[Solved]Connection fails before network exchange

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Shed3921
OpenVpn Newbie
Posts: 5
Joined: Wed Aug 10, 2022 5:37 pm

[Solved]Connection fails before network exchange

Post by Shed3921 » Wed Aug 10, 2022 5:50 pm

Hello,

I'm looking for some help on the forum after several days of research.
I'm trying to set up a new VPN server and I'm having connection problems with my clients.

My VPN clients fail to connect with the error "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)". Until I have a network exchange with my server (HTTP/HTTPS request for example) and the VPN client manages to connect right after.

I tried to disable my firewall and I have the same behavior.
I use UDP4 on the default port.

I don't have this problem with my second VPN server which has an identical configuration: the clients have no trouble connecting to the server.
I can't change my client configuration (which works with my old server without any problem).

Do not hesitate if you need more information.

Notes :
Server: Debian
Client: Router on Openwrt

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connection fails before network exchange

Post by TinCanTech » Wed Aug 10, 2022 6:59 pm

There is no reason to post the same question again.

Shed3921
OpenVpn Newbie
Posts: 5
Joined: Wed Aug 10, 2022 5:37 pm

Re: Connection fails before network exchange

Post by Shed3921 » Wed Aug 10, 2022 7:00 pm

Sorry, I've put this one in the bad topic. Please delete it :-)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connection fails before network exchange

Post by TinCanTech » Wed Aug 10, 2022 7:13 pm

This is currently the correct place for your question.

If you believe that the problem is caused by openvpn then please add the details requested here:
viewtopic.php?t=22603#p68963

Shed3921
OpenVpn Newbie
Posts: 5
Joined: Wed Aug 10, 2022 5:37 pm

Re: Connection fails before network exchange

Post by Shed3921 » Wed Aug 10, 2022 8:11 pm

You can find here more information about my conf(s).
Hope it will help.

SERVER
Conf
server
##protocol port
port 1194
proto udp
dev tun

##ip server client
server 10.1.0.0 255.255.0.0
topology subnet

management /var/run/openvpn/openvpn.sock unix

##key
ca /etc/openvpn/easyrsa3/pki/[FILE].crt
cert /etc/openvpn/easyrsa3/pki/issued/[FILE].crt
key /etc/openvpn/easyrsa3/pki/private/[FILE].key
dh /etc/openvpn/easyrsa3/pki/dh.pem
#crl-verify /etc/openvpn/easyrsa3/pki/crl.pem

##option
persist-key
persist-tun
keepalive 5 30
reneg-sec 432000

##option authen.
cipher AES-256-CBC
auth SHA1
user XXXX
group XXXX

comp-lzo
client-to-client
username-as-common-name

auth-user-pass-verify /etc/openvpn/scripts/[FILE].sh via-env

##push to client
max-clients 100

##script connect-disconnect
script-security 3 #system
client-connect /etc/openvpn/scripts/[FILE].sh
client-disconnect /etc/openvpn/scripts/[FILE].sh

##log-status
status /var/log/openvpn/status.log
log-append /var/log/openvpn/openvpn.log
verb 4


Network

Code: Select all



enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet [IP]  netmask 255.255.255.0  broadcast [IP]
        inet6 [IP]  prefixlen 64  scopeid 0x20<link>
        ether   txqueuelen 1000  (Ethernet)
        RX packets 86035  bytes 5807099 (5.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 50823  bytes 58341755 (55.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 190  bytes 16106 (15.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 190  bytes 16106 (15.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.1.0.1  netmask 255.255.0.0  destination 10.1.0.1
        inet6   prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 390  bytes 34320 (33.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 412  bytes 24624 (24.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Logs

