tls hand shake problem - please help

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sun Jan 10, 2021 4:31 pm

Do you trust banks as well ?!?!?

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Sun Jan 10, 2021 4:44 pm

if you need everything to buy you need to ask banks , from small to big so the banks will know all your money you got, no matter who you are , they will record all active spending on all items you bought and spent. Can you bring the whole 500000 pounds cash and buy the house is that ok? or you need to pay over the bank? ask yourself that question first and like or not you still give all info to the bank anyway.

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Sun Jan 10, 2021 5:39 pm

300000 wrote:
Sun Jan 10, 2021 4:27 pm
Microsoft control and set up the standard for the world on business world
Microshaft STOLE practically everything they are known for.

That business use Microshaft was a hasty decision, made by people who did not understand what they were getting into.
300000 wrote:
Sun Jan 10, 2021 4:44 pm
if you need everything to buy you need to ask banks
Because the financial service industry is nothing more than a massive con-trick to put people into debt. Because that is the only way banks make money.

Getting back to the OP's problem:

While the online scanner restults are completely inconclusive, the server log posted does show that no packets are received by the server. So, probably port-forwarding or firewall is misconfigured.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: tls hand shake problem - please help

Post by Pippin » Sun Jan 10, 2021 5:43 pm

Getting back to the OP's problem:
Exactly, off topic can go into ... off topic ;)

Thanks.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sun Jan 10, 2021 10:58 pm

300000 wrote:
Sun Jan 10, 2021 3:46 pm
in order to help you find out it working or not let do post scant first just type into search PortQryUI - User Interface and download it from Microsoft website
my results said "UDP port 1962 (unknown service): LISTENING or FILTERED"

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Sun Jan 10, 2021 11:01 pm

TinCanTech wrote:
Sun Jan 10, 2021 5:39 pm

While the online scanner restults are completely inconclusive, the server log posted does show that no packets are received by the server. So, probably port-forwarding or firewall is misconfigured.
when i posted the server log, i did not start the client vpn connection. so shouldn't it show no packets received?

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Mon Jan 11, 2021 12:50 am

i exit the openvpn server, same tls error.
i disabled the windows firewall rule for 1962, same tls error;
i create a new rule to block the port 1962, still same tls error.
is it safe to say that there is something wrong with my client setup?
here is the client log:

Code: Select all

2021-01-10 19:46:10 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-10 19:46:10 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-10 19:46:10 library versions: OpenSSL 1.1.1h  22 Sep 2020, LZO 2.10
Enter Management Password:
2021-01-10 19:46:10 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-01-10 19:46:10 Need hold release from management interface, waiting...
2021-01-10 19:46:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-01-10 19:46:10 MANAGEMENT: CMD 'state on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'log all on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'echo all on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'bytecount 5'
2021-01-10 19:46:10 MANAGEMENT: CMD 'hold off'
2021-01-10 19:46:10 MANAGEMENT: CMD 'hold release'
2021-01-10 19:46:10 MANAGEMENT: CMD 'password [...]'
2021-01-10 19:46:10 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-01-10 19:46:10 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-10 19:46:10 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-10 19:46:10 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1962
2021-01-10 19:46:10 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-10 19:46:10 UDPv4 link local: (not bound)
2021-01-10 19:46:10 UDPv4 link remote: [AF_INET]*.*.*.*:1962
2021-01-10 19:46:10 MANAGEMENT: >STATE:1610325970,WAIT,,,,,,
2021-01-10 19:47:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-01-10 19:47:10 TLS Error: TLS handshake failed
anything wrong there?
Last edited by Pippin on Mon Jan 11, 2021 11:11 am, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Mon Jan 11, 2021 12:57 am

goldduo wrote:
Mon Jan 11, 2021 12:50 am
i exit the openvpn server, same tls error.
You need the server to be running if you want to connect to it .. it's not magic.

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Mon Jan 11, 2021 3:24 pm

in the client.ovpn config file, there are 4 markers: <ca>, <cert>, <key>, and <tls-auth>
<tls-auth> should have the contents of ta.key?
what should be in <cert>? is it the contents of server.crt? or client.crt?
how about <key>? is it from server.key or client.key?

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Tue Jan 12, 2021 12:19 am

my understanding is the <cert> and <key> markers are not required if i specify file paths to client.crt and client.key.

so to connect, the client sends ca.crt, asking for specific ip and port number. the server recognizes the ca.crt, and knows that this is a client. now how does that server authenticate the client? it automatically reaches into the default relative path openvpn\easy-rsa\pki to grab and compare the client.crt, and client.key?

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Tue Jan 12, 2021 12:29 am

The server has already loaded the X509 files which it requires.

Inlining a file is the same as loading it via a file name.

goldduo
OpenVpn Newbie
Posts: 16
Joined: Sat Jan 09, 2021 10:12 am

Re: tls hand shake problem - please help

Post by goldduo » Tue Jan 12, 2021 3:53 am

i did in command prompt: netstat -nba | findstr "LISTEN" and did not see anything listening on port 1962?

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: tls hand shake problem - please help

Post by TinCanTech » Tue Jan 12, 2021 4:04 am

UDP does not "LISTEN"

Try the OpenVPN howto.

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: tls hand shake problem - please help

Post by 300000 » Tue Jan 12, 2021 7:08 pm

Turn your firewall and try it first .you are so confident to do but it not work untill you can connect first and if you keep doing what you think is right it not work for you

Post Reply