TLS Error: TLS handshake failed

Samples of working configurations.
Post Reply
trentisdino
OpenVpn Newbie
Posts: 2
Joined: Sat Aug 08, 2015 8:49 pm

TLS Error: TLS handshake failed

Post by trentisdino » Sat Aug 08, 2015 9:39 pm

So I've followed the https://community.openvpn.net/openvpn/w ... dows_Guide to the point, but I get a TLS error when I try connecting to the server from my mac as a client.
  • Initial packet from [AF_INET](my mac's ipv4 address):53229, sid=4aef79a0 e804b658
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    SIGUSR1[soft,tls-error] received, client-instance restarting
Here is my server config (this is on my windows 8 computer)
  • port 1194
    proto udp
    dev tun
    ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
    cert "C:\\Program Files\\OpenVPN\\config\\server.crt"
    key "C:\\Program Files\\OpenVPN\\config\\server.key" # This file should be kept secret
    dh "C:\\Program Files\\OpenVPN\\config\\dh1024.pem"
    server 10.8.0.0 255.255.255.0
    ifconfig-pool-persist ipp.txt
    keepalive 10 120
    comp-lzo
    persist-key
    persist-tun
    status openvpn-status.log
    verb 3
My trent-laptop client config file (this is on a mac computer and is using Tunnelblick)
  • client
    dev tun
    proto udp
    remote dinoservervpnhost.no-ip.biz 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca /Users/TrentWilliam/Desktop/Client/ca.crt
    cert /Users/TrentWilliam/Desktop/Client/trent-laptop.crt
    key /Users/TrentWilliam/Desktop/Client/trent-laptop.key
    remote-cert-tls server
    comp-lzo
    verb 3
I have set an inbound rule on my windows 8 server host computer's firewall with
Protocol type: UDP
Local Port: 1194
Remote Port: All Ports

I have also gone to my NAT/Gaming tab on my router and added the service
Name: dino-vpn-server
Global Port Range: 1194-1994
Protocol: UDP
Host Port: 1194

On the client side there is a repeating log that says
  • TCP/UDP: Incoming packet rejected from [AF_INET](my windows 8/host computer's ipv4 address):1194[2], expected peer address:[AF_INET](my external ip address/ISP public IP address):1194 (allow this incoming source address/prot by removing --remote or adding --float)
The answer is probable right in front of me. Please consider that I am a complete noob when it comes to this. So in questions or answers that you may provide keep it thorough in explanation.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: TLS Error: TLS handshake failed

Post by Traffic » Tue Aug 11, 2015 9:23 am

trentisdino wrote: have also gone to my NAT/Gaming tab on my router and added the service
Name: dino-vpn-server
Global Port Range: 1194-1994
Probably a typo .. I presume you meant Global Port Range: 1194-1194
trentisdino wrote:On the client side there is a repeating log that says
  • TCP/UDP: Incoming packet rejected from [AF_INET](my windows 8/host computer's ipv4 address):1194[2], expected peer address:[AF_INET](my external ip address/ISP public IP address):1194 (allow this incoming source address/prot by removing --remote or adding --float)
I presume you mean something like:
  • TCP/UDP: Incoming packet rejected from [AF_INET](192.168.1.10):1194[2], expected peer address:[AF_INET](12.34.56.78):1194 (allow this incoming source address/prot by removing --remote or adding --float)
Which probably means your router is not doing NAT correctly ..

Are you testing from within your own LAN ? .. if so try in your client config:

Code: Select all

remote 192.168.1.10
where 192.168.1.10 is the LAN IP of your server.

Post Reply