I've setup OpenVPN on a freebsd jail. The configuration is working fine on my Mac, with Tunnelblick. However, on my Android, I'm unable to make it work... The connection won't establish and I'm greeted with the following log message on the server:
Code: Select all
Dec 10 19:46:24 openvpn openvpn[91848]: 158...:58013 TLS: Initial packet from [AF_INET]158...:58013, sid=414ce6a3 656a09db
Dec 10 19:46:24 openvpn openvpn[91848]: 158...*:58013 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive.
Dec 10 19:46:24 openvpn openvpn[91848]: 158...*:58013 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
Dec 10 19:46:24 openvpn openvpn[91848]: 158...*:58013 TLS_ERROR: BIO read tls_read_plaintext error
Dec 10 19:46:24 openvpn openvpn[91848]: 158...*:58013 TLS Error: TLS object -> incoming plaintext read error
Dec 10 19:46:24 openvpn openvpn[91848]: 158...*:58013 TLS Error: TLS handshake failed
Server:
Code: Select all
local 172.16.1.35
port 443
proto udp
dev tun
ca /usr/local/etc/openvpn/pki/ca.crt
cert /usr/local/etc/openvpn/pki/issued/VPNSERVER.crt
key /usr/local/etc/openvpn/pki/private/VPNSERVER.key
dh /usr/local/etc/openvpn/pki/dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /usr/local/etc/openvpn/ipp.txt
push "route 172.16.1.0 255.255.255.0"
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /usr/local/etc/openvpn/pki/private/ta.key 0
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
crl-verify /usr/local/etc/openvpn/easy-rsa/pki/crl.pem
Code: Select all
client
dev tun
proto udp
remote 172.16.1.35 443
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca ca.crt
cert cert.crt
key pkey.key
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-CBC
verb 3