TLS Error: TLS handshake failed

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

TLS Error: TLS handshake failed

Post by derrickearly » Sat Oct 09, 2021 2:18 am

I'm having trouble with TLS. Here is my client log.

[olog]
Sat Oct 9 02:01:20 2021 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 29 2020
Sat Oct 9 02:01:20 2021 library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.06
Sat Oct 9 02:01:20 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Oct 9 02:01:20 2021 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Oct 9 02:01:20 2021 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Oct 9 02:01:20 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Sat Oct 9 02:01:20 2021 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sat Oct 9 02:01:20 2021 UDP link local: (not bound)
Sat Oct 9 02:01:20 2021 UDP link remote: [AF_INET]x.x.x.x:1194
Sat Oct 9 02:02:21 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Oct 9 02:02:21 2021 TLS Error: TLS handshake failed
Sat Oct 9 02:02:21 2021 SIGUSR1[soft,tls-error] received, process restarting
Sat Oct 9 02:02:21 2021 Restart pause, 5 second(s)
Sat Oct 9 02:02:26 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
[/olog]

Here is my server.ovpn:

server.ovpn
port 1194
proto udp
dev tun
ca ca.crt
cert mrtuxVPN.crt
key mrtuxVPN.key # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta_new.key 0 # This file is secret
cipher AES-256-GCM
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1


And my client.ovpn:

client.ovpn
client
dev tun
proto udp
remote my-server-2 1194
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
remote-cert-tls server
tls-auth [inline] 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-256-GCM
verb 3


I've checked everything in:
https://openvpn.net/faq/tls-error-tls-k ... nectivity/

Any ideas will be greatly appreciated.

derrickearly
OpenVpn Newbie
Posts: 14
Joined: Fri Oct 08, 2021 8:01 pm

Re: TLS Error: TLS handshake failed

Post by derrickearly » Sat Oct 09, 2021 12:38 pm

Looks like I figured out my own problem. I had another vpn server using softether software running, and it had the 1194 port opened already. When I stopped the service, the client was able to connect to the openvpn server on my LAN. I had to add "local 192.168.1.175" to my server config file to get my client to see the server on the WAN.

never-stop-learning
OpenVPN User
Posts: 39
Joined: Sat Oct 02, 2021 3:57 pm

Re: TLS Error: TLS handshake failed

Post by never-stop-learning » Sun Oct 10, 2021 11:12 am

In case your port 1194 is used already, you can just change your VPN server port from 1194 to different port :)

Post Reply