Code: Select all

Wed Aug 10 21:39:59 2022 us=562488 Current Parameter Settings:
Wed Aug 10 21:39:59 2022 us=562517   config = '/etc/openvpn/server.conf'
Wed Aug 10 21:39:59 2022 us=562525   mode = 1
Wed Aug 10 21:39:59 2022 us=562532   persist_config = DISABLED
Wed Aug 10 21:39:59 2022 us=562539   persist_mode = 1
Wed Aug 10 21:39:59 2022 us=562546   show_ciphers = DISABLED
Wed Aug 10 21:39:59 2022 us=562552   show_digests = DISABLED
Wed Aug 10 21:39:59 2022 us=562558   show_engines = DISABLED
Wed Aug 10 21:39:59 2022 us=562565   genkey = DISABLED
Wed Aug 10 21:39:59 2022 us=562571   key_pass_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562578   show_tls_ciphers = DISABLED
Wed Aug 10 21:39:59 2022 us=562585   connect_retry_max = 0
Wed Aug 10 21:39:59 2022 us=562591 Connection profiles [0]:
Wed Aug 10 21:39:59 2022 us=562598   proto = udp
Wed Aug 10 21:39:59 2022 us=562605   local = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562613   local_port = '1194'
Wed Aug 10 21:39:59 2022 us=562619   remote = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562626   remote_port = '1194'
Wed Aug 10 21:39:59 2022 us=562632   remote_float = DISABLED
Wed Aug 10 21:39:59 2022 us=562639   bind_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=562645   bind_local = ENABLED
Wed Aug 10 21:39:59 2022 us=562651   bind_ipv6_only = DISABLED
Wed Aug 10 21:39:59 2022 us=562657   connect_retry_seconds = 5
Wed Aug 10 21:39:59 2022 us=562664   connect_timeout = 120
Wed Aug 10 21:39:59 2022 us=562670   socks_proxy_server = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562677   socks_proxy_port = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562683   tun_mtu = 1500
Wed Aug 10 21:39:59 2022 us=562690   tun_mtu_defined = ENABLED
Wed Aug 10 21:39:59 2022 us=562696   link_mtu = 1500
Wed Aug 10 21:39:59 2022 us=562702   link_mtu_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=562709   tun_mtu_extra = 0
Wed Aug 10 21:39:59 2022 us=562715   tun_mtu_extra_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=562721   mtu_discover_type = -1
Wed Aug 10 21:39:59 2022 us=562728   fragment = 0
Wed Aug 10 21:39:59 2022 us=562734   mssfix = 1450
Wed Aug 10 21:39:59 2022 us=562741   explicit_exit_notification = 0
Wed Aug 10 21:39:59 2022 us=562747 Connection profiles END
Wed Aug 10 21:39:59 2022 us=562753   remote_random = DISABLED
Wed Aug 10 21:39:59 2022 us=562760   ipchange = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562766   dev = 'tun'
Wed Aug 10 21:39:59 2022 us=562772   dev_type = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562779   dev_node = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562785   lladdr = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562791   topology = 3
Wed Aug 10 21:39:59 2022 us=562798   ifconfig_local = '10.1.0.1'
Wed Aug 10 21:39:59 2022 us=562804   ifconfig_remote_netmask = '255.255.0.0'
Wed Aug 10 21:39:59 2022 us=562811   ifconfig_noexec = DISABLED
Wed Aug 10 21:39:59 2022 us=562817   ifconfig_nowarn = DISABLED
Wed Aug 10 21:39:59 2022 us=562824   ifconfig_ipv6_local = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562829   ifconfig_ipv6_netbits = 0
Wed Aug 10 21:39:59 2022 us=562833   ifconfig_ipv6_remote = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562853   shaper = 0
Wed Aug 10 21:39:59 2022 us=562857   mtu_test = 0
Wed Aug 10 21:39:59 2022 us=562861   mlock = DISABLED
Wed Aug 10 21:39:59 2022 us=562865   keepalive_ping = 5
Wed Aug 10 21:39:59 2022 us=562869   keepalive_timeout = 30
Wed Aug 10 21:39:59 2022 us=562873   inactivity_timeout = 0
Wed Aug 10 21:39:59 2022 us=562877   ping_send_timeout = 5
Wed Aug 10 21:39:59 2022 us=562881   ping_rec_timeout = 60
Wed Aug 10 21:39:59 2022 us=562885   ping_rec_timeout_action = 2
Wed Aug 10 21:39:59 2022 us=562889   ping_timer_remote = DISABLED
Wed Aug 10 21:39:59 2022 us=562893   remap_sigusr1 = 0
Wed Aug 10 21:39:59 2022 us=562896   persist_tun = ENABLED
Wed Aug 10 21:39:59 2022 us=562900   persist_local_ip = DISABLED
