'
Mon Nov 16 10:39:00 2009 us=93000 Expected Remote Options hash (VER=V4): 'e39a3273'
Mon Nov 16 10:39:00 2009 us=93000 TCP connection established with 83.195.186.142:49809
Mon Nov 16 10:39:00 2009 us=93000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Nov 16 10:39:00 2009 us=93000 TCPv4_SERVER link local: [undef]
Mon Nov 16 10:39:00 2009 us=93000 TCPv4_SERVER link remote: 83.195.186.142:49809
Mon Nov 16 10:39:00 2009 us=109000 83.195.186.142:49809 TLS: Initial packet from 83.195.186.142:49809, sid=ea4bcc07 e45a5b79
Mon Nov 16 10:40:00 2009 us=453000 83.195.186.142:49809 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 16 10:40:00 2009 us=453000 83.195.186.142:49809 TLS Error: TLS handshake failed
Mon Nov 16 10:40:00 2009 us=453000 83.195.186.142:49809 Fatal TLS error (check_tls_errors_co), restarting
Mon Nov 16 10:40:00 2009 us=453000 83.195.186.142:49809 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Nov 16 10:40:00 2009 us=453000 TCP/UDP: Closing socket

Client log:

Code: Select all

Mon Nov 16 11:13:25 2009 us=656000   ifconfig_pool_persist_refresh_freq = 600
Mon Nov 16 11:13:25 2009 us=656000   n_bcast_buf = 256
Mon Nov 16 11:13:25 2009 us=656000   tcp_queue_limit = 64
Mon Nov 16 11:13:25 2009 us=656000   real_hash_size = 256
Mon Nov 16 11:13:25 2009 us=656000   virtual_hash_size = 256
Mon Nov 16 11:13:25 2009 us=656000   client_connect_script = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=656000   learn_address_script = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=656000   client_disconnect_script = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=656000   client_config_dir = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=671000   ccd_exclusive = DISABLED
Mon Nov 16 11:13:25 2009 us=671000   tmp_dir = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=671000   push_ifconfig_defined = DISABLED
Mon Nov 16 11:13:25 2009 us=671000   push_ifconfig_local = 0.0.0.0
Mon Nov 16 11:13:25 2009 us=671000   push_ifconfig_remote_netmask = 0.0.0.0
Mon Nov 16 11:13:25 2009 us=671000   enable_c2c = DISABLED
Mon Nov 16 11:13:25 2009 us=671000   duplicate_cn = DISABLED
Mon Nov 16 11:13:25 2009 us=671000   cf_max = 0
Mon Nov 16 11:13:25 2009 us=671000   cf_per = 0
Mon Nov 16 11:13:25 2009 us=671000   max_clients = 1024
Mon Nov 16 11:13:25 2009 us=671000   max_routes_per_client = 256
Mon Nov 16 11:13:25 2009 us=671000   auth_user_pass_verify_script = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=671000   auth_user_pass_verify_script_via_file = DISABLED
Mon Nov 16 11:13:25 2009 us=671000   ssl_flags = 0
Mon Nov 16 11:13:25 2009 us=671000   client = ENABLED
Mon Nov 16 11:13:25 2009 us=718000   pull = ENABLED
Mon Nov 16 11:13:25 2009 us=718000   auth_user_pass_file = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=718000   show_net_up = DISABLED
Mon Nov 16 11:13:25 2009 us=718000   route_method = 0
Mon Nov 16 11:13:25 2009 us=718000   ip_win32_defined = DISABLED
Mon Nov 16 11:13:25 2009 us=718000   ip_win32_type = 3
Mon Nov 16 11:13:25 2009 us=718000   dhcp_masq_offset = 0
Mon Nov 16 11:13:25 2009 us=718000   dhcp_lease_time = 31536000
Mon Nov 16 11:13:25 2009 us=718000   tap_sleep = 0
Mon Nov 16 11:13:25 2009 us=718000   dhcp_options = DISABLED
Mon Nov 16 11:13:25 2009 us=718000   dhcp_renew = DISABLED
Mon Nov 16 11:13:25 2009 us=718000   dhcp_pre_release = DISABLED
Mon Nov 16 11:13:25 2009 us=718000   dhcp_release = DISABLED
Mon Nov 16 11:13:25 2009 us=718000   domain = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=718000   netbios_scope = '[UNDEF]'
Mon Nov 16 11:13:25 2009 us=718000   netbios_node_type = 0
Mon Nov 16 11:13:25 2009 us=734000   disable_nbt = DISABLED
Mon Nov 16 11:13:25 2009 us=734000 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009
Mon Nov 16 11:13:25 2009 us=734000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Nov 16 11:13:25 2009 us=781000 Control Channel Authentication: using 'C:\Program Files\OpenVPN\easy-rsa\keys\ta.key' as a OpenVPN static key file
Mon Nov 16 11:13:25 2009 us=781000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 16 11:13:25 2009 us=781000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 16 11:13:25 2009 us=781000 LZO compression initialized
Mon Nov 16 11:13:25 2009 us=781000 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Nov 16 11:13:25 2009 us=781000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 16 11:13:25 2009 us=781000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Nov 16 11:13:25 2009 us=781000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Nov 16 11:13:25 2009 us=781000 Local Options hash (VER=V4): 'e39a3273'
