Can't connect from Windows client, but Android works fine

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Can't connect from Windows client, but Android works fine

Post by therealyoussef » Wed Jan 10, 2018 9:07 am

Hello,

I installed OpenVPN server on a DigitalOcean droplet following the exact instructions here: https://www.digitalocean.com/community/ ... figuration

I installed an OpenVPN client on my Android phone and on 2 Windows PCs. The Android phone connects to the VPN properly, but both Windows PCs fail, displaying the following log (replacing my server's IP with SERVER_IP):

Wed Jan 10 10:58:20 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Wed Jan 10 10:58:20 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jan 10 10:58:20 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Wed Jan 10 10:58:20 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jan 10 10:58:20 2018 Need hold release from management interface, waiting...
Wed Jan 10 10:58:20 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jan 10 10:58:20 2018 MANAGEMENT: CMD 'state on'
Wed Jan 10 10:58:20 2018 MANAGEMENT: CMD 'log all on'
Wed Jan 10 10:58:20 2018 MANAGEMENT: CMD 'echo all on'
Wed Jan 10 10:58:20 2018 MANAGEMENT: CMD 'hold off'
Wed Jan 10 10:58:20 2018 MANAGEMENT: CMD 'hold release'
Wed Jan 10 10:58:20 2018 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 10 10:58:20 2018 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 10 10:58:20 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:443
Wed Jan 10 10:58:20 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 10 10:58:20 2018 Attempting to establish TCP connection with [AF_INET]SERVER_IP:443 [nonblock]
Wed Jan 10 10:58:20 2018 MANAGEMENT: >STATE:1515574700,TCP_CONNECT,,,,,,
Wed Jan 10 10:58:21 2018 TCP connection established with [AF_INET]SERVER_IP:443
Wed Jan 10 10:58:21 2018 TCP_CLIENT link local: (not bound)
Wed Jan 10 10:58:21 2018 TCP_CLIENT link remote: [AF_INET]SERVER_IP:443
Wed Jan 10 10:58:21 2018 MANAGEMENT: >STATE:1515574701,WAIT,,,,,,
Wed Jan 10 10:58:21 2018 MANAGEMENT: >STATE:1515574701,AUTH,,,,,,
Wed Jan 10 10:58:21 2018 TLS: Initial packet from [AF_INET]SERVER_IP:443, sid=c0ea25bc f29f5b1d
Wed Jan 10 10:58:41 2018 read TCP_CLIENT: Unknown error (code=10060)
Wed Jan 10 10:58:41 2018 Connection reset, restarting [-1]
Wed Jan 10 10:58:41 2018 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jan 10 10:58:41 2018 MANAGEMENT: >STATE:1515574721,RECONNECTING,connection-reset,,,,,
Wed Jan 10 10:58:41 2018 Restart pause, 5 second(s)
Wed Jan 10 10:58:46 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:443
Wed Jan 10 10:58:46 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 10 10:58:46 2018 Attempting to establish TCP connection with [AF_INET]SERVER_IP:443 [nonblock]
Wed Jan 10 10:58:46 2018 MANAGEMENT: >STATE:1515574726,TCP_CONNECT,,,,,,
Wed Jan 10 10:58:47 2018 TCP connection established with [AF_INET]SERVER_IP:443
Wed Jan 10 10:58:47 2018 TCP_CLIENT link local: (not bound)
Wed Jan 10 10:58:47 2018 TCP_CLIENT link remote: [AF_INET]SERVER_IP:443
Wed Jan 10 10:58:47 2018 MANAGEMENT: >STATE:1515574727,WAIT,,,,,,
Wed Jan 10 10:58:47 2018 MANAGEMENT: >STATE:1515574727,AUTH,,,,,,
Wed Jan 10 10:58:47 2018 TLS: Initial packet from [AF_INET]SERVER_IP:443, sid=6f9b193e 1030653f

Many thanks
Last edited by therealyoussef on Thu Jan 11, 2018 12:47 am, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4631
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect from Windows client, but Android works fine

Post by TinCanTech » Wed Jan 10, 2018 12:59 pm

Check your server log for errors when the Windows client connects.

therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Re: Can't connect from Windows client, but Android works fine

Post by therealyoussef » Wed Jan 10, 2018 3:31 pm

TinCanTech wrote:
Wed Jan 10, 2018 12:59 pm
Check your server log for errors when the Windows client connects.
Jan 10 15:18:29 ShadowSocks-London ovpn-server[5974]: CLIENT_IP:14770 SIGUSR1[soft,tls-error] received, client-instance restarting
Jan 10 15:18:40 ShadowSocks-London kernel: [418831.694987] [UFW BLOCK] IN=eth0 OUT= MAC=ca:81:35:17:d0:52:5c:45:27:79:03:30:08:00 SRC=125.212.217.215 DST=SERVER_IP LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=54601 PROTO=TCP SPT=46640 DPT=55443 WINDOW=54313 RES=0x00 SYN URGP=0
Jan 10 15:18:54 ShadowSocks-London ovpn-server[5974]: CLIENT_IP:14799 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 10 15:18:54 ShadowSocks-London ovpn-server[5974]: CLIENT_IP:14799 TLS Error: TLS handshake failed
Jan 10 15:18:54 ShadowSocks-London ovpn-server[5974]: CLIENT_IP:14799 Fatal TLS error (check_tls_errors_co), restarting
Jan 10 15:18:54 ShadowSocks-London ovpn-server[5974]: CLIENT_IP:14799 SIGUSR1[soft,tls-error] received, client-instance restarting

This TLS Error happens with both the Windows and Ubuntu clients, but the Android client works fine. I don't think the UFW block has anything to do with the problem because it is always showing in the logs without me trying to even connect and with weird source IP addresses.

