tls hand shake problem - please help

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

tls hand shake problem - please help

Post by goldduo » Sat Jan 09, 2021 10:36 am

i am having a hard time getting my vpn to work. i have the vpn server on windows 7 at home using ethernet connected to my ISP (AT&T U-verse), and the client on windows 10.
i keep getting the tls error:

"TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed"

1, i have no anti-virus software running
2, i allow anything to access port 1962 in windows firewall
3, i added port forwarding on my AT&T gateway
Server config

port 1962
proto udp4
dev tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\config\\dh2048.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-GCM
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


Client config

client
proto udp4
remote 1.2.3.4 (my public ip) 1962
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Users\\vic\\OpenVPN\\config\\ca.crt"
cert "C:\\Users\\vic\\OpenVPN\\config\\taiwan.crt"
key "C:\\Users\\vic\\OpenVPN\\config\\taiwan.key"
remote-cert-tls server
tls-auth ta.key 1
cipher AES-256-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-auth>


can somebody help?
Last edited by Pippin on Sat Jan 09, 2021 12:54 pm, edited 1 time in total.
Reason: Formatting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8374
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sat Jan 09, 2021 3:49 pm

Set --verb 4 in your config files and then try agaain. Read your server log.

Using OpenVPN as a server on Windnows is one of the worse decisions you will ever make.

Just use Linux, use a VM if you have to.

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sat Jan 09, 2021 4:23 pm

Using openvpn on window is most simple to use and very stables too . Check your firewall and make sure port forwarding correct and try again . Let do ver 4 on server and post everything in here

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sat Jan 09, 2021 9:33 pm

server log:

Code: Select all

2021-01-09 16:29:34 us=818248 --pull-filter ignored for --mode server
2021-01-09 16:29:34 us=834249 Current Parameter Settings:
2021-01-09 16:29:34 us=834249   config = 'OH.ovpn'
2021-01-09 16:29:34 us=834249   mode = 1
2021-01-09 16:29:34 us=834249   show_ciphers = DISABLED
2021-01-09 16:29:34 us=834249   show_digests = DISABLED
2021-01-09 16:29:34 us=834249   show_engines = DISABLED
2021-01-09 16:29:34 us=834249   genkey = DISABLED
2021-01-09 16:29:34 us=834249   genkey_filename = '[UNDEF]'
2021-01-09 16:29:34 us=834249   key_pass_file = '[UNDEF]'
2021-01-09 16:29:34 us=834249   show_tls_ciphers = DISABLED
2021-01-09 16:29:34 us=834249   connect_retry_max = 0
2021-01-09 16:29:34 us=834249 Connection profiles [0]:
2021-01-09 16:29:34 us=834249   proto = udp4
2021-01-09 16:29:34 us=835249   local = '[UNDEF]'
2021-01-09 16:29:34 us=835249   local_port = '1962'
2021-01-09 16:29:34 us=835249   remote = '[UNDEF]'
2021-01-09 16:29:34 us=835249   remote_port = '1962'
2021-01-09 16:29:34 us=835249   remote_float = DISABLED
2021-01-09 16:29:34 us=835249   bind_defined = DISABLED
2021-01-09 16:29:34 us=835249   bind_local = ENABLED
2021-01-09 16:29:34 us=835249   bind_ipv6_only = DISABLED
2021-01-09 16:29:34 us=835249   connect_retry_seconds = 5
2021-01-09 16:29:34 us=835249   connect_timeout = 120
2021-01-09 16:29:34 us=835249   socks_proxy_server = '[UNDEF]'
2021-01-09 16:29:34 us=835249   socks_proxy_port = '[UNDEF]'
2021-01-09 16:29:34 us=835249   tun_mtu = 1500
2021-01-09 16:29:34 us=835249   tun_mtu_defined = ENABLED
2021-01-09 16:29:34 us=835249   link_mtu = 1500
2021-01-09 16:29:34 us=835249   link_mtu_defined = DISABLED
2021-01-09 16:29:34 us=835249   tun_mtu_extra = 0
2021-01-09 16:29:34 us=835249   tun_mtu_extra_defined = DISABLED
2021-01-09 16:29:34 us=835249   mtu_discover_type = -1
2021-01-09 16:29:34 us=835249   fragment = 0
2021-01-09 16:29:34 us=835249   mssfix = 1450
2021-01-09 16:29:34 us=835249   explicit_exit_notification = 1
2021-01-09 16:29:34 us=836249   tls_auth_file = '[INLINE]'
2021-01-09 16:29:34 us=836249   key_direction = 0
2021-01-09 16:29:34 us=836249   tls_crypt_file = '[UNDEF]'
2021-01-09 16:29:34 us=836249   tls_crypt_v2_file = '[UNDEF]'
2021-01-09 16:29:34 us=836249 Connection profiles END
2021-01-09 16:29:34 us=836249   remote_random = DISABLED
2021-01-09 16:29:34 us=836249   ipchange = '[UNDEF]'
2021-01-09 16:29:34 us=836249   dev = 'tun'
2021-01-09 16:29:34 us=836249   dev_type = '[UNDEF]'
2021-01-09 16:29:34 us=836249   dev_node = '[UNDEF]'
2021-01-09 16:29:34 us=836249   lladdr = '[UNDEF]'
2021-01-09 16:29:34 us=836249   topology = 3
2021-01-09 16:29:34 us=836249   ifconfig_local = '10.8.0.1'
2021-01-09 16:29:34 us=836249   ifconfig_remote_netmask = '255.255.255.0'
2021-01-09 16:29:34 us=836249   ifconfig_noexec = DISABLED
2021-01-09 16:29:34 us=836249   ifconfig_nowarn = DISABLED
2021-01-09 16:29:34 us=836249   ifconfig_ipv6_local = '[UNDEF]'
2021-01-09 16:29:34 us=836249   ifconfig_ipv6_netbits = 0
2021-01-09 16:29:34 us=836249   ifconfig_ipv6_remote = '[UNDEF]'
2021-01-09 16:29:34 us=836249   shaper = 0
2021-01-09 16:29:34 us=836249   mtu_test = 0
2021-01-09 16:29:34 us=836249   mlock = DISABLED
2021-01-09 16:29:34 us=836249   keepalive_ping = 10
2021-01-09 16:29:34 us=836249   keepalive_timeout = 120
2021-01-09 16:29:34 us=836249   inactivity_timeout = 0
2021-01-09 16:29:34 us=836249   ping_send_timeout = 10
2021-01-09 16:29:34 us=836249   ping_rec_timeout = 240
2021-01-09 16:29:34 us=836249   ping_rec_timeout_action = 2
2021-01-09 16:29:34 us=836249   ping_timer_remote = DISABLED
2021-01-09 16:29:34 us=836249   remap_sigusr1 = 0
2021-01-09 16:29:34 us=836249   persist_tun = ENABLED
2021-01-09 16:29:34 us=836249   persist_local_ip = DISABLED
2021-01-09 16:29:34 us=837249   persist_remote_ip = DISABLED
2021-01-09 16:29:34 us=837249   persist_key = ENABLED
2021-01-09 16:29:34 us=837249   passtos = DISABLED
2021-01-09 16:29:34 us=837249   resolve_retry_seconds = 1000000000
2021-01-09 16:29:34 us=837249   resolve_in_advance = DISABLED
2021-01-09 16:29:34 us=837249   username = '[UNDEF]'
2021-01-09 16:29:34 us=837249   groupname = '[UNDEF]'
2021-01-09 16:29:34 us=837249   chroot_dir = '[UNDEF]'
2021-01-09 16:29:34 us=837249   cd_dir = '[UNDEF]'
2021-01-09 16:29:34 us=837249   writepid = '[UNDEF]'
2021-01-09 16:29:34 us=837249   up_script = '[UNDEF]'
2021-01-09 16:29:34 us=837249   down_script = '[UNDEF]'
2021-01-09 16:29:34 us=837249   down_pre = DISABLED
2021-01-09 16:29:34 us=837249   up_restart = DISABLED
2021-01-09 16:29:34 us=837249   up_delay = DISABLED
2021-01-09 16:29:34 us=837249   daemon = DISABLED
2021-01-09 16:29:34 us=837249   inetd = 0
2021-01-09 16:29:34 us=837249   log = ENABLED
2021-01-09 16:29:34 us=837249   suppress_timestamps = DISABLED
2021-01-09 16:29:34 us=837249   machine_readable_output = DISABLED
2021-01-09 16:29:34 us=837249   nice = 0
2021-01-09 16:29:34 us=837249   verbosity = 4
2021-01-09 16:29:34 us=837249   mute = 0
2021-01-09 16:29:34 us=837249   gremlin = 0
2021-01-09 16:29:34 us=837249   status_file = 'openvpn-status.log'
2021-01-09 16:29:34 us=837249   status_file_version = 1
2021-01-09 16:29:34 us=837249   status_file_update_freq = 60
2021-01-09 16:29:34 us=837249   occ = ENABLED
2021-01-09 16:29:34 us=837249   rcvbuf = 0
2021-01-09 16:29:34 us=837249   sndbuf = 0
2021-01-09 16:29:34 us=837249   sockflags = 0
2021-01-09 16:29:34 us=838249   fast_io = DISABLED
2021-01-09 16:29:34 us=838249   comp.alg = 0
2021-01-09 16:29:34 us=838249   comp.flags = 0
2021-01-09 16:29:34 us=838249   route_script = '[UNDEF]'
2021-01-09 16:29:34 us=838249   route_default_gateway = '10.8.0.2'
2021-01-09 16:29:34 us=838249   route_default_metric = 0
2021-01-09 16:29:34 us=838249   route_noexec = DISABLED
2021-01-09 16:29:34 us=838249   route_delay = 0
2021-01-09 16:29:34 us=838249   route_delay_window = 30
2021-01-09 16:29:34 us=838249   route_delay_defined = DISABLED
2021-01-09 16:29:34 us=839249   route_nopull = DISABLED
2021-01-09 16:29:34 us=839249   route_gateway_via_dhcp = DISABLED
2021-01-09 16:29:34 us=839249   allow_pull_fqdn = DISABLED
2021-01-09 16:29:34 us=839249   Pull filters:
2021-01-09 16:29:34 us=839249     ignore "route-method"
2021-01-09 16:29:34 us=839249   management_addr = '127.0.0.1'
2021-01-09 16:29:34 us=839249   management_port = '25340'
2021-01-09 16:29:34 us=839249   management_user_pass = 'stdin'
2021-01-09 16:29:34 us=839249   management_log_history_cache = 250
2021-01-09 16:29:34 us=839249   management_echo_buffer_size = 100
2021-01-09 16:29:34 us=839249   management_write_peer_info_file = '[UNDEF]'
2021-01-09 16:29:34 us=839249   management_client_user = '[UNDEF]'
2021-01-09 16:29:34 us=839249   management_client_group = '[UNDEF]'
2021-01-09 16:29:34 us=839249   management_flags = 6
2021-01-09 16:29:34 us=839249   shared_secret_file = '[UNDEF]'
2021-01-09 16:29:34 us=839249   key_direction = 0
2021-01-09 16:29:34 us=839249   ciphername = 'AES-256-GCM'
