TLS handshake error after installation and removal of Pi Hole

dator · Post by **dator** » Sun Aug 19, 2018 2:27 pm

Hello,

I tried to setup Pi Hole along my OpenVPN server. Somehow I managed to break something as all my clients are unable to connect to the server.
I did reset UFW and restored ufw/before.rules, but still could not restore connection to the server.

Code: Select all

~$ sudo systemctl status openvpn@server
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-08-19 15:54:46 CEST; 21min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 1712 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config
 Main PID: 1715 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─1715 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config

Aug 19 15:54:46 vps systemd[1]: Starting OpenVPN connection to server...
Aug 19 15:54:46 vps systemd[1]: openvpn@server.service: PID file /run/openvpn/server.pid not readable (yet?) after start: No such file or
Aug 19 15:54:46 vps systemd[1]: Started OpenVPN connection to server.
lines 1-14/14 (END)

PS

Further logs

Code: Select all

sudo systemctl status openvpn@server
● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-08-19 20:13:01 CEST; 1min 16s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 1316 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvp
 Main PID: 1368 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─1368 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvp

Aug 19 20:14:14 vps ovpn-server[1368]: 94.xxx:20237 TLS: Initial packet from [AF_INET]94xxx.2
Aug 19 20:14:15 vps ovpn-server[1368]: 94.xxx:20237 PID_ERR replay [0] [TLS_AUTH-0] [1] 1534702454
Aug 19 20:14:15 vps ovpn-server[1368]: 94.xxx:20237 Authenticate/Decrypt packet error: bad packet 
Aug 19 20:14:15 vps ovpn-server[1368]: 94.xxx:20237 TLS Error: incoming packet authentication fail
Aug 19 20:14:16 vps ovpn-server[1368]: 94.xxx:20237 PID_ERR replay [0] [TLS_AUTH-0] [2] 1534702454
Aug 19 20:14:16 vps ovpn-server[1368]: 94.xxx:20237 Authenticate/Decrypt packet error: bad packet 
Aug 19 20:14:16 vps ovpn-server[1368]: 94.xxx:20237 TLS Error: incoming packet authentication fail
Aug 19 20:14:17 vps ovpn-server[1368]: 94.xxx:20237 PID_ERR replay [0] [TLS_AUTH-0] [3] 1534702454
Aug 19 20:14:17 vps ovpn-server[1368]: 94.xxx:20237 Authenticate/Decrypt packet error: bad packet 
Aug 19 20:14:17 vps ovpn-server[1368]: 94.xxx:20237 TLS Error: incoming packet authentication fail

I would be grateful for any clues how to resolve it.

dator · Post by **dator** » Sun Aug 19, 2018 7:56 pm

I found out that changing to TCP fixes connection. This thread helped me to resolve the issue.

Code: Select all

https://serverfault.com/questions/765521/openvpn-issue-tls-key-negotiation-failed-to-occur-within-60-seconds

I am just wondering what is causing the trouble with connection using UDP protocol.

OpenVPN Support Forum

TLS handshake error after installation and removal of Pi Hole

TLS handshake error after installation and removal of Pi Hole

Re: TLS handshake error after installation and removal of Pi Hole