I am using the same .opvn file for all the clients (with a minor change in the Ubuntu one).

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4631
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect from Windows client, but Android works fine

Post by TinCanTech » Wed Jan 10, 2018 6:15 pm

For an example of what we need to see Please see:
HOWTO: Request Help ! {2}

Note: Your openvpn logs as per the --log directive .. not this log below ..
therealyoussef wrote:
Wed Jan 10, 2018 3:31 pm
Jan 10 15:18:40 ShadowSocks-London kernel: [418831.694987] [UFW BLOCK] IN=eth0 OUT= MAC=ca:81:35:17:d0:52:5c:45:27:79:03:30:08:00 SRC=125.212.217.215 DST=SERVER_IP LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=54601 PROTO=TCP SPT=46640 DPT=55443 WINDOW=54313 RES=0x00 SYN URGP=0

I don't think the UFW block has anything to do with the problem because it is always showing in the logs without me trying to even connect and with weird source IP addresses
In this case you are probably correct, your server is on port 443 not 55443 ? right .. :geek:

therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Re: Can't connect from Windows client, but Android works fine

Post by therealyoussef » Wed Jan 10, 2018 7:48 pm

TinCanTech wrote:
Wed Jan 10, 2018 6:15 pm
For an example of what we need to see Please see:
HOWTO: Request Help ! {2}

Note: Your openvpn logs as per the --log directive .. not this log below ..
*Server*

Operating system:

Code: Select all

$ uname -a
Linux ShadowSocks-London 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Network setup:

Code: Select all

$ ifconfig
eth0   Link encap:Ethernet  HWaddr ca:81:35:17:d0:52  
          inet addr:SERVER_IP  Bcast:46.101.63.255  Mask:255.255.192.0
          inet6 addr: SERVER_IP/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7117105 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6644815 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:11287935907 (11.2 GB)  TX bytes:11088470600 (11.0 GB)

lo       Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:160 errors:0 dropped:0 overruns:0 frame:0
          TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:11840 (11.8 KB)  TX bytes:11840 (11.8 KB)

tun0   Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:1686 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1888 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:180825 (180.8 KB)  TX bytes:1621736 (1.6 MB)
server.conf

port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-128-CBC # AES
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 6


Server log (at --verb 6 and client IP address changed after the log)