Mon Nov 16 11:13:25 2009 us=781000 Expected Remote Options hash (VER=V4): '3c14feac'
Mon Nov 16 11:13:25 2009 us=781000 Attempting to establish TCP connection with 83.195.186.201:1080
Mon Nov 16 11:13:25 2009 us=796000 TCP connection established with 83.195.186.201:1080
Mon Nov 16 11:13:25 2009 us=796000 Send to HTTP proxy: 'CONNECT xxxx:1194 HTTP/1.0'
Mon Nov 16 11:13:25 2009 us=796000 Attempting Basic Proxy-Authorization
Mon Nov 16 11:13:27 2009 us=796000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Mon Nov 16 11:13:29 2009 us=796000 Socket Buffers: R=[8192->8192] S=[64512->64512]
Mon Nov 16 11:13:29 2009 us=796000 TCPv4_CLIENT link local: [undef]
Mon Nov 16 11:13:29 2009 us=796000 TCPv4_CLIENT link remote: 83.195.186.201:1080
Mon Nov 16 11:14:29 2009 us=609000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 16 11:14:29 2009 us=609000 TLS Error: TLS handshake failed
Mon Nov 16 11:14:29 2009 us=609000 Fatal TLS error (check_tls_errors_co), restarting
Mon Nov 16 11:14:29 2009 us=609000 TCP/UDP: Closing socket
Mon Nov 16 11:14:29 2009 us=609000 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 16 11:14:29 2009 us=609000 Restart pause, 5 second(s)
Mon Nov 16 11:14:34 2009 us=609000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Nov 16 11:14:34 2009 us=609000 Re-using SSL/TLS context
Mon Nov 16 11:14:34 2009 us=609000 LZO compression initialized
Mon Nov 16 11:14:34 2009 us=609000 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Nov 16 11:14:34 2009 us=609000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 16 11:14:34 2009 us=609000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Nov 16 11:14:34 2009 us=609000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Nov 16 11:14:34 2009 us=609000 Local Options hash (VER=V4): 'e39a3273'
Mon Nov 16 11:14:34 2009 us=609000 Expected Remote Options hash (VER=V4): '3c14feac'
Mon Nov 16 11:14:34 2009 us=609000 Attempting to establish TCP connection with 83.195.186.201:1080
Mon Nov 16 11:14:34 2009 us=625000 TCP connection established with 83.195.186.201:1080
Mon Nov 16 11:14:34 2009 us=625000 Send to HTTP proxy: 'CONNECT xxxx:1194 HTTP/1.0'
Mon Nov 16 11:14:34 2009 us=625000 Attempting Basic Proxy-Authorization
Mon Nov 16 11:14:36 2009 us=765000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Mon Nov 16 11:14:38 2009 us=765000 Socket Buffers: R=[8192->8192] S=[64512->64512]
Mon Nov 16 11:14:38 2009 us=765000 TCPv4_CLIENT link local: [undef]
Mon Nov 16 11:14:38 2009 us=765000 TCPv4_CLIENT link remote: 83.195.186.201:1080
Mon Nov 16 11:15:38 2009 us=859000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 16 11:15:38 2009 us=859000 TLS Error: TLS handshake failed
Mon Nov 16 11:15:38 2009 us=859000 Fatal TLS error (check_tls_errors_co), restarting
Mon Nov 16 11:15:38 2009 us=859000 TCP/UDP: Closing socket
Mon Nov 16 11:15:38 2009 us=859000 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 16 11:15:38 2009 us=859000 Restart pause, 5 second(s)
Mon Nov 16 11:15:43 2009 us=859000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Nov 16 11:15:43 2009 us=859000 Re-using SSL/TLS context
Mon Nov 16 11:15:43 2009 us=859000 LZO compression initialized
Mon Nov 16 11:15:43 2009 us=859000 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Nov 16 11:15:43 2009 us=859000 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 16 11:15:43 2009 us=859000 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Mon Nov 16 11:15:43 2009 us=859000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Nov 16 11:15:43 2009 us=859000 Local Options hash (VER=V4): 'e39a3273'
Mon Nov 16 11:15:43 2009 us=859000 Expected Remote Options hash (VER=V4): '3c14feac'
Mon Nov 16 11:15:43 2009 us=859000 Attempting to establish TCP connection with 83.195.186.201:1080
Mon Nov 16 11:15:43 2009 us=875000 TCP connection established with 83.195.186.201:1080
Mon Nov 16 11:15:43 2009 us=875000 Send to HTTP proxy: 'CONNECT xxxx:1194 HTTP/1.0'
Mon Nov 16 11:15:43 2009 us=875000 Attempting Basic Proxy-Authorization
Mon Nov 16 11:15:46 2009 us=31000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Mon Nov 16 11:15:48 2009 us=31000 Socket Buffers: R=[8192->8192] S=[64512->64512]
Mon Nov 16 11:15:48 2009 us=31000 TCPv4_CLIENT link local: [undef]
Mon Nov 16 11:15:48 2009 us=31000 TCPv4_CLIENT link remote: 83.195.186.201:1080
Mon Nov 16 11:16:48 2009 us=46000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 16 11:16:48 2009 us=46000 TLS Error: TLS handshake failed
Mon Nov 16 11:16:48 2009 us=46000 Fatal TLS error (check_tls_errors_co), restarting
Mon Nov 16 11:16:48 2009 us=46000 TCP/UDP: Closing socket

