OpenBSD TLS Handshake fail

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
vx
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 27, 2020 3:08 pm

OpenBSD TLS Handshake fail

Post by vx » Mon Jul 27, 2020 3:20 pm

I have disabled pf(firewall) completely.
I created the tun0 interface myself

Code: Select all

# ifconfig tun0 up
When I try to run

Code: Select all

 # sudo openvpn Finland_TCP.ovpn
I get:

Code: Select all

[...]
Mon Jul 27 23:10:29 2020 us=144788 Attempting to establish TCP connection with [AF_INET]185.117.118.23:443 [nonblock]
Mon Jul 27 23:10:36 2020 us=214669 TCP connection established with [AF_INET]185.117.118.23:443
Mon Jul 27 23:10:36 2020 us=215194 TCP_CLIENT link local: (not bound)
Mon Jul 27 23:10:36 2020 us=215290 TCP_CLIENT link remote: [AF_INET]185.117.118.23:443
Mon Jul 27 23:10:36 2020 us=485330 TLS: Initial packet from [AF_INET]185.117.118.23:443, sid=c7e3fb9b 04d8ccf5
Mon Jul 27 23:10:38 2020 us=277079 Connection reset, restarting [0]
Mon Jul 27 23:10:38 2020 us=279321 TCP/UDP: Closing socket
Here is the config file (I have tried both `tun' and `tun0'):
Client TCP

client
dev tun
resolv-retry 16
remote-cert-tls server
remote-random
remote finland.cstorm.is 443 tcp
remote finland.cstorm.net 443 tcp
remote finland.cryptostorm.ch 443 tcp
remote finland.cryptostorm.pw 443 tcp
compress
down-pre
verb 4
mute 3
auth-user-pass username_and_password.txt
cipher AES-256-GCM
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
tls-client
<ca>
-----BEGIN CERTIFICATE-----
[...]


Here is the UDP attempt:

Code: Select all

 # sudo openvpn Finland_UDP.ovpn
Output:

Code: Select all

[...]
Mon Jul 27 23:13:11 2020 us=450904 TLS: Initial packet from [AF_INET]185.117.118.24:443, sid=9c41fec8 26e888a0
Mon Jul 27 23:14:11 2020 us=704076 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jul 27 23:14:11 2020 us=704737 TLS Error: TLS handshake failed
Mon Jul 27 23:14:11 2020 us=706933 TCP/UDP: Closing socket
UDP config (I also tried both tun and tun0)
Client UDP

client
dev tun
resolv-retry 16
explicit-exit-notify 3
remote-cert-tls server
remote-random
remote finland.cstorm.is 443 udp
remote finland.cstorm.net 443 udp
remote finland.cryptostorm.ch 443 udp
remote finland.cryptostorm.pw 443 udp
compress
down-pre
verb 4
mute 3
auth-user-pass username_and_password.txt
cipher AES-256-GCM
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
tls-client
<ca>
-----BEGIN CERTIFICATE-----
[...]


Other non-OpenBSD computers on the same network/router can connect just fine to the servers, TCP or UDP.
Last edited by Pippin on Mon Jul 27, 2020 3:47 pm, edited 1 time in total.
Reason: Formatting

Post Reply