Code: Select all

Wed Jan 10 18:56:24 2018 us=850088 MULTI: multi_create_instance called
Wed Jan 10 18:56:24 2018 us=850696 Re-using SSL/TLS context
Wed Jan 10 18:56:24 2018 us=850866 LZO compression initialized
Wed Jan 10 18:56:24 2018 us=851190 Control Channel MTU parms [ L:1572 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 18:56:24 2018 us=851343 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Wed Jan 10 18:56:24 2018 us=851487 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 18:56:24 2018 us=851574 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 18:56:24 2018 us=851680 Local Options hash (VER=V4): 'f9a2c6a1'
Wed Jan 10 18:56:24 2018 us=851765 Expected Remote Options hash (VER=V4): 'a0dade22'
Wed Jan 10 18:56:24 2018 us=851883 TCP connection established with [AF_INET]156.222.70.239:16327
Wed Jan 10 18:56:24 2018 us=851964 TCPv4_SERVER link local: [undef]
Wed Jan 10 18:56:24 2018 us=852024 TCPv4_SERVER link remote: [AF_INET]156.222.70.239:16327
Wed Jan 10 18:56:25 2018 us=779412 156.222.70.239:16327 TCPv4_SERVER READ [54] from [AF_INET]156.222.70.239:16327: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:25 2018 us=779800 156.222.70.239:16327 TLS: Initial packet from [AF_INET]156.222.70.239:16327, sid=47ebfae4 98e59d7b
Wed Jan 10 18:56:25 2018 us=780149 156.222.70.239:16327 TCPv4_SERVER WRITE [66] to [AF_INET]156.222.70.239:16327: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 18:56:27 2018 us=933263 156.222.70.239:16327 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16327: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:31 2018 us=162595 156.222.70.239:16327 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16327: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:39 2018 us=828168 156.222.70.239:16327 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16327: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:50 2018 us=169718 MULTI: multi_create_instance called
Wed Jan 10 18:56:50 2018 us=171190 Re-using SSL/TLS context
Wed Jan 10 18:56:50 2018 us=171519 LZO compression initialized
Wed Jan 10 18:56:50 2018 us=172179 Control Channel MTU parms [ L:1572 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 18:56:50 2018 us=172401 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Wed Jan 10 18:56:50 2018 us=172674 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 18:56:50 2018 us=172914 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 18:56:50 2018 us=173188 Local Options hash (VER=V4): 'f9a2c6a1'
Wed Jan 10 18:56:50 2018 us=173450 Expected Remote Options hash (VER=V4): 'a0dade22'
Wed Jan 10 18:56:50 2018 us=173735 TCP connection established with [AF_INET]156.222.70.239:16338
Wed Jan 10 18:56:50 2018 us=173959 TCPv4_SERVER link local: [undef]
Wed Jan 10 18:56:50 2018 us=174158 TCPv4_SERVER link remote: [AF_INET]156.222.70.239:16338
Wed Jan 10 18:56:51 2018 us=108794 156.222.70.239:16338 TCPv4_SERVER READ [54] from [AF_INET]156.222.70.239:16338: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:51 2018 us=109154 156.222.70.239:16338 TLS: Initial packet from [AF_INET]156.222.70.239:16338, sid=dd207e15 a91a2ba6
Wed Jan 10 18:56:51 2018 us=109435 156.222.70.239:16338 TCPv4_SERVER WRITE [66] to [AF_INET]156.222.70.239:16338: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 18:56:53 2018 us=455649 156.222.70.239:16338 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16338: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:55 2018 us=870903 156.222.70.239:16327 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16327: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:56:57 2018 us=206394 156.222.70.239:16338 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16338: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:05 2018 us=847962 156.222.70.239:16338 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16338: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:15 2018 us=501627 MULTI: multi_create_instance called
Wed Jan 10 18:57:15 2018 us=502764 Re-using SSL/TLS context
Wed Jan 10 18:57:15 2018 us=503221 LZO compression initialized
Wed Jan 10 18:57:15 2018 us=504269 Control Channel MTU parms [ L:1572 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 18:57:15 2018 us=504635 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Wed Jan 10 18:57:15 2018 us=505012 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 18:57:15 2018 us=505245 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 18:57:15 2018 us=505544 Local Options hash (VER=V4): 'f9a2c6a1'
Wed Jan 10 18:57:15 2018 us=505739 Expected Remote Options hash (VER=V4): 'a0dade22'
Wed Jan 10 18:57:15 2018 us=506042 TCP connection established with [AF_INET]156.222.70.239:16353
Wed Jan 10 18:57:15 2018 us=506201 TCPv4_SERVER link local: [undef]
Wed Jan 10 18:57:15 2018 us=506405 TCPv4_SERVER link remote: [AF_INET]156.222.70.239:16353
Wed Jan 10 18:57:16 2018 us=441615 156.222.70.239:16353 TCPv4_SERVER READ [54] from [AF_INET]156.222.70.239:16353: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:16 2018 us=441824 156.222.70.239:16353 TLS: Initial packet from [AF_INET]156.222.70.239:16353, sid=51686cc8 eb797c0b
Wed Jan 10 18:57:16 2018 us=442023 156.222.70.239:16353 TCPv4_SERVER WRITE [66] to [AF_INET]156.222.70.239:16353: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 18:57:18 2018 us=773494 156.222.70.239:16353 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16353: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:21 2018 us=387142 156.222.70.239:16338 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16338: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:22 2018 us=605145 156.222.70.239:16353 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16353: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:24 2018 us=26760 156.222.70.239:16327 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 10 18:57:24 2018 us=27238 156.222.70.239:16327 TLS Error: TLS handshake failed
Wed Jan 10 18:57:24 2018 us=27836 156.222.70.239:16327 Fatal TLS error (check_tls_errors_co), restarting
Wed Jan 10 18:57:24 2018 us=28101 156.222.70.239:16327 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Jan 10 18:57:24 2018 us=28473 TCP/UDP: Closing socket
Wed Jan 10 18:57:30 2018 us=298430 156.222.70.239:16353 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16353: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:40 2018 us=827874 MULTI: multi_create_instance called
Wed Jan 10 18:57:40 2018 us=828366 Re-using SSL/TLS context
Wed Jan 10 18:57:40 2018 us=828580 LZO compression initialized
Wed Jan 10 18:57:40 2018 us=828865 Control Channel MTU parms [ L:1572 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 18:57:40 2018 us=829079 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:143 ET:0 EL:3 AF:3/1 ]
Wed Jan 10 18:57:40 2018 us=829324 Local Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 18:57:40 2018 us=829506 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 18:57:40 2018 us=829658 Local Options hash (VER=V4): 'f9a2c6a1'
Wed Jan 10 18:57:40 2018 us=829786 Expected Remote Options hash (VER=V4): 'a0dade22'
Wed Jan 10 18:57:40 2018 us=829949 TCP connection established with [AF_INET]156.222.70.239:16379
Wed Jan 10 18:57:40 2018 us=830063 TCPv4_SERVER link local: [undef]
Wed Jan 10 18:57:40 2018 us=830171 TCPv4_SERVER link remote: [AF_INET]156.222.70.239:16379
Wed Jan 10 18:57:41 2018 us=768381 156.222.70.239:16379 TCPv4_SERVER READ [54] from [AF_INET]156.222.70.239:16379: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 18:57:41 2018 us=769680 156.222.70.239:16379 TLS: Initial packet from [AF_INET]156.222.70.239:16379, sid=8309941a 841cc77d
Wed Jan 10 18:57:41 2018 us=770003 156.222.70.239:16379 TCPv4_SERVER WRITE [66] to [AF_INET]156.222.70.239:16379: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 18:57:43 2018 us=625163 156.222.70.239:16379 TCPv4_SERVER WRITE [54] to [AF_INET]156.222.70.239:16379: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
This is the error:

Code: Select all

Wed Jan 10 18:57:24 2018 us=26760 156.222.70.239:16327 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 10 18:57:24 2018 us=27238 156.222.70.239:16327 TLS Error: TLS handshake failed
Wed Jan 10 18:57:24 2018 us=27836 156.222.70.239:16327 Fatal TLS error (check_tls_errors_co), restarting
*Client*

Operating system:

Code: Select all

C:\Users\Youssef>ver                                                                                                                                            
Microsoft Windows [Version 10.0.14393]
Network setup:

Code: Select all

C:\Users\Youssef>ipconfig                                                                                                                                       

Windows IP Configuration        


Ethernet adapter Ethernet:

	Connection-specific DNS Suffix  . : 
	Link-local IPv6 Address . . . . . : fe80::5403:5700:ddb0:9b60%11
	IPv4 Address. . . . . . . . . . . : 192.168.1.2
	Subnet Mask . . . . . . . . . . . : 255.255.255.0
	Default Gateway . . . . . . . . . : 192.168.1.1

