We have a Synology NAS. We have a working L2TP VPN which I need to replace with OpenVPN because I need split tunnel capability. The current VPN connection kicks everyone off every so often and it is very problematic. I have done the OpenVPN set up in the VPN Server package of the Synology. (L2TP ip on 10.2.0.0... and OpenVPN ip on 10.8.0.0....) I have exported the OpenVPN file. When I open the config file to edit the IP address everything is in just a couples lines so I have added hard returns where I believe they should go and un-commented the lines I believe need to be fixed. I tried to use the client config file from https://github.com/OpenVPN/openvpn/tree ... nfig-files but it feels like it is a little old and some of the info in my config file didn't seem to be in the github version.
Client config file
Code: Select all
dev tun
tls-client
remote ##.###.##.### 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
stuff
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
more stuff
-----END CERTIFICATE-----
</ca>
Sorry for all the # lines but if that is where my problem is than you gotta see that too.
Here is my client side log:
Code: Select all
Wed Jul 07 18:08:43 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Wed Jul 07 18:08:43 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Wed Jul 07 18:08:43 2021 OpenVPN 2.5.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 21 2021
Wed Jul 07 18:08:43 2021 Windows version 6.1 (Windows 7) 64bit
Wed Jul 07 18:08:43 2021 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Wed Jul 07 18:08:50 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 07 18:08:50 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]_ip_:1194
Wed Jul 07 18:08:50 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 07 18:08:50 2021 UDP link remote: [AF_INET]_ip_:1194
Wed Jul 07 18:09:50 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 07 18:09:50 2021 TLS Error: TLS handshake failed
Wed Jul 07 18:09:50 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 07 18:09:55 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 07 18:09:55 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]_ip_:1194
Wed Jul 07 18:09:55 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 07 18:09:55 2021 UDP link remote: [AF_INET]_ip_:1194
Wed Jul 07 18:10:55 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 07 18:10:55 2021 TLS Error: TLS handshake failed
Wed Jul 07 18:10:55 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 07 18:11:00 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
...
Wed Jul 07 19:05:21 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]_ip_:1194
Wed Jul 07 19:05:21 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 07 19:05:21 2021 UDP link remote: [AF_INET]_ip_:1194
Wed Jul 07 19:06:21 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 07 19:06:21 2021 TLS Error: TLS handshake failed
Wed Jul 07 19:06:21 2021 SIGUSR1[soft,tls-error] received, process restarting
Every search I have done for TLS Error has come up with the solution being "oh, I just had to do my port forwarding on my router..."
UDP 1194 port has been forwarded on the router.
Please help!!! I have read lots of posts and lots of forums and watched YouTube videos and done google searches. What am I missing?