OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Setup working with a PC but doesn't with another one

https://forums.openvpn.net/viewtopic.php?t=26296

Page 1 of 1

Setup working with a PC but doesn't with another one

Posted: Fri Apr 27, 2018 11:37 am
by teeei
Hello,

I have the following setup:

Server (Version 2.4.5 1.e17 CentOS 7):

Code: Select all

server                  10.9.0.0 255.255.255.0
dev                     tun_udp1194
proto                   udp
port                    1194
key                     /etc/openvpn/server/server.key
ca                      /etc/openvpn/server/ca.crt
cert                    /etc/openvpn/server/server.crt
dh                      /etc/openvpn/server/dh.pem
keepalive               10 120
persist-key
persist-tun
comp-lzo
push                    "route 10.2.111.0 255.255.255.0"
status                  /var/log/openvpn/status_udp1194.log
log-append              /var/log/openvpn/openvpn_udp1194.log
topology                subnet
verb 5
Client (Version 2.4.6-I602 Windows)

Code: Select all

client
dev tun
proto udp
port 1194
remote 12.34.56.78  
auth-nocache
remote-cert-tls server
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\client.crt"
key "C:\\Program Files\\OpenVPN\\config\\client.key"
comp-lzo
persist-key
persist-tun
verb 3
The client config works flawless on my windows 10 test machine but doesn't work for my customer. He uses the same client version.

This is how I connect sucessfully:

Code: Select all

Fri Apr 27 11:10:17 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Fri Apr 27 11:10:17 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Apr 27 11:10:17 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Fri Apr 27 11:10:17 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Apr 27 11:10:17 2018 Need hold release from management interface, waiting...
Fri Apr 27 11:10:17 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Apr 27 11:10:17 2018 MANAGEMENT: CMD 'state on'
Fri Apr 27 11:10:17 2018 MANAGEMENT: CMD 'log all on'
Fri Apr 27 11:10:17 2018 MANAGEMENT: CMD 'echo all on'
Fri Apr 27 11:10:17 2018 MANAGEMENT: CMD 'bytecount 5'
Fri Apr 27 11:10:17 2018 MANAGEMENT: CMD 'hold off'
Fri Apr 27 11:10:17 2018 MANAGEMENT: CMD 'hold release'
Fri Apr 27 11:10:17 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]12.34.56.78:1194
Fri Apr 27 11:10:17 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Apr 27 11:10:17 2018 UDP link local (bound): [AF_INET][undef]:1194
Fri Apr 27 11:10:17 2018 UDP link remote: [AF_INET]12.34.56.78:1194
Fri Apr 27 11:10:17 2018 MANAGEMENT: >STATE:1524820217,WAIT,,,,,,
Fri Apr 27 11:10:17 2018 MANAGEMENT: >STATE:1524820217,AUTH,,,,,,
Fri Apr 27 11:10:17 2018 TLS: Initial packet from [AF_INET]12.34.56.78:1194, sid=8ae81078 7cbe0951
Fri Apr 27 11:10:17 2018 VERIFY OK: depth=1, CN=Easy-RSA CA
Fri Apr 27 11:10:17 2018 VERIFY KU OK
Fri Apr 27 11:10:17 2018 Validating certificate extended key usage
Fri Apr 27 11:10:17 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Apr 27 11:10:17 2018 VERIFY EKU OK
Fri Apr 27 11:10:17 2018 VERIFY OK: depth=0, CN=tlink-adhoc
...
And this is how it looks like when my customer tries to connect:

Code: Select all

Thu Apr 26 11:33:26 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 24 2018
Thu Apr 26 11:33:26 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Apr 26 11:33:26 2018 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Thu Apr 26 11:33:26 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Apr 26 11:33:26 2018 Need hold release from management interface, waiting...
Thu Apr 26 11:33:27 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Apr 26 11:33:27 2018 MANAGEMENT: CMD 'state on'
Thu Apr 26 11:33:27 2018 MANAGEMENT: CMD 'log all on'
Thu Apr 26 11:33:27 2018 MANAGEMENT: CMD 'echo all on'
Thu Apr 26 11:33:27 2018 MANAGEMENT: CMD 'bytecount 5'
Thu Apr 26 11:33:27 2018 MANAGEMENT: CMD 'hold off'
Thu Apr 26 11:33:27 2018 MANAGEMENT: CMD 'hold release'
Thu Apr 26 11:33:35 2018 MANAGEMENT: CMD 'password [...]'
Thu Apr 26 11:33:35 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]12.34.56.78:1194
Thu Apr 26 11:33:35 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Apr 26 11:33:35 2018 UDP link local (bound): [AF_INET][undef]:1194
Thu Apr 26 11:33:35 2018 UDP link remote: [AF_INET]12.34.56.78:1194
Thu Apr 26 11:33:35 2018 MANAGEMENT: >STATE:1524735215,WAIT,,,,,,
Thu Apr 26 11:34:36 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 26 11:34:36 2018 TLS Error: TLS handshake failed
Thu Apr 26 11:34:36 2018 SIGUSR1[soft,tls-error] received, process restarting
What does cause this

Code: Select all

MANAGEMENT: CMD 'password [...]'
in my customers log?

Thanks in advance
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/