Ethernet adapter Ethernet 5:
	Media State . . . . . . . . . . . : Media disconnected
	Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 6:
	Media State . . . . . . . . . . . : Media disconnected
	Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:
	Connection-specific DNS Suffix  . :
	IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:24da:d0b7:6321:b910
	Link-local IPv6 Address . . . . . : fe80::24da:d0b7:6321:b910%6
	Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{B5B76EBA-EC46-436A-BD21-B296DE826FCB}:
	Media State . . . . . . . . . . . : Media disconnected
	Connection-specific DNS Suffix  . :
client1.ovpn

client
dev tun
proto tcp
remote SERVER_IP 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
key-direction 1
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 6
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
<tls-auth>
...
</tls-auth>


Client log (at --verb 6 and server name and IP address removed)

Code: Select all

Wed Jan 10 21:23:18 2018 NOTE: --user option is not implemented on Windows
Wed Jan 10 21:23:18 2018 NOTE: --group option is not implemented on Windows
Wed Jan 10 21:23:18 2018 us=320031 Current Parameter Settings:
Wed Jan 10 21:23:18 2018 us=320031   config = 'client1.ovpn'
Wed Jan 10 21:23:18 2018 us=320031   mode = 0
Wed Jan 10 21:23:18 2018 us=320031   show_ciphers = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   show_digests = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   show_engines = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   genkey = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   key_pass_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   show_tls_ciphers = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   connect_retry_max = 0
Wed Jan 10 21:23:18 2018 us=320031 Connection profiles [0]:
Wed Jan 10 21:23:18 2018 us=320031   proto = tcp-client
Wed Jan 10 21:23:18 2018 us=320031   local = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   local_port = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   remote = 'SERVER_IP'
Wed Jan 10 21:23:18 2018 us=320031   remote_port = '443'
Wed Jan 10 21:23:18 2018 us=320031   remote_float = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   bind_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   bind_local = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   bind_ipv6_only = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   connect_retry_seconds = 5
Wed Jan 10 21:23:18 2018 us=320031   connect_timeout = 120
Wed Jan 10 21:23:18 2018 us=320031   socks_proxy_server = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   socks_proxy_port = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   tun_mtu = 1500
Wed Jan 10 21:23:18 2018 us=320031   tun_mtu_defined = ENABLED
Wed Jan 10 21:23:18 2018 us=320031   link_mtu = 1500
Wed Jan 10 21:23:18 2018 us=320031   link_mtu_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   tun_mtu_extra = 0
Wed Jan 10 21:23:18 2018 us=320031   tun_mtu_extra_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   mtu_discover_type = -1
Wed Jan 10 21:23:18 2018 us=320031   fragment = 0
Wed Jan 10 21:23:18 2018 us=320031   mssfix = 1450
Wed Jan 10 21:23:18 2018 us=320031   explicit_exit_notification = 0
Wed Jan 10 21:23:18 2018 us=320031 Connection profiles END
Wed Jan 10 21:23:18 2018 us=320031   remote_random = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   ipchange = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   dev = 'tun'
Wed Jan 10 21:23:18 2018 us=320031   dev_type = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   dev_node = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   lladdr = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   topology = 1
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_local = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_remote_netmask = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_noexec = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_nowarn = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_ipv6_local = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_ipv6_netbits = 0
Wed Jan 10 21:23:18 2018 us=320031   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=320031   shaper = 0
Wed Jan 10 21:23:18 2018 us=320031   mtu_test = 0
Wed Jan 10 21:23:18 2018 us=320031   mlock = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   keepalive_ping = 0
Wed Jan 10 21:23:18 2018 us=320031   keepalive_timeout = 0
Wed Jan 10 21:23:18 2018 us=320031   inactivity_timeout = 0
Wed Jan 10 21:23:18 2018 us=320031   ping_send_timeout = 0
Wed Jan 10 21:23:18 2018 us=320031   ping_rec_timeout = 0
Wed Jan 10 21:23:18 2018 us=320031   ping_rec_timeout_action = 0
Wed Jan 10 21:23:18 2018 us=320031   ping_timer_remote = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   remap_sigusr1 = 0
Wed Jan 10 21:23:18 2018 us=320031   persist_tun = ENABLED
Wed Jan 10 21:23:18 2018 us=320031   persist_local_ip = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   persist_remote_ip = DISABLED
Wed Jan 10 21:23:18 2018 us=320031   persist_key = ENABLED
Wed Jan 10 21:23:18 2018 us=320031   passtos = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   resolve_retry_seconds = 1000000000
Wed Jan 10 21:23:18 2018 us=335680   resolve_in_advance = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   username = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   groupname = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   chroot_dir = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   cd_dir = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   writepid = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   up_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   down_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   down_pre = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   up_restart = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   up_delay = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   daemon = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   inetd = 0
