Client doesn't connect

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
pacsd
OpenVpn Newbie
Posts: 1
Joined: Mon Jan 11, 2021 11:35 pm

Client doesn't connect

Post by pacsd » Mon Jan 11, 2021 11:45 pm

Hello everyone,

I have an issue with a VPN client ("Client 1") which doesn't connect to an OpenVPN server I built when connecting from a very specific network ("Network 1"). The error is related to "TLS Error: TLS key negotiation failed to occur"
Initially it worked perfectly for weeks, but it then suddenly stopped.

In order to debug the problem I tested
- using 3 accounts I created: "Client 1", "Client 2" and "Client 3"
- on three networks: "Network 1" (ADSL), "Network 2" (ADSL) and "Network 3" (mobile phone 4G)
- on three Windows 10x64 laptops: "L1", "L2" and "L3", and one Android phone, "A1"
- using two other VPN accounts connecting to foreign countries on the same protocol (UDP) and port (1194), "Foreign 1" and "Foreign 2".

Purpose: I want to use "Client 1" (either on "L1" or "L2") and on "Network 1"

What I did until now (I'll use the terms "PASS" for functioning properly and "FAIL" for not working):
-1) Testing "Client 1", "Client 2" and "Client 3" on "Network 2" = PASS, then testing "Client 1", "Client 2" and "Client 3" on "Network 1" = FAIL
-2) Testing "Foreign 1" and "Foreign 2" on "Network 2" = PASS, then testing "Foreign 1" and "Foreign 2" on "Network 1" = PASS (yes, PASS)
-3) Changing OpenVPN on "L1" to 2.4.8 from 2.5.0, then testing "Client 1", "Client 2" and "Client 3" on "Network 1" = FAIL
-4) Changing the DNS two times on "L1", then testing "Client 1", "Client 2" and "Client 3" on "Network 1" = FAIL. The OpenVPN connection log shows that it properly finds the public IP of the OpenVPN server.
-5) Changing the DNS on "Network 1" then using "L1" and "L2" to test "Client 1", "Client 2" and "Client 3" on "Network 1" = FAIL. The OpenVPN connection log shows that it properly finds the public IP of the OpenVPN server.
-6) Using "A1" then testing "Client 1", "Client 2" and "Client 3" on "Network 1" = FAIL
-7) Using "A1" then testing "Client 1", "Client 2" and "Client 3" on "Network 3" = PASS; "Network 3" is a 4G connection on the Android phone.
-8) Changing the "Network 1" subnet and then using "L1" to test "Client 1", "Client 2" and "Client 3" = FAIL
-9) Changing the modem on "Network 1" then using "L1" to test "Client 1", "Client 2" and "Client 3" = FAIL
-10) Setting OpenVPN to connect through a Tor proxy then testing "Client 1", "Client 2" and "Client 3" on "Network 2" = PASS, then testing "Client 1", "Client 2" and "Client 3" on "Network 1" = FAIL

What other tests should I do as I have no more ideas ?


A client config looks like this:
Client config

client

dev tun
remote IP 1194 udp

float
nobind

# Certificate Authority cert
<ca>
-----BEGIN CERTIFICATE-----
#############################
-----END CERTIFICATE-----
</ca>

# Client cert
<cert>
-----BEGIN CERTIFICATE-----
#############################
-----END CERTIFICATE-----
</cert>

# Client private key
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
#############################
-----END ENCRYPTED PRIVATE KEY-----
</key>

remote-cert-tls server
cipher AES-256-GCM
auth SHA256
tls-client

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
#############################
-----END OpenVPN Static key V1-----
</tls-auth>

key-direction 1
tls-version-min 1.2


comp-lzo
resolv-retry infinite
keepalive 15 120

persist-key
persist-tun

mute-replay-warnings
verb 5
mute 20
Last edited by Pippin on Tue Jan 12, 2021 12:56 pm, edited 1 time in total.
Reason: Formatting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client doesn't connect

Post by TinCanTech » Tue Jan 12, 2021 12:26 am

pacsd wrote:
Mon Jan 11, 2021 11:45 pm
What other tests should I do as I have no more ideas ?
Openvpn --log file @ --verb 4

Post Reply