Unable to connect to server, TLS error

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
sbender
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 18, 2013 2:10 pm

Unable to connect to server, TLS error

Post by sbender » Mon Nov 13, 2017 9:06 pm

Hello,

I have set up an OpenVPN server in a Vmware VM (guest OS is ubuntu server 14.04 with the Vmware tool installed.
I want to use a TUN setting with the following server options:

Code: Select all

local 192.168.33.182
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.33.0 255.255.255.0"
push "dhcp-option DNS 192.168.33.2"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
This is the client config, I want to run it on macOS, I tried with Shimo and Tunnelblick:

Code: Select all

client
dev tun
proto udp
remote <serverPublicIP> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
pull

<ca>
-----BEGIN CERTIFICATE-----
<keyhere>
</ca>

<cert>
-----BEGIN CERTIFICATE-----
<keyhere>
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
<keyhere>
-----END RSA PRIVATE KEY-----
</key>
I keep getting a "tls error"...

Server log:

Code: Select all

Nov 13 07:49:52 ubuntu ovpn-server[17047]: OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Jun 22 2017
Nov 13 07:49:52 ubuntu ovpn-server[17047]: Diffie-Hellman initialized with 1024 bit key
Nov 13 07:49:52 ubuntu ovpn-server[17047]: WARNING: file 'server.key' is group or others accessible
Nov 13 07:49:52 ubuntu ovpn-server[17047]: Socket Buffers: R=[212992->131072] S=[212992->131072]
Nov 13 07:49:52 ubuntu ovpn-server[17047]: ROUTE_GATEWAY 192.168.33.3/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:96:0b:d0
Nov 13 07:49:52 ubuntu ovpn-server[17047]: TUN/TAP device tun0 opened
Nov 13 07:49:52 ubuntu ovpn-server[17047]: TUN/TAP TX queue length set to 100
Nov 13 07:49:52 ubuntu ovpn-server[17047]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 13 07:49:52 ubuntu ovpn-server[17047]: /sbin/ip link set dev tun0 up mtu 1500
Nov 13 07:49:52 ubuntu ovpn-server[17047]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Nov 13 07:49:52 ubuntu ovpn-server[17047]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Nov 13 07:49:52 ubuntu ovpn-server[17057]: UDPv4 link local (bound): [AF_INET]192.168.33.182:1194
Nov 13 07:49:52 ubuntu ovpn-server[17057]: UDPv4 link remote: [undef]
Nov 13 07:49:52 ubuntu ovpn-server[17057]: MULTI: multi_init called, r=256 v=256
Nov 13 07:49:52 ubuntu ovpn-server[17057]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Nov 13 07:49:52 ubuntu ovpn-server[17057]: IFCONFIG POOL LIST
Nov 13 07:49:52 ubuntu ovpn-server[17057]: Initialization Sequence Completed
Nov 13 07:50:37 ubuntu ovpn-server[17057]: 109.42.3.93:49073 TLS: Initial packet from [AF_INET]109.42.3.93:49073, sid=c46dfe9a f1cef3a3
Nov 13 07:51:37 ubuntu ovpn-server[17057]: 109.42.3.93:45378 TLS: Initial packet from [AF_INET]109.42.3.93:45378, sid=5027b0ff d04dcdf9
Nov 13 07:51:37 ubuntu ovpn-server[17057]: 109.42.3.93:49073 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 13 07:51:37 ubuntu ovpn-server[17057]: 109.42.3.93:49073 TLS Error: TLS handshake failed
Nov 13 07:51:37 ubuntu ovpn-server[17057]: 109.42.3.93:49073 SIGUSR1[soft,tls-error] received, client-instance restarting
Nov 13 07:52:37 ubuntu ovpn-server[17057]: 109.42.3.93:45378 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 13 07:52:37 ubuntu ovpn-server[17057]: 109.42.3.93:45378 TLS Error: TLS handshake failed
Nov 13 07:52:37 ubuntu ovpn-server[17057]: 109.42.3.93:45378 SIGUSR1[soft,tls-error] received, client-instance restarting
...
The Firewall on the ubuntu server is disabled, I also tempoprarily disabled the firewall on the router to make sure it is not blocking the connection.

Does anyone has an idea what the problem might be?
Thank you!

sbender
OpenVpn Newbie
Posts: 9
Joined: Fri Jan 18, 2013 2:10 pm

Re: Unable to connect to server, TLS error

Post by sbender » Tue Nov 14, 2017 4:01 pm

Hi,
I solved it myself:
I have 2 routers with different internet connections.
The gateway in the OpenVPN server network config was not set properly to the router that was actually doing the port forwarding.
So the erver tried to send the handshake response to the wrong internet connection.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 3345
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to connect to server, TLS error

Post by TinCanTech » Tue Nov 14, 2017 5:20 pm

Thanks for letting us know your solution 8-)

Post Reply