TLS Error: TLS handshake failed

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
mbrasburg
OpenVpn Newbie
Posts: 3
Joined: Thu May 27, 2021 7:03 pm

TLS Error: TLS handshake failed

Post by mbrasburg » Thu May 27, 2021 7:17 pm

Dear:
I have a VPN that was working with no problem until I moved de server to another office (with another internet connection).
I conected the PC in the new office trought a router linksys and forwarded port Nº 1194 UPD to the PC, but can´t get a connection.
My server config is:

local 192.168.1.100
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\Server.crt"
key "C:\\Program Files\\OpenVPN\\config\\Server.key"
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Client config is:

client
dev tun
proto udp
remote [IP] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\Notebook.crt"
key "C:\\Program Files\\OpenVPN\\config\\Notebook.key"
ns-cert-type server
comp-lzo
verb 3

Full log is:

hu May 27 16:14:03 2021 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu May 27 16:14:03 2021 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu May 27 16:14:03 2021 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu May 27 16:14:03 2021 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu May 27 16:14:03 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]IP:1194
Thu May 27 16:14:03 2021 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu May 27 16:14:03 2021 UDP link local: (not bound)
Thu May 27 16:14:03 2021 UDP link remote: [AF_INET] IP:1194
Thu May 27 16:14:03 2021 MANAGEMENT: >STATE:1622142843,WAIT,,,,,,
Thu May 27 16:15:03 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu May 27 16:15:03 2021 TLS Error: TLS handshake failed

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: TLS handshake failed

Post by TinCanTech » Thu May 27, 2021 7:43 pm

See your server log.

mbrasburg
OpenVpn Newbie
Posts: 3
Joined: Thu May 27, 2021 7:03 pm

Re: TLS Error: TLS handshake failed

Post by mbrasburg » Thu May 27, 2021 9:46 pm

Thanks.
Got nothing wrong in it:

2021-05-27 16:11:57 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-05-27 16:11:57 --pull-filter ignored for --mode server
2021-05-27 16:11:57 OpenVPN 2.5.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 21 2021
2021-05-27 16:11:57 Windows version 10.0 (Windows 10 or greater) 64bit
2021-05-27 16:11:57 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Enter Management Password:
2021-05-27 16:11:57 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-05-27 16:11:57 Need hold release from management interface, waiting...
2021-05-27 16:11:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-05-27 16:11:58 MANAGEMENT: CMD 'state on'
2021-05-27 16:11:58 MANAGEMENT: CMD 'log all on'
2021-05-27 16:11:58 MANAGEMENT: CMD 'echo all on'
2021-05-27 16:11:58 MANAGEMENT: CMD 'bytecount 5'
2021-05-27 16:11:58 MANAGEMENT: CMD 'hold off'
2021-05-27 16:11:58 MANAGEMENT: CMD 'hold release'
2021-05-27 16:11:58 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
2021-05-27 16:11:58 Note: cannot open openvpn-status.log for WRITE
2021-05-27 16:11:58 Note: cannot open ipp.txt for READ/WRITE
2021-05-27 16:11:58 Diffie-Hellman initialized with 2048 bit key
2021-05-27 16:11:58 interactive service msg_channel=724
2021-05-27 16:11:58 open_tun
2021-05-27 16:11:58 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-05-27 16:11:58 TAP-Windows Driver Version 9.24
2021-05-27 16:11:58 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {0388AC21-1525-4D93-A85D-A13CA830EA20} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
2021-05-27 16:11:58 Sleeping for 10 seconds...
2021-05-27 16:12:08 Successful ARP Flush on interface [2] {0388AC21-1525-4D93-A85D-A13CA830EA20}
2021-05-27 16:12:08 MANAGEMENT: >STATE:1622142728,ASSIGN_IP,,10.8.0.1,,,,
2021-05-27 16:12:08 IPv4 MTU set to 1500 on interface 2 using service
2021-05-27 16:12:08 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-05-27 16:12:08 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-05-27 16:12:08 UDPv4 link local (bound): [AF_INET]192.168.1.100:1194
2021-05-27 16:12:08 UDPv4 link remote: [AF_UNSPEC]
2021-05-27 16:12:08 MULTI: multi_init called, r=256 v=256
2021-05-27 16:12:08 IFCONFIG POOL IPv4: base=10.8.0.2 size=253
2021-05-27 16:12:08 IFCONFIG POOL LIST
2021-05-27 16:12:08 Initialization Sequence Completed
2021-05-27 16:12:08 MANAGEMENT: >STATE:1622142728,CONNECTED,SUCCESS,10.8.0.1,,,192.168.1.100,1194

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: TLS handshake failed

Post by TinCanTech » Thu May 27, 2021 10:13 pm

Then your client cannot reach your server.

mbrasburg
OpenVpn Newbie
Posts: 3
Joined: Thu May 27, 2021 7:03 pm

Re: TLS Error: TLS handshake failed

Post by mbrasburg » Fri May 28, 2021 12:04 am

Yes, but have no reason (I am directing to ip public and forwarded 1194 port to local ip)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: TLS handshake failed

Post by TinCanTech » Fri May 28, 2021 12:21 am

mbrasburg wrote:
Thu May 27, 2021 7:17 pm
I moved de server to another office
If you need professional assistance with your network then I am available for hire: tincantech at protonmail dot com

Post Reply