Wed Aug 10 21:39:59 2022 us=562904   persist_remote_ip = DISABLED
Wed Aug 10 21:39:59 2022 us=562908   persist_key = ENABLED
Wed Aug 10 21:39:59 2022 us=562912   passtos = DISABLED
Wed Aug 10 21:39:59 2022 us=562916   resolve_retry_seconds = 1000000000
Wed Aug 10 21:39:59 2022 us=562920   resolve_in_advance = DISABLED
Wed Aug 10 21:39:59 2022 us=562924   username = 'XXXX'
Wed Aug 10 21:39:59 2022 us=562927   groupname = 'XXXX'
Wed Aug 10 21:39:59 2022 us=562931   chroot_dir = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562935   cd_dir = '/etc/openvpn'
Wed Aug 10 21:39:59 2022 us=562939   writepid = '/run/openvpn/server.pid'
Wed Aug 10 21:39:59 2022 us=562943   up_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562947   down_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=562951   down_pre = DISABLED
Wed Aug 10 21:39:59 2022 us=562954   up_restart = DISABLED
Wed Aug 10 21:39:59 2022 us=562958   up_delay = DISABLED
Wed Aug 10 21:39:59 2022 us=562962   daemon = ENABLED
Wed Aug 10 21:39:59 2022 us=562966   inetd = 0
Wed Aug 10 21:39:59 2022 us=562970   log = ENABLED
Wed Aug 10 21:39:59 2022 us=562974   suppress_timestamps = DISABLED
Wed Aug 10 21:39:59 2022 us=562978   machine_readable_output = DISABLED
Wed Aug 10 21:39:59 2022 us=562982   nice = 0
Wed Aug 10 21:39:59 2022 us=562986   verbosity = 4
Wed Aug 10 21:39:59 2022 us=562990   mute = 0
Wed Aug 10 21:39:59 2022 us=562993   gremlin = 0
Wed Aug 10 21:39:59 2022 us=562997   status_file = '/var/log/openvpn/status.log'
Wed Aug 10 21:39:59 2022 us=563001   status_file_version = 1
Wed Aug 10 21:39:59 2022 us=563005   status_file_update_freq = 10
Wed Aug 10 21:39:59 2022 us=563009   occ = ENABLED
Wed Aug 10 21:39:59 2022 us=563013   rcvbuf = 0
Wed Aug 10 21:39:59 2022 us=563017   sndbuf = 0
Wed Aug 10 21:39:59 2022 us=563021   mark = 0
Wed Aug 10 21:39:59 2022 us=563025   sockflags = 0
Wed Aug 10 21:39:59 2022 us=563029   fast_io = DISABLED
Wed Aug 10 21:39:59 2022 us=563033   comp.alg = 2
Wed Aug 10 21:39:59 2022 us=563037   comp.flags = 1
Wed Aug 10 21:39:59 2022 us=563040   route_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563044   route_default_gateway = '10.1.0.2'
Wed Aug 10 21:39:59 2022 us=563048   route_default_metric = 0
Wed Aug 10 21:39:59 2022 us=563052   route_noexec = DISABLED
Wed Aug 10 21:39:59 2022 us=563056   route_delay = 0
Wed Aug 10 21:39:59 2022 us=563060   route_delay_window = 30
Wed Aug 10 21:39:59 2022 us=563064   route_delay_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563068   route_nopull = DISABLED
Wed Aug 10 21:39:59 2022 us=563072   route_gateway_via_dhcp = DISABLED
Wed Aug 10 21:39:59 2022 us=563076   allow_pull_fqdn = DISABLED
Wed Aug 10 21:39:59 2022 us=563080   management_addr = '/var/run/openvpn/openvpn.sock'
Wed Aug 10 21:39:59 2022 us=563084   management_port = 'unix'
Wed Aug 10 21:39:59 2022 us=563088   management_user_pass = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563092   management_log_history_cache = 250
Wed Aug 10 21:39:59 2022 us=563096   management_echo_buffer_size = 100
Wed Aug 10 21:39:59 2022 us=563100   management_write_peer_info_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563104   management_client_user = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563108   management_client_group = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563113   management_flags = 256
Wed Aug 10 21:39:59 2022 s=563118   shared_secret_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563128   key_direction = not set
Wed Aug 10 21:39:59 2022 us=563132   ciphername = 'AES-256-CBC'
Wed Aug 10 21:39:59 2022 us=563136   ncp_enabled = ENABLED
Wed Aug 10 21:39:59 2022 us=563140   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Aug 10 21:39:59 2022 us=563144   authname = 'SHA1'
Wed Aug 10 21:39:59 2022 us=563148   prng_hash = 'SHA1'
Wed Aug 10 21:39:59 2022 us=563152   prng_nonce_secret_len = 16
Wed Aug 10 21:39:59 2022 us=563156   keysize = 0
Wed Aug 10 21:39:59 2022 us=563160   engine = DISABLED
Wed Aug 10 21:39:59 2022 us=563164   replay = ENABLED