Wed Jan 10 21:23:18 2018 us=335680   log = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   suppress_timestamps = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   machine_readable_output = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   nice = 0
Wed Jan 10 21:23:18 2018 us=335680   verbosity = 6
Wed Jan 10 21:23:18 2018 us=335680   mute = 0
Wed Jan 10 21:23:18 2018 us=335680   gremlin = 0
Wed Jan 10 21:23:18 2018 us=335680   status_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   status_file_version = 1
Wed Jan 10 21:23:18 2018 us=335680   status_file_update_freq = 60
Wed Jan 10 21:23:18 2018 us=335680   occ = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   rcvbuf = 0
Wed Jan 10 21:23:18 2018 us=335680   sndbuf = 0
Wed Jan 10 21:23:18 2018 us=335680   sockflags = 0
Wed Jan 10 21:23:18 2018 us=335680   fast_io = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   comp.alg = 2
Wed Jan 10 21:23:18 2018 us=335680   comp.flags = 1
Wed Jan 10 21:23:18 2018 us=335680   route_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   route_default_gateway = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   route_default_metric = 0
Wed Jan 10 21:23:18 2018 us=335680   route_noexec = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   route_delay = 5
Wed Jan 10 21:23:18 2018 us=335680   route_delay_window = 30
Wed Jan 10 21:23:18 2018 us=335680   route_delay_defined = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   route_nopull = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   route_gateway_via_dhcp = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   allow_pull_fqdn = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   management_addr = '127.0.0.1'
Wed Jan 10 21:23:18 2018 us=335680   management_port = '25340'
Wed Jan 10 21:23:18 2018 us=335680   management_user_pass = 'stdin'
Wed Jan 10 21:23:18 2018 us=335680   management_log_history_cache = 250
Wed Jan 10 21:23:18 2018 us=335680   management_echo_buffer_size = 100
Wed Jan 10 21:23:18 2018 us=335680   management_write_peer_info_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   management_client_user = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   management_client_group = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   management_flags = 6
Wed Jan 10 21:23:18 2018 us=335680   shared_secret_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   key_direction = 2
Wed Jan 10 21:23:18 2018 us=335680   ciphername = 'AES-128-CBC'
Wed Jan 10 21:23:18 2018 us=335680   ncp_enabled = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Jan 10 21:23:18 2018 us=335680   authname = 'SHA256'
Wed Jan 10 21:23:18 2018 us=335680   prng_hash = 'SHA1'
Wed Jan 10 21:23:18 2018 us=335680   prng_nonce_secret_len = 16
Wed Jan 10 21:23:18 2018 us=335680   keysize = 0
Wed Jan 10 21:23:18 2018 us=335680   engine = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   replay = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   mute_replay_warnings = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   replay_window = 64
Wed Jan 10 21:23:18 2018 us=335680   replay_time = 15
Wed Jan 10 21:23:18 2018 us=335680   packet_id_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   use_iv = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   test_crypto = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   tls_server = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   tls_client = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   key_method = 2
Wed Jan 10 21:23:18 2018 us=335680   ca_file = '[[INLINE]]'
Wed Jan 10 21:23:18 2018 us=335680   ca_path = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   dh_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   cert_file = '[[INLINE]]'
Wed Jan 10 21:23:18 2018 us=335680   extra_certs_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   priv_key_file = '[[INLINE]]'
Wed Jan 10 21:23:18 2018 us=335680   pkcs12_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   cryptoapi_cert = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   cipher_list = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   tls_verify = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   tls_export_cert = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   verify_x509_type = 0
Wed Jan 10 21:23:18 2018 us=335680   verify_x509_name = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   crl_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   ns_cert_type = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 65535
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_ku[i] = 0
Wed Jan 10 21:23:18 2018 us=335680   remote_cert_eku = 'TLS Web Server Authentication'
Wed Jan 10 21:23:18 2018 us=335680   ssl_flags = 0
Wed Jan 10 21:23:18 2018 us=335680   tls_timeout = 2
Wed Jan 10 21:23:18 2018 us=335680   renegotiate_bytes = -1
Wed Jan 10 21:23:18 2018 us=335680   renegotiate_packets = 0
Wed Jan 10 21:23:18 2018 us=335680   renegotiate_seconds = 3600
Wed Jan 10 21:23:18 2018 us=335680   handshake_window = 60
Wed Jan 10 21:23:18 2018 us=335680   transition_window = 3600
Wed Jan 10 21:23:18 2018 us=335680   single_session = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   push_peer_info = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   tls_exit = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   tls_auth_file = '[[INLINE]]'
Wed Jan 10 21:23:18 2018 us=335680   tls_crypt_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_protected_authentication = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_private_mode = 00000000
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_cert_private = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_pin_cache_period = -1
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_id = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   pkcs11_id_management = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   server_network = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   server_netmask = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   server_network_ipv6 = ::
Wed Jan 10 21:23:18 2018 us=335680   server_netbits_ipv6 = 0
Wed Jan 10 21:23:18 2018 us=335680   server_bridge_ip = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   server_bridge_netmask = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   server_bridge_pool_start = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   server_bridge_pool_end = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_pool_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_pool_start = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_pool_end = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_pool_netmask = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_pool_persist_refresh_freq = 600
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_ipv6_pool_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_ipv6_pool_base = ::
Wed Jan 10 21:23:18 2018 us=335680   ifconfig_ipv6_pool_netbits = 0
Wed Jan 10 21:23:18 2018 us=335680   n_bcast_buf = 256
Wed Jan 10 21:23:18 2018 us=335680   tcp_queue_limit = 64
Wed Jan 10 21:23:18 2018 us=335680   real_hash_size = 256
Wed Jan 10 21:23:18 2018 us=335680   virtual_hash_size = 256
Wed Jan 10 21:23:18 2018 us=335680   client_connect_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   learn_address_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   client_disconnect_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   client_config_dir = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   ccd_exclusive = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   tmp_dir = 'C:\Users\Youssef\AppData\Local\Temp\'
Wed Jan 10 21:23:18 2018 us=335680   push_ifconfig_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   push_ifconfig_local = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jan 10 21:23:18 2018 us=335680   push_ifconfig_ipv6_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   push_ifconfig_ipv6_local = ::/0
Wed Jan 10 21:23:18 2018 us=335680   push_ifconfig_ipv6_remote = ::
Wed Jan 10 21:23:18 2018 us=335680   enable_c2c = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   duplicate_cn = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   cf_max = 0
Wed Jan 10 21:23:18 2018 us=335680   cf_per = 0
Wed Jan 10 21:23:18 2018 us=335680   max_clients = 1024
Wed Jan 10 21:23:18 2018 us=335680   max_routes_per_client = 256
Wed Jan 10 21:23:18 2018 us=335680   auth_user_pass_verify_script = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   auth_user_pass_verify_script_via_file = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   auth_token_generate = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   auth_token_lifetime = 0
Wed Jan 10 21:23:18 2018 us=335680   client = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   pull = ENABLED
Wed Jan 10 21:23:18 2018 us=335680   auth_user_pass_file = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   show_net_up = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   route_method = 0
Wed Jan 10 21:23:18 2018 us=335680   block_outside_dns = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   ip_win32_defined = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   ip_win32_type = 3
Wed Jan 10 21:23:18 2018 us=335680   dhcp_masq_offset = 0
Wed Jan 10 21:23:18 2018 us=335680   dhcp_lease_time = 31536000
Wed Jan 10 21:23:18 2018 us=335680   tap_sleep = 0
Wed Jan 10 21:23:18 2018 us=335680   dhcp_options = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   dhcp_renew = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   dhcp_pre_release = DISABLED
Wed Jan 10 21:23:18 2018 us=335680   domain = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   netbios_scope = '[UNDEF]'
Wed Jan 10 21:23:18 2018 us=335680   netbios_node_type = 0
Wed Jan 10 21:23:18 2018 us=335680   disable_nbt = DISABLED
Wed Jan 10 21:23:18 2018 us=335680 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Wed Jan 10 21:23:18 2018 us=335680 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jan 10 21:23:18 2018 us=335680 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
Enter Management Password:
Wed Jan 10 21:23:18 2018 us=335680 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jan 10 21:23:18 2018 us=335680 Need hold release from management interface, waiting...
Wed Jan 10 21:23:18 2018 us=821409 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jan 10 21:23:18 2018 us=930785 MANAGEMENT: CMD 'state on'
Wed Jan 10 21:23:18 2018 us=930785 MANAGEMENT: CMD 'log all on'
Wed Jan 10 21:23:19 2018 us=8897 MANAGEMENT: CMD 'echo all on'
Wed Jan 10 21:23:19 2018 us=8897 MANAGEMENT: CMD 'hold off'
Wed Jan 10 21:23:19 2018 us=8897 MANAGEMENT: CMD 'hold release'
Wed Jan 10 21:23:19 2018 us=87033 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 10 21:23:19 2018 us=87033 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Jan 10 21:23:19 2018 us=87033 LZO compression initializing
Wed Jan 10 21:23:19 2018 us=87033 Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 21:23:19 2018 us=87033 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Wed Jan 10 21:23:19 2018 us=87033 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 21:23:19 2018 us=87033 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 21:23:19 2018 us=87033 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:443
Wed Jan 10 21:23:19 2018 us=87033 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 10 21:23:19 2018 us=87033 Attempting to establish TCP connection with [AF_INET]SERVER_IP:443 [nonblock]
Wed Jan 10 21:23:19 2018 us=87033 MANAGEMENT: >STATE:1515612199,TCP_CONNECT,,,,,,
Wed Jan 10 21:23:20 2018 us=95176 TCP connection established with [AF_INET]SERVER_IP:443
Wed Jan 10 21:23:20 2018 us=95176 TCP_CLIENT link local: (not bound)
Wed Jan 10 21:23:20 2018 us=95176 TCP_CLIENT link remote: [AF_INET]SERVER_IP:443
Wed Jan 10 21:23:20 2018 us=95176 MANAGEMENT: >STATE:1515612200,WAIT,,,,,,
