tls hand shake problem - please help
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Re: tls hand shake problem - please help
Do you trust banks as well ?!?!?
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: tls hand shake problem - please help
if you need everything to buy you need to ask banks , from small to big so the banks will know all your money you got, no matter who you are , they will record all active spending on all items you bought and spent. Can you bring the whole 500000 pounds cash and buy the house is that ok? or you need to pay over the bank? ask yourself that question first and like or not you still give all info to the bank anyway.
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Re: tls hand shake problem - please help
Microshaft STOLE practically everything they are known for.
That business use Microshaft was a hasty decision, made by people who did not understand what they were getting into.
Because the financial service industry is nothing more than a massive con-trick to put people into debt. Because that is the only way banks make money.
Getting back to the OP's problem:
While the online scanner restults are completely inconclusive, the server log posted does show that no packets are received by the server. So, probably port-forwarding or firewall is misconfigured.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: tls hand shake problem - please help
Exactly, off topic can go into ... off topicGetting back to the OP's problem:

Thanks.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 16
- Joined: Sat Jan 09, 2021 10:12 am
-
- OpenVpn Newbie
- Posts: 16
- Joined: Sat Jan 09, 2021 10:12 am
Re: tls hand shake problem - please help
when i posted the server log, i did not start the client vpn connection. so shouldn't it show no packets received?TinCanTech wrote: ↑Sun Jan 10, 2021 5:39 pm
While the online scanner restults are completely inconclusive, the server log posted does show that no packets are received by the server. So, probably port-forwarding or firewall is misconfigured.
-
- OpenVpn Newbie
- Posts: 16
- Joined: Sat Jan 09, 2021 10:12 am
Re: tls hand shake problem - please help
i exit the openvpn server, same tls error.
i disabled the windows firewall rule for 1962, same tls error;
i create a new rule to block the port 1962, still same tls error.
is it safe to say that there is something wrong with my client setup?
here is the client log:
anything wrong there?
i disabled the windows firewall rule for 1962, same tls error;
i create a new rule to block the port 1962, still same tls error.
is it safe to say that there is something wrong with my client setup?
here is the client log:
Code: Select all
2021-01-10 19:46:10 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-10 19:46:10 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-10 19:46:10 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-01-10 19:46:10 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-01-10 19:46:10 Need hold release from management interface, waiting...
2021-01-10 19:46:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-01-10 19:46:10 MANAGEMENT: CMD 'state on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'log all on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'echo all on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'bytecount 5'
2021-01-10 19:46:10 MANAGEMENT: CMD 'hold off'
2021-01-10 19:46:10 MANAGEMENT: CMD 'hold release'
2021-01-10 19:46:10 MANAGEMENT: CMD 'password [...]'
2021-01-10 19:46:10 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-01-10 19:46:10 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-10 19:46:10 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-10 19:46:10 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1962
2021-01-10 19:46:10 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-10 19:46:10 UDPv4 link local: (not bound)
2021-01-10 19:46:10 UDPv4 link remote: [AF_INET]*.*.*.*:1962
2021-01-10 19:46:10 MANAGEMENT: >STATE:1610325970,WAIT,,,,,,
2021-01-10 19:47:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-01-10 19:47:10 TLS Error: TLS handshake failed
Last edited by Pippin on Mon Jan 11, 2021 11:11 am, edited 1 time in total.
Reason: Formatting
Reason: Formatting
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 16
- Joined: Sat Jan 09, 2021 10:12 am
Re: tls hand shake problem - please help
in the client.ovpn config file, there are 4 markers: <ca>, <cert>, <key>, and <tls-auth>
<tls-auth> should have the contents of ta.key?
what should be in <cert>? is it the contents of server.crt? or client.crt?
how about <key>? is it from server.key or client.key?
<tls-auth> should have the contents of ta.key?
what should be in <cert>? is it the contents of server.crt? or client.crt?
how about <key>? is it from server.key or client.key?
-
- OpenVpn Newbie
- Posts: 16
- Joined: Sat Jan 09, 2021 10:12 am
Re: tls hand shake problem - please help
my understanding is the <cert> and <key> markers are not required if i specify file paths to client.crt and client.key.
so to connect, the client sends ca.crt, asking for specific ip and port number. the server recognizes the ca.crt, and knows that this is a client. now how does that server authenticate the client? it automatically reaches into the default relative path openvpn\easy-rsa\pki to grab and compare the client.crt, and client.key?
so to connect, the client sends ca.crt, asking for specific ip and port number. the server recognizes the ca.crt, and knows that this is a client. now how does that server authenticate the client? it automatically reaches into the default relative path openvpn\easy-rsa\pki to grab and compare the client.crt, and client.key?
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Re: tls hand shake problem - please help
The server has already loaded the X509 files which it requires.
Inlining a file is the same as loading it via a file name.
Inlining a file is the same as loading it via a file name.
-
- OpenVpn Newbie
- Posts: 16
- Joined: Sat Jan 09, 2021 10:12 am
Re: tls hand shake problem - please help
i did in command prompt: netstat -nba | findstr "LISTEN" and did not see anything listening on port 1962?
-
- OpenVPN Protagonist
- Posts: 11139
- Joined: Fri Jun 03, 2016 1:17 pm
Re: tls hand shake problem - please help
UDP does not "LISTEN"
Try the OpenVPN howto.
Try the OpenVPN howto.
-
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Re: tls hand shake problem - please help
Turn your firewall and try it first .you are so confident to do but it not work untill you can connect first and if you keep doing what you think is right it not work for you