Wed Aug 10 21:39:59 2022 us=563168   mute_replay_warnings = DISABLED
Wed Aug 10 21:39:59 2022 us=563172   replay_window = 64
Wed Aug 10 21:39:59 2022 us=563176   replay_time = 15
Wed Aug 10 21:39:59 2022 us=563180   packet_id_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563183   use_iv = ENABLED
Wed Aug 10 21:39:59 2022 us=563187   test_crypto = DISABLED
Wed Aug 10 21:39:59 2022 us=563191   tls_server = ENABLED
Wed Aug 10 21:39:59 2022 us=563195   tls_client = DISABLED
Wed Aug 10 21:39:59 2022 us=563199   key_method = 2
Wed Aug 10 21:39:59 2022 us=563204   ca_file = '/etc/openvpn/easyrsa3/pki/ca.crt'
Wed Aug 10 21:39:59 2022 us=563208   ca_path = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563212   dh_file = '/etc/openvpn/easyrsa3/pki/dh.pem'
Wed Aug 10 21:39:59 2022 us=563216   cert_file = '/etc/openvpn/easyrsa3/pki/issued/[FILE].crt'
Wed Aug 10 21:39:59 2022 us=563220   extra_certs_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563224   priv_key_file = '/etc/openvpn/easyrsa3/pki/private/[FILE].key'
Wed Aug 10 21:39:59 2022 us=563228   pkcs12_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563232   cipher_list = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563236   cipher_list_tls13 = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563240   tls_cert_profile = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563243   tls_verify = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563247   tls_export_cert = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563251   verify_x509_type = 0
Wed Aug 10 21:39:59 2022 us=563255   verify_x509_name = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563259   crl_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563263   ns_cert_type = 0
Wed Aug 10 21:39:59 2022 us=563267   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563271   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563275   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563279   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563282   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563286   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563290   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563294   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563298   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563302   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563305   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563309   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563313   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563317   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563321   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563325   remote_cert_ku[i] = 0
Wed Aug 10 21:39:59 2022 us=563329   remote_cert_eku = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563333   ssl_flags = 4
Wed Aug 10 21:39:59 2022 us=563337   tls_timeout = 2
Wed Aug 10 21:39:59 2022 us=563341   renegotiate_bytes = -1
Wed Aug 10 21:39:59 2022 us=563345   renegotiate_packets = 0
Wed Aug 10 21:39:59 2022 us=563348   renegotiate_seconds = 432000
Wed Aug 10 21:39:59 2022 us=563352   handshake_window = 60
Wed Aug 10 21:39:59 2022 us=563357   transition_window = 3600
Wed Aug 10 21:39:59 2022 us=563360   single_session = DISABLED
Wed Aug 10 21:39:59 2022 us=563364   push_peer_info = DISABLED
Wed Aug 10 21:39:59 2022 us=563368   tls_exit = DISABLED
Wed Aug 10 21:39:59 2022 us=563372   tls_auth_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563376   tls_crypt_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563380   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563384   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563391   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563395   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563399   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563402   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563406   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563410   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563414   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563418   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563422   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563426   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563429   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563433   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563437   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563441   pkcs11_protected_authentication = DISABLED