[krzee]

make sure both sides have correctly adjusted for the time change... this is probably your problem. since certs expire the time on each machine actually matters (not timezone but gmt). i suspect this problem worked itself out when both machines found their way to the right time

[adamh128]

This was the first thing I checked - they are both on the same timezone/gmt and show the same time. I'm still seeing the issue and cannot figure it out

[mwandelaar]

When first reading your problem, it looked very odd to me it was caused by the change of time. Neither the client, nor the server complain about invalid certificates, something the server would have been writing in the logfiles.

But then another issue hit me:

your client is connecting to your proxy:
83.195.186.201:1080
but the server sees an connection coming from another host in the same subnet:
83.195.186.142:62091 (or other source-port)

After the initial packet, the server doesn't mention any traffic anymore.
Can this be an issue with routing / forwarding traffic between your proxy and the server? Or a firewall-issue?
Try to capture the traffic on the proxyserver (or the vpn-server) to see what's going on.

Maybe you can try the --nobind option. This prevents the client from forcing the mentioned port in the config.

[krzee]

try adding:
hand-window 120

im not sure if this goes in the server or client (or both) so play with it
my guess now is that it sometimes works because sometimes it can make the connection fast enough through the proxy and sometimes not, this command will give you 120 seconds to make the connection instead of default 60
hope that helps