Wed Jan 10 21:23:20 2018 us=95176 TCP_CLIENT WRITE [54] to [AF_INET]SERVER_IP:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 21:23:20 2018 us=150449 TCP_CLIENT READ [66] from [AF_INET]SERVER_IP:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 21:23:20 2018 us=150449 MANAGEMENT: >STATE:1515612200,AUTH,,,,,,
Wed Jan 10 21:23:20 2018 us=150449 TLS: Initial packet from [AF_INET]SERVER_IP:443, sid=dcfc3496 e15cb971
Wed Jan 10 21:23:20 2018 us=150449 TCP_CLIENT WRITE [62] to [AF_INET]SERVER_IP:443: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Wed Jan 10 21:23:20 2018 us=150449 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:22 2018 us=555976 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:26 2018 us=129987 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:34 2018 us=379851 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:39 2018 us=382709 read TCP_CLIENT: Unknown error (code=10060)
Wed Jan 10 21:23:39 2018 us=382709 TCP_CLIENT READ [0] from [AF_INET]SERVER_IP:443: DATA UNDEF len=-1
Wed Jan 10 21:23:39 2018 us=382709 Connection reset, restarting [-1]
Wed Jan 10 21:23:39 2018 us=382709 TCP/UDP: Closing socket
Wed Jan 10 21:23:39 2018 us=382709 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jan 10 21:23:39 2018 us=382709 MANAGEMENT: >STATE:1515612219,RECONNECTING,connection-reset,,,,,
Wed Jan 10 21:23:39 2018 us=382709 Restart pause, 5 second(s)
Wed Jan 10 21:23:44 2018 us=425680 Re-using SSL/TLS context
Wed Jan 10 21:23:44 2018 us=425680 LZO compression initializing
Wed Jan 10 21:23:44 2018 us=425680 Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 21:23:44 2018 us=425680 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Wed Jan 10 21:23:44 2018 us=425680 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 21:23:44 2018 us=425680 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 21:23:44 2018 us=425680 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:443
Wed Jan 10 21:23:44 2018 us=425680 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 10 21:23:44 2018 us=425680 Attempting to establish TCP connection with [AF_INET]SERVER_IP:443 [nonblock]
Wed Jan 10 21:23:44 2018 us=425680 MANAGEMENT: >STATE:1515612224,TCP_CONNECT,,,,,,
Wed Jan 10 21:23:45 2018 us=432251 TCP connection established with [AF_INET]SERVER_IP:443
Wed Jan 10 21:23:45 2018 us=432251 TCP_CLIENT link local: (not bound)
Wed Jan 10 21:23:45 2018 us=432251 TCP_CLIENT link remote: [AF_INET]SERVER_IP:443
Wed Jan 10 21:23:45 2018 us=432251 MANAGEMENT: >STATE:1515612225,WAIT,,,,,,
Wed Jan 10 21:23:45 2018 us=432251 TCP_CLIENT WRITE [54] to [AF_INET]SERVER_IP:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 21:23:45 2018 us=494751 TCP_CLIENT READ [66] from [AF_INET]SERVER_IP:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 21:23:45 2018 us=494751 MANAGEMENT: >STATE:1515612225,AUTH,,,,,,
Wed Jan 10 21:23:45 2018 us=494751 TLS: Initial packet from [AF_INET]SERVER_IP:443, sid=376da437 684f6fdb
Wed Jan 10 21:23:45 2018 us=494751 TCP_CLIENT WRITE [62] to [AF_INET]SERVER_IP:443: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Wed Jan 10 21:23:45 2018 us=494751 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:47 2018 us=880617 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:51 2018 us=446628 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:23:59 2018 us=88368 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:24:04 2018 us=758483 read TCP_CLIENT: Unknown error (code=10060)
Wed Jan 10 21:24:04 2018 us=758483 TCP_CLIENT READ [0] from [AF_INET]SERVER_IP:443: DATA UNDEF len=-1
Wed Jan 10 21:24:04 2018 us=758483 Connection reset, restarting [-1]
Wed Jan 10 21:24:04 2018 us=758483 TCP/UDP: Closing socket
Wed Jan 10 21:24:04 2018 us=758483 SIGUSR1[soft,connection-reset] received, process restarting
Wed Jan 10 21:24:04 2018 us=758483 MANAGEMENT: >STATE:1515612244,RECONNECTING,connection-reset,,,,,
Wed Jan 10 21:24:04 2018 us=758483 Restart pause, 5 second(s)
Wed Jan 10 21:24:09 2018 us=793506 Re-using SSL/TLS context
Wed Jan 10 21:24:09 2018 us=793506 LZO compression initializing
Wed Jan 10 21:24:09 2018 us=793506 Control Channel MTU parms [ L:1624 D:1170 EF:80 EB:0 ET:0 EL:3 ]
Wed Jan 10 21:24:09 2018 us=793506 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Wed Jan 10 21:24:09 2018 us=793506 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
Wed Jan 10 21:24:09 2018 us=793506 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
Wed Jan 10 21:24:09 2018 us=793506 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:443
Wed Jan 10 21:24:09 2018 us=793506 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 10 21:24:09 2018 us=793506 Attempting to establish TCP connection with [AF_INET]SERVER_IP:443 [nonblock]
Wed Jan 10 21:24:09 2018 us=793506 MANAGEMENT: >STATE:1515612249,TCP_CONNECT,,,,,,
Wed Jan 10 21:24:10 2018 us=802973 TCP connection established with [AF_INET]SERVER_IP:443
Wed Jan 10 21:24:10 2018 us=802973 TCP_CLIENT link local: (not bound)
Wed Jan 10 21:24:10 2018 us=802973 TCP_CLIENT link remote: [AF_INET]SERVER_IP:443
Wed Jan 10 21:24:10 2018 us=802973 MANAGEMENT: >STATE:1515612250,WAIT,,,,,,
Wed Jan 10 21:24:10 2018 us=802973 TCP_CLIENT WRITE [54] to [AF_INET]SERVER_IP:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Wed Jan 10 21:24:10 2018 us=849849 TCP_CLIENT READ [66] from [AF_INET]SERVER_IP:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0
Wed Jan 10 21:24:10 2018 us=849849 MANAGEMENT: >STATE:1515612250,AUTH,,,,,,
Wed Jan 10 21:24:10 2018 us=849849 TLS: Initial packet from [AF_INET]SERVER_IP:443, sid=f3eb756d 218162a2
Wed Jan 10 21:24:10 2018 us=849849 TCP_CLIENT WRITE [62] to [AF_INET]SERVER_IP:443: P_ACK_V1 kid=0 pid=[ #2 ] [ 0 ]
Wed Jan 10 21:24:10 2018 us=865460 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:24:12 2018 us=54000 TCP_CLIENT WRITE [227] to [AF_INET]SERVER_IP:443: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=1 DATA len=173
Wed Jan 10 21:24:12 2018 us=873546 TCP/UDP: Closing socket
Wed Jan 10 21:24:12 2018 us=873546 SIGTERM[hard,] received, process exiting
Wed Jan 10 21:24:12 2018 us=873546 MANAGEMENT: >STATE:1515612252,EXITING,SIGTERM,,,,,
This is the error:

Code: Select all

Wed Jan 10 21:23:39 2018 us=382709 read TCP_CLIENT: Unknown error (code=10060)
Wed Jan 10 21:23:39 2018 us=382709 TCP_CLIENT READ [0] from [AF_INET]SERVER_IP:443: DATA UNDEF len=-1
Wed Jan 10 21:23:39 2018 us=382709 Connection reset, restarting [-1]
Thank you for your help :D

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4631
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect from Windows client, but Android works fine

Post by TinCanTech » Wed Jan 10, 2018 10:32 pm

I cannot see anything wrong with openvpn but I wonder about ShadowSocks ..

Maybe it is something wrong with that ..

therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Re: Can't connect from Windows client, but Android works fine

Post by therealyoussef » Thu Jan 11, 2018 12:25 am

TinCanTech wrote:
Wed Jan 10, 2018 10:32 pm
I cannot see anything wrong with openvpn but I wonder about ShadowSocks ..

Maybe it is something wrong with that ..
ShadowSocks is working fine on all clients. On the server it is running on port 8000 so it shouldn't interfere.
What's really annoying is that the Android and iOS clients connect just fine to OpenVPN, but the Linux and Windows clients fail in the same way (TLS key negotiation failing).

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Can't connect from Windows client, but Android works fine

Post by dazo » Thu Jan 11, 2018 12:57 am

Are you using OpenVPN Connect on Android? (on iOS there are no other alternatives) ... this does smell like some cipher disagreements, perhaps related to certificates. Or it could be some odd firewalling, only allowing the first packet to flow through the firewall.

Have you tried using UDP? At least for testing.

therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Re: Can't connect from Windows client, but Android works fine

Post by therealyoussef » Thu Jan 11, 2018 1:30 am

dazo wrote:
Thu Jan 11, 2018 12:57 am
Are you using OpenVPN Connect on Android? (on iOS there are no other alternatives) ... this does smell like some cipher disagreements, perhaps related to certificates. Or it could be some odd firewalling, only allowing the first packet to flow through the firewall.
Yes, I tried OpenVPN Connect on both Android and iOS (there is an OpenVPN Connect app there as well), and both connect successfully.
dazo wrote:
Thu Jan 11, 2018 12:57 am
Have you tried using UDP? At least for testing.
I tried UDP, and as I expected, the connection doesn't even reach the server from any client. That is because my country unfortunately drops any OpenVPN packets. Only TCP port 443 packets reach the server (https://www.addictivetips.com/vpn/bypas ... envpn-ban/). That is however beside the point.

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Can't connect from Windows client, but Android works fine

Post by dazo » Thu Jan 11, 2018 2:39 am

Ahh! This actually might explain things a bit. And to confirm it, can you try "OpenVPN for Android"?

OpenVPN Connect apps is based on the OpenVPN 3 Core library. That is a different implementation of the OpenVPN wire protocol than the OpenVPN Windows (and OpenVPN for Android), which both uses the OpenVPN 2 code base.

My hypotheses is that there is a slight difference in the wire traffic, which makes it possible for the OpenVPN 3 based clients (OpenVPN Connect) to sneak through the "great" firewall.

therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Re: Can't connect from Windows client, but Android works fine

Post by therealyoussef » Thu Jan 11, 2018 3:06 am

dazo wrote:
Thu Jan 11, 2018 2:39 am
Ahh! This actually might explain things a bit. And to confirm it, can you try "OpenVPN for Android"?

OpenVPN Connect apps is based on the OpenVPN 3 Core library. That is a different implementation of the OpenVPN wire protocol than the OpenVPN Windows (and OpenVPN for Android), which both uses the OpenVPN 2 code base.

My hypotheses is that there is a slight difference in the wire traffic, which makes it possible for the OpenVPN 3 based clients (OpenVPN Connect) to sneak through the "great" firewall.
I think you are right. OpenVPN for Android also fails with the same error. Is there a Windows client based on the OpenVPN 3 Core library?

Many thanks!

dazo
OpenVPN Inc.
Posts: 135
Joined: Mon Jan 11, 2010 10:14 am
Location: dazo :: #openvpn-devel @ irc.freenode.net

Re: Can't connect from Windows client, but Android works fine

Post by dazo » Thu Jan 11, 2018 10:22 am

therealyoussef wrote:
Thu Jan 11, 2018 3:06 am
I think you are right. OpenVPN for Android also fails with the same error. Is there a Windows client based on the OpenVPN 3 Core library?
Not quite yet. We have some plans to release both a small scale open source client based on the OpenVPN 3 Core library and a brand new OpenVPN Connect client for Windows. We are also targetting a client to be released in the Windows Store as well. But we have many months of development and testing/QA ahead of us before we're ready to release anything.

Now, this is of course unfortunate. We do have a PrivateTunnel client for Windows, which is build on the OpenVPN 3 Core library. But that client does not allow you to provide your own configuration profiles. However, one important feature of this client is an obfuscation layer, to evade and escape such filtering firewalls. More information can be found here: https://www.privatetunnel.com/

Otherwise the alternative is probably to use obfsproxy or Tor and tunnel your VPN connection via that. We have some community documentation on this topic, but it is ageing. But the configuration concept is essentially the same: https://community.openvpn.net/openvpn/w ... bfuscation ... The advantage of using Tor instead of obfsproxy directly is that the remote server does not need to be modified. But performance might be somewhat lower or at least much more variable.

therealyoussef
OpenVpn Newbie
Posts: 7
Joined: Wed Jan 10, 2018 8:53 am

Re: Can't connect from Windows client, but Android works fine

Post by therealyoussef » Thu Jan 11, 2018 5:43 pm

dazo wrote:
Thu Jan 11, 2018 10:22 am
therealyoussef wrote:
Thu Jan 11, 2018 3:06 am
I think you are right. OpenVPN for Android also fails with the same error. Is there a Windows client based on the OpenVPN 3 Core library?
Not quite yet. We have some plans to release both a small scale open source client based on the OpenVPN 3 Core library and a brand new OpenVPN Connect client for Windows. We are also targetting a client to be released in the Windows Store as well. But we have many months of development and testing/QA ahead of us before we're ready to release anything.

Now, this is of course unfortunate. We do have a PrivateTunnel client for Windows, which is build on the OpenVPN 3 Core library. But that client does not allow you to provide your own configuration profiles. However, one important feature of this client is an obfuscation layer, to evade and escape such filtering firewalls. More information can be found here: https://www.privatetunnel.com/

Otherwise the alternative is probably to use obfsproxy or Tor and tunnel your VPN connection via that. We have some community documentation on this topic, but it is ageing. But the configuration concept is essentially the same: https://community.openvpn.net/openvpn/w ... bfuscation ... The advantage of using Tor instead of obfsproxy directly is that the remote server does not need to be modified. But performance might be somewhat lower or at least much more variable.
I see. Thank you very much, you have been very helpful :)

Post Reply