2021-01-09 16:29:34 us=839249   ncp_enabled = ENABLED
2021-01-09 16:29:34 us=839249   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2021-01-09 16:29:34 us=839249   authname = 'SHA1'
2021-01-09 16:29:34 us=839249   prng_hash = 'SHA1'
2021-01-09 16:29:34 us=839249   prng_nonce_secret_len = 16
2021-01-09 16:29:34 us=839249   keysize = 0
2021-01-09 16:29:34 us=839249   engine = DISABLED
2021-01-09 16:29:34 us=839249   replay = ENABLED
2021-01-09 16:29:34 us=839249   mute_replay_warnings = DISABLED
2021-01-09 16:29:34 us=839249   replay_window = 64
2021-01-09 16:29:34 us=839249   replay_time = 15
2021-01-09 16:29:34 us=839249   packet_id_file = '[UNDEF]'
2021-01-09 16:29:34 us=839249   test_crypto = DISABLED
2021-01-09 16:29:34 us=839249   tls_server = ENABLED
2021-01-09 16:29:34 us=839249   tls_client = DISABLED
2021-01-09 16:29:34 us=839249   ca_file = 'C:\Program Files\OpenVPN\config\ca.crt'
2021-01-09 16:29:34 us=839249   ca_path = '[UNDEF]'
2021-01-09 16:29:34 us=839249   dh_file = 'C:\Program Files\OpenVPN\config\dh2048.pem'
2021-01-09 16:29:34 us=840249   cert_file = 'C:\Program Files\OpenVPN\config\server.crt'
2021-01-09 16:29:34 us=840249   extra_certs_file = '[UNDEF]'
2021-01-09 16:29:34 us=840249   priv_key_file = 'C:\Program Files\OpenVPN\config\server.key'
2021-01-09 16:29:34 us=840249   pkcs12_file = '[UNDEF]'
2021-01-09 16:29:34 us=840249   cryptoapi_cert = '[UNDEF]'
2021-01-09 16:29:34 us=840249   cipher_list = '[UNDEF]'
2021-01-09 16:29:34 us=840249   cipher_list_tls13 = '[UNDEF]'
2021-01-09 16:29:34 us=840249   tls_cert_profile = '[UNDEF]'
2021-01-09 16:29:34 us=840249   tls_verify = '[UNDEF]'
2021-01-09 16:29:34 us=840249   tls_export_cert = '[UNDEF]'
2021-01-09 16:29:34 us=840249   verify_x509_type = 0
2021-01-09 16:29:34 us=841249   verify_x509_name = '[UNDEF]'
2021-01-09 16:29:34 us=841249   crl_file = '[UNDEF]'
2021-01-09 16:29:34 us=841249   ns_cert_type = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=841249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=842249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=842249   remote_cert_ku[i] = 0
2021-01-09 16:29:34 us=842249   remote_cert_eku = '[UNDEF]'
2021-01-09 16:29:34 us=842249   ssl_flags = 0
2021-01-09 16:29:34 us=842249   tls_timeout = 2
2021-01-09 16:29:34 us=842249   renegotiate_bytes = -1
2021-01-09 16:29:34 us=842249   renegotiate_packets = 0
2021-01-09 16:29:34 us=842249   renegotiate_seconds = 3600
2021-01-09 16:29:34 us=842249   handshake_window = 60
2021-01-09 16:29:34 us=842249   transition_window = 3600
2021-01-09 16:29:34 us=842249   single_session = DISABLED
2021-01-09 16:29:34 us=842249   push_peer_info = DISABLED
2021-01-09 16:29:34 us=842249   tls_exit = DISABLED
2021-01-09 16:29:34 us=842249   tls_crypt_v2_metadata = '[UNDEF]'
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=842249   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_protected_authentication = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_private_mode = 00000000
2021-01-09 16:29:34 us=843250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=843250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_cert_private = DISABLED
2021-01-09 16:29:34 us=844250   pkcs11_pin_cache_period = -1
2021-01-09 16:29:34 us=844250   pkcs11_id = '[UNDEF]'
2021-01-09 16:29:34 us=844250   pkcs11_id_management = DISABLED
2021-01-09 16:29:34 us=844250   server_network = 10.8.0.0
2021-01-09 16:29:34 us=844250   server_netmask = 255.255.255.0
2021-01-09 16:29:34 us=844250   server_network_ipv6 = ::
2021-01-09 16:29:34 us=844250   server_netbits_ipv6 = 0
2021-01-09 16:29:34 us=844250   server_bridge_ip = 0.0.0.0
2021-01-09 16:29:34 us=844250   server_bridge_netmask = 0.0.0.0
2021-01-09 16:29:34 us=844250   server_bridge_pool_start = 0.0.0.0
2021-01-09 16:29:34 us=844250   server_bridge_pool_end = 0.0.0.0
2021-01-09 16:29:34 us=844250   push_entry = 'route-gateway 10.8.0.1'
2021-01-09 16:29:34 us=844250   push_entry = 'topology subnet'
2021-01-09 16:29:34 us=844250   push_entry = 'ping 10'
2021-01-09 16:29:34 us=844250   push_entry = 'ping-restart 120'
2021-01-09 16:29:34 us=845250   ifconfig_pool_defined = ENABLED
2021-01-09 16:29:34 us=845250   ifconfig_pool_start = 10.8.0.2
2021-01-09 16:29:34 us=845250   ifconfig_pool_end = 10.8.0.253
2021-01-09 16:29:34 us=845250   ifconfig_pool_netmask = 255.255.255.0
2021-01-09 16:29:34 us=845250   ifconfig_pool_persist_filename = 'ipp.txt'
2021-01-09 16:29:34 us=845250   ifconfig_pool_persist_refresh_freq = 600
2021-01-09 16:29:34 us=845250   ifconfig_ipv6_pool_defined = DISABLED
2021-01-09 16:29:34 us=845250   ifconfig_ipv6_pool_base = ::
2021-01-09 16:29:34 us=845250   ifconfig_ipv6_pool_netbits = 0
2021-01-09 16:29:34 us=845250   n_bcast_buf = 256
2021-01-09 16:29:34 us=845250   tcp_queue_limit = 64
2021-01-09 16:29:34 us=845250   real_hash_size = 256
2021-01-09 16:29:34 us=845250   virtual_hash_size = 256
2021-01-09 16:29:34 us=845250   client_connect_script = '[UNDEF]'
2021-01-09 16:29:34 us=845250   learn_address_script = '[UNDEF]'
2021-01-09 16:29:34 us=845250   client_disconnect_script = '[UNDEF]'
2021-01-09 16:29:34 us=845250   client_config_dir = '[UNDEF]'
2021-01-09 16:29:34 us=845250   ccd_exclusive = DISABLED
2021-01-09 16:29:34 us=845250   tmp_dir = 'C:\Users\pan\AppData\Local\Temp\'
2021-01-09 16:29:34 us=846250   push_ifconfig_defined = DISABLED
2021-01-09 16:29:34 us=846250   push_ifconfig_local = 0.0.0.0
2021-01-09 16:29:34 us=846250   push_ifconfig_remote_netmask = 0.0.0.0
2021-01-09 16:29:34 us=846250   push_ifconfig_ipv6_defined = DISABLED
2021-01-09 16:29:34 us=846250   push_ifconfig_ipv6_local = ::/0
2021-01-09 16:29:34 us=846250   push_ifconfig_ipv6_remote = ::
2021-01-09 16:29:34 us=846250   enable_c2c = DISABLED
2021-01-09 16:29:34 us=846250   duplicate_cn = DISABLED
2021-01-09 16:29:34 us=846250   cf_max = 0
2021-01-09 16:29:34 us=846250   cf_per = 0
2021-01-09 16:29:34 us=846250   max_clients = 1024
2021-01-09 16:29:34 us=846250   max_routes_per_client = 256
2021-01-09 16:29:34 us=846250   auth_user_pass_verify_script = '[UNDEF]'
2021-01-09 16:29:34 us=846250   auth_user_pass_verify_script_via_file = DISABLED
2021-01-09 16:29:34 us=846250   auth_token_generate = DISABLED
2021-01-09 16:29:34 us=846250   auth_token_lifetime = 0
2021-01-09 16:29:34 us=846250   auth_token_secret_file = '[UNDEF]'
2021-01-09 16:29:34 us=846250   vlan_tagging = DISABLED
2021-01-09 16:29:34 us=846250   vlan_accept = all
2021-01-09 16:29:34 us=846250   vlan_pvid = 1
2021-01-09 16:29:34 us=846250   client = DISABLED
2021-01-09 16:29:34 us=846250   pull = DISABLED
2021-01-09 16:29:34 us=847250   auth_user_pass_file = '[UNDEF]'
2021-01-09 16:29:34 us=847250   show_net_up = DISABLED
2021-01-09 16:29:34 us=847250   route_method = 3
2021-01-09 16:29:34 us=847250   block_outside_dns = DISABLED
2021-01-09 16:29:34 us=847250   ip_win32_defined = DISABLED
2021-01-09 16:29:34 us=847250   ip_win32_type = 3
2021-01-09 16:29:34 us=847250   dhcp_masq_offset = 0
2021-01-09 16:29:34 us=847250   dhcp_lease_time = 31536000
2021-01-09 16:29:34 us=847250   tap_sleep = 10
2021-01-09 16:29:34 us=847250   dhcp_options = DISABLED
2021-01-09 16:29:34 us=847250   dhcp_renew = DISABLED
2021-01-09 16:29:34 us=847250   dhcp_pre_release = DISABLED
2021-01-09 16:29:34 us=847250   domain = '[UNDEF]'
2021-01-09 16:29:34 us=847250   netbios_scope = '[UNDEF]'
2021-01-09 16:29:34 us=847250   netbios_node_type = 0
2021-01-09 16:29:34 us=847250   disable_nbt = DISABLED
2021-01-09 16:29:34 us=847250 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-09 16:29:34 us=847250 Windows version 6.1 (Windows 7) 64bit
2021-01-09 16:29:34 us=848250 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Enter Management Password:
2021-01-09 16:29:34 us=851250 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-01-09 16:29:34 us=851250 Need hold release from management interface, waiting...
2021-01-09 16:29:35 us=271274 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-01-09 16:29:35 us=372280 MANAGEMENT: CMD 'state on'
2021-01-09 16:29:35 us=372280 MANAGEMENT: CMD 'log all on'
2021-01-09 16:29:35 us=853307 MANAGEMENT: CMD 'echo all on'
2021-01-09 16:29:35 us=856307 MANAGEMENT: CMD 'bytecount 5'
2021-01-09 16:29:35 us=859308 MANAGEMENT: CMD 'hold off'
2021-01-09 16:29:35 us=864308 MANAGEMENT: CMD 'hold release'
2021-01-09 16:29:35 us=872308 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
2021-01-09 16:29:35 us=883309 Diffie-Hellman initialized with 2048 bit key
2021-01-09 16:29:35 us=886309 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-09 16:29:35 us=887309 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-09 16:29:35 us=887309 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2021-01-09 16:29:35 us=887309 interactive service msg_channel=384
2021-01-09 16:29:35 us=887309 open_tun
2021-01-09 16:29:35 us=998316 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-01-09 16:29:35 us=998316 TAP-Windows Driver Version 9.24 
2021-01-09 16:29:35 us=998316 TAP-Windows MTU=1500
2021-01-09 16:29:36 us=3316 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.1/255.255.255.0 [SUCCEEDED]
2021-01-09 16:29:36 us=3316 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {09DA32F9-4D2F-42D8-9161-8151AEC07998} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
2021-01-09 16:29:36 us=5316 Sleeping for 10 seconds...
2021-01-09 16:29:46 us=6888 Successful ARP Flush on interface [28] {09DA32F9-4D2F-42D8-9161-8151AEC07998}
2021-01-09 16:29:46 us=34890 do_ifconfig, ipv4=1, ipv6=0
2021-01-09 16:29:46 us=34890 MANAGEMENT: >STATE:1610227786,ASSIGN_IP,,10.8.0.1,,,,
2021-01-09 16:29:46 us=35890 IPv4 MTU set to 1500 on interface 28 using service
2021-01-09 16:29:46 us=35890 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-01-09 16:29:46 us=35890 Socket Buffers: R=[8192->8192] S=[8192->8192]
2021-01-09 16:29:46 us=35890 UDPv4 link local (bound): [AF_INET][undef]:1962
2021-01-09 16:29:46 us=35890 UDPv4 link remote: [AF_UNSPEC]
2021-01-09 16:29:46 us=35890 MULTI: multi_init called, r=256 v=256
2021-01-09 16:29:46 us=36890 IFCONFIG POOL IPv4: base=10.8.0.2 size=252
2021-01-09 16:29:46 us=36890 IFCONFIG POOL LIST
2021-01-09 16:29:46 us=36890 Initialization Sequence Completed
2021-01-09 16:29:46 us=36890 MANAGEMENT: >STATE:1610227786,CONNECTED,SUCCESS,10.8.0.1,,,,
Last edited by Pippin on Sun Jan 10, 2021 12:49 pm, edited 1 time in total.
Reason: Formatting

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sat Jan 09, 2021 9:51 pm

can you connect to your server inside your land? if so it is your router sometime firewall router stop it so check it step by step to see it can connect or not , on your server it seem ok and nothing wrong and working correct.

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sat Jan 09, 2021 9:53 pm

this is the port forwarding i added to my gateway. (i used https://www.portchecktool.com/ to check the port, and it says "i could not see your service on *.*.*.*. on port 1962. reason: connection timed out"?

Image
Last edited by goldduo on Sat Jan 09, 2021 10:33 pm, edited 2 times in total.

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sat Jan 09, 2021 9:56 pm

300000 wrote:
Sat Jan 09, 2021 9:51 pm
can you connect to your server inside your land? if so it is your router sometime firewall router stop it so check it step by step to see it can connect or not , on your server it seem ok and nothing wrong and working correct.
i have connected the client to my wifi, and the problem was the same.

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sun Jan 10, 2021 12:29 am

If it cant see the port so your router block it. It shows that so find it why it can't see first .

You need to connect it using private ip address first to see . If you connect it public ip it not

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sun Jan 10, 2021 12:44 am

300000 wrote:
Sun Jan 10, 2021 12:29 am
If it cant see the port so your router block it. It shows that so find it why it can't see first .

You need to connect it using private ip address first to see . If you connect it public ip it not
how do i connect using private ip? can i do that now that i am away from home?

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sun Jan 10, 2021 12:58 am

It seem you dont understand what i said . At the moment there is no way to connect it from internet because your router block it .firewall or port forwarding not working as you thing.

What i said is try to connect it inside your lan when you are at home so your openvpn server and your client connect the same lan so you can use private ip so to make sure it work first.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8374
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sun Jan 10, 2021 1:04 am

goldduo wrote:
Sat Jan 09, 2021 9:53 pm
this is the port forwarding i added to my gateway. (i used https://www.portchecktool.com/ to check the port, and it says "i could not see your service on *.*.*.*. on port 1962. reason: connection timed out"?
Online scanners cannot detect openvpn. (Unless you use it really badly ..)
300000 wrote:
Sun Jan 10, 2021 12:58 am
It seem you dont understand what i said . At the moment there is no way to connect it from internet because your router block it .firewall or port forwarding not working as you thing
Actually, the scan would suggest that the port is forwarded correctly.
300000 wrote:
Sun Jan 10, 2021 12:58 am
try to connect it inside your lan when you are at home
goldduo wrote:
Sun Jan 10, 2021 12:44 am
how do i connect using private ip? can i do that now that i am away from home?
No.

You need to see your server log to analise the problem and you cannot see that from away from home.

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sun Jan 10, 2021 3:41 am

TinCanTech wrote:
Sun Jan 10, 2021 1:04 am

You need to see your server log to analise the problem and you cannot see that from away from home.
actually i can see the server log, as i posted above. i have teamviewer set up. do you see anything wrong in the above server log?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8374
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sun Jan 10, 2021 4:32 am

goldduo wrote:
Sun Jan 10, 2021 3:41 am
do you see anything wrong in the above server log?
NO, your server log looks AOK.

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sun Jan 10, 2021 5:07 am

TinCanTech wrote:
Sun Jan 10, 2021 1:04 am
Online scanners cannot detect openvpn. (Unless you use it really badly ..)
why does the scanner not detect openvpn? how do i fix that?
so the scanner see my port 1962 open, but nothing is listening on that port? how do i tie openvpn to that port? other than running openvpn with .ovpn containing "port 1962"? (i started openvpn-gui.exe, i run it as administrator. then i click 'connect'. )

do i have to make openvpn a service?

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sun Jan 10, 2021 12:05 pm

strangely, if i don't start openvpn-gui.exe on the server, and i start it on the client, i still get the same tls error.
in other words, it seems like that the openvpn server has never been started? while the server log looks ok???

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sun Jan 10, 2021 1:28 pm

You only can connect when you test open port first. At the moment it block so you cannt connect it . Try to open the block it first and connect it again . As soon as you see open the port you can connect.

Online scanners can check openvpn port open or not so it do the job, nothing wrong with online scanners and the last you can try many vnp openvpn sevice provider and their port .take their port and use online scanners to see . If the port they use can see or can't see? If online can't see the port so it can't connect .

Try to turn off window firewall on server and check firewall on router to let it go and do it again

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8374
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sun Jan 10, 2021 2:52 pm

Online scanner CANNOT detect a running OpenVPN Server. Unless you set it up really badly.

The timeout shown above is exactly what a running server would look like.

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sun Jan 10, 2021 3:46 pm

in order to help you find out it working or not let do post scant first just type into search PortQryUI - User Interface and download it from Microsoft website

Image

after that run the unity to scan the port . i down load the openvpn OpenVPN configuration files as example so you can see port open before you can connect to it.

Image

open the config and copy its address to scant just choose UDP

Image

and here you will see the result.

Image


it said LISTENING .


Just add your public ip address and do the same , if you can see the same so it should work , if you cant see the port open it will never work for you .

online scant only do on tcp port so it show maybe not correct but you use udp . using port unity from Microsoft will show you what you want to find out can work or not .




he said that "Unless you set it up really badly." so all openvpn sevice provider setup openvpn very bad and port still can scan so only him can setup close openvpn port . it is up to you to find out yourself who is help you and who is mess up to make you confuse

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8374
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sun Jan 10, 2021 4:10 pm

300000 wrote:
Sun Jan 10, 2021 3:46 pm
it said LISTENING
It makes no difference. Capture the packets and you will see either:
  • No packets are returned from NordVPN
    This is the correct operation of OpenVPN.
  • Some packets are returned from NordVPN
    These packets are not returned by OpenVPN, they are sent by the OS.
Either way, your scanner is making assumptions and has not detected OpenVPN, listening or otherwise.

I am surprised there is anyone left who still trusts Miicroshaft.

300000
OpenVPN Super User
Posts: 426
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sun Jan 10, 2021 4:27 pm

Microsoft control and set up the standard for the world on business world , all the banks and ATM using windows Microsoft OS. all company deepen on Microsoft to run and the whole world of business deepen on its OS , that is the fact of life , there are multi operate system but when going to the bank ask them to option change to Linux and let they answer.

Post Reply