Wed Aug 10 21:39:59 2022 us=563445   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563449   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563453   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563457   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563461   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563465   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563468   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563472   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563476   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563480   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563484   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563488   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563492   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563496   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563499   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563503   pkcs11_private_mode = 00000000
Wed Aug 10 21:39:59 2022 us=563507   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563511   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563515   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563519   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563522   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563526   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563530   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563534   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563538   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563542   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563545   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563549   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563553   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563557   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563561   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563564   pkcs11_cert_private = DISABLED
Wed Aug 10 21:39:59 2022 us=563568   pkcs11_pin_cache_period = -1
Wed Aug 10 21:39:59 2022 us=563572   pkcs11_id = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563576   pkcs11_id_management = DISABLED
Wed Aug 10 21:39:59 2022 us=563581   server_network = 10.1.0.0
Wed Aug 10 21:39:59 2022 us=563585   server_netmask = 255.255.0.0
Wed Aug 10 21:39:59 2022 us=563590   server_network_ipv6 = ::
Wed Aug 10 21:39:59 2022 us=563594   server_netbits_ipv6 = 0
Wed Aug 10 21:39:59 2022 us=563598   server_bridge_ip = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563603   server_bridge_netmask = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563607   server_bridge_pool_start = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563612   server_bridge_pool_end = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563616   push_entry = 'route-gateway 10.1.0.1'
Wed Aug 10 21:39:59 2022 us=563622   push_entry = 'topology subnet'
Wed Aug 10 21:39:59 2022 us=563626   push_entry = 'ping 5'
Wed Aug 10 21:39:59 2022 us=563630   push_entry = 'ping-restart 30'
Wed Aug 10 21:39:59 2022 us=563634   ifconfig_pool_defined = ENABLED
Wed Aug 10 21:39:59 2022 us=563638   ifconfig_pool_start = 10.1.0.2
Wed Aug 10 21:39:59 2022 us=563643   ifconfig_pool_end = 10.1.255.253
Wed Aug 10 21:39:59 2022 us=563647   ifconfig_pool_netmask = 255.255.0.0
Wed Aug 10 21:39:59 2022 us=563651   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563655   ifconfig_pool_persist_refresh_freq = 600
Wed Aug 10 21:39:59 2022 us=563659   ifconfig_ipv6_pool_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563664   ifconfig_ipv6_pool_base = ::
Wed Aug 10 21:39:59 2022 us=563668   ifconfig_ipv6_pool_netbits = 0
Wed Aug 10 21:39:59 2022 us=563672   n_bcast_buf = 256
Wed Aug 10 21:39:59 2022 us=563676   tcp_queue_limit = 64
Wed Aug 10 21:39:59 2022 us=563680   real_hash_size = 256
Wed Aug 10 21:39:59 2022 us=563684   virtual_hash_size = 256
Wed Aug 10 21:39:59 2022 us=563688   client_connect_script = '/etc/openvpn/scripts/[FILE].sh'
Wed Aug 10 21:39:59 2022 us=563692   learn_address_script = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563696   client_disconnect_script = '/etc/openvpn/scripts/[FILE].sh'
Wed Aug 10 21:39:59 2022 us=563700   client_config_dir = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563704   ccd_exclusive = DISABLED
Wed Aug 10 21:39:59 2022 us=563708   tmp_dir = '/tmp'
Wed Aug 10 21:39:59 2022 us=563712   push_ifconfig_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563716   push_ifconfig_local = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563721   push_ifconfig_remote_netmask = 0.0.0.0
Wed Aug 10 21:39:59 2022 us=563724   push_ifconfig_ipv6_defined = DISABLED
Wed Aug 10 21:39:59 2022 us=563729   push_ifconfig_ipv6_local = ::/0
Wed Aug 10 21:39:59 2022 us=563733   push_ifconfig_ipv6_remote = ::
Wed Aug 10 21:39:59 2022 us=563737   enable_c2c = ENABLED
Wed Aug 10 21:39:59 2022 us=563741   duplicate_cn = DISABLED
Wed Aug 10 21:39:59 2022 us=563745   cf_max = 0
Wed Aug 10 21:39:59 2022 us=563749   cf_per = 0
Wed Aug 10 21:39:59 2022 us=563753   max_clients = 100
Wed Aug 10 21:39:59 2022 us=563757   max_routes_per_client = 256
Wed Aug 10 21:39:59 2022 us=563761   auth_user_pass_verify_script = '/etc/openvpn/scripts/[FILE].sh'
Wed Aug 10 21:39:59 2022 us=563765   auth_user_pass_verify_script_via_file = DISABLED
Wed Aug 10 21:39:59 2022 us=563769   auth_token_generate = DISABLED
Wed Aug 10 21:39:59 2022 us=563773   auth_token_lifetime = 0
Wed Aug 10 21:39:59 2022 us=563777   port_share_host = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563781   port_share_port = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563785   client = DISABLED
Wed Aug 10 21:39:59 2022 us=563789   pull = DISABLED
Wed Aug 10 21:39:59 2022 us=563793   auth_user_pass_file = '[UNDEF]'
Wed Aug 10 21:39:59 2022 us=563797 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
Wed Aug 10 21:39:59 2022 us=563803 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
Wed Aug 10 21:39:59 2022 us=563893 MANAGEMENT: unix domain socket listening on /var/run/openvpn/openvpn.sock
Wed Aug 10 21:39:59 2022 us=564000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Aug 10 21:39:59 2022 us=564222 Diffie-Hellman initialized with 2048 bit key
Wed Aug 10 21:39:59 2022 us=564465 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 21:39:59 2022 us=564699 TUN/TAP device tun0 opened
Wed Aug 10 21:39:59 2022 us=564725 TUN/TAP TX queue length set to 100
Wed Aug 10 21:39:59 2022 us=564733 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Aug 10 21:39:59 2022 us=564742 /sbin/ip link set dev tun0 up mtu 1500
Wed Aug 10 21:39:59 2022 us=565841 /sbin/ip addr add dev tun0 10.1.0.1/16 broadcast 10.1.255.255
Wed Aug 10 21:39:59 2022 us=566858 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 21:39:59 2022 us=567657 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 10 21:39:59 2022 us=567684 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Aug 10 21:39:59 2022 us=567699 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Aug 10 21:39:59 2022 us=567705 UDPv4 link remote: [AF_UNSPEC]
Wed Aug 10 21:39:59 2022 us=567716 GID set to XXXX
Wed Aug 10 21:39:59 2022 us=567742 UID set to XXXX
Wed Aug 10 21:39:59 2022 us=567753 MULTI: multi_init called, r=256 v=256
Wed Aug 10 21:39:59 2022 us=568442 IFCONFIG POOL: base=10.1.0.2 size=65532, ipv6=0
Wed Aug 10 21:39:59 2022 us=568497 Initialization Sequence Completed

====> curl from client here <====

Wed Aug 10 21:44:19 2022 us=52796 MULTI: multi_create_instance called
Wed Aug 10 21:44:19 2022 us=52841 [IP]:19506 Re-using SSL/TLS context
Wed Aug 10 21:44:19 2022 us=52853 [IP]:19506 LZO compression initializing
Wed Aug 10 21:44:19 2022 us=52945 [IP]:19506 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 21:44:19 2022 us=52954 [IP]:19506 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 21:44:19 2022 us=52988 [IP]:19506 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Aug 10 21:44:19 2022 us=52996 [IP]:19506 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Aug 10 21:44:19 2022 us=53018 [IP]:19506 TLS: Initial packet from [AF_INET][IP]:19506, sid=cb834b7d f5dee07e
Wed Aug 10 21:44:19 2022 us=416168 [IP]:19506 VERIFY OK: depth=1, CN=[IP]
Wed Aug 10 21:44:19 2022 us=416276 [IP]:19506 VERIFY OK: depth=0, CN=[CERT]
Wed Aug 10 21:44:19 2022 us=461326 [IP]:19506 peer info: IV_VER=2.4.7
Wed Aug 10 21:44:19 2022 us=461342 [IP]:19506 peer info: IV_PLAT=linux
Wed Aug 10 21:44:19 2022 us=461348 [IP]:19506 peer info: IV_PROTO=2
Wed Aug 10 21:44:19 2022 us=461355 [IP]:19506 peer info: IV_NCP=2
Wed Aug 10 21:44:19 2022 us=461361 [IP]:19506 peer info: IV_LZ4=1
Wed Aug 10 21:44:19 2022 us=461367 [IP]:19506 peer info: IV_LZ4v2=1
Wed Aug 10 21:44:19 2022 us=461373 [IP]:19506 peer info: IV_LZO=1
Wed Aug 10 21:44:19 2022 us=461379 [IP]:19506 peer info: IV_COMP_STUB=1
Wed Aug 10 21:44:19 2022 us=461386 [IP]:19506 peer info: IV_COMP_STUBv2=1
Wed Aug 10 21:44:19 2022 us=461392 [IP]:19506 peer info: IV_TCPNL=1
Wed Aug 10 21:44:19 2022 us=468617 [IP]:19506 TLS: Username/Password authentication succeeded for username '[CERT]' [CN SET]
Wed Aug 10 21:44:19 2022 us=512800 [IP]:19506 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Aug 10 21:44:19 2022 us=512821 [IP]:19506 [[CERT]] Peer Connection Initiated with [AF_INET][IP]:19506
Wed Aug 10 21:44:19 2022 us=513009 [CERT]/[IP]:19506 MULTI_sva: pool returned IPv4=10.1.0.2, IPv6=(Not enabled)
Wed Aug 10 21:44:19 2022 us=598378 [CERT]/[IP]:19506 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_53a6290e3fff084e7b30ec7d599e7ec5.tmp
Wed Aug 10 21:44:19 2022 us=598456 [CERT]/[IP]:19506 MULTI: Learn: 10.1.0.2 -> [CERT]/[IP]:19506
Wed Aug 10 21:44:19 2022 us=598468 [CERT]/[IP]:19506 MULTI: primary virtual IP for [CERT]/[IP]:19506: 10.1.0.2
Wed Aug 10 21:44:20 2022 us=573334 [CERT]/[IP]:19506 PUSH: Received control message: 'PUSH_REQUEST'
Wed Aug 10 21:44:20 2022 us=573375 [CERT]/[IP]:19506 SENT CONTROL [[CERT]]: 'PUSH_REPLY,route-gateway 10.1.0.1,topology subnet,ping 5,ping-restart 30,ifconfig 10.1.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Aug 10 21:44:20 2022 us=573384 [CERT]/[IP]:19506 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Aug 10 21:44:20 2022 us=573415 [CERT]/[IP]:19506 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
Wed Aug 10 21:44:20 2022 us=573492 [CERT]/[IP]:19506 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Aug 10 21:44:20 2022 us=573500 [CERT]/[IP]:19506 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

CLIENT
Conf
client
config openvpn 'CLIENT'
option float '1'
option client '1'
option status '/tmp/openvpn-status.log'
option reneg_sec '0'
option persist_key '1'
option nobind '1'
option remote_cert_tls 'server'
option persist_tun '1'
option auth 'SHA1'
option cipher 'AES-256-CBC'
option dev 'tun'
option ca '[FILE].ca'
option enabled '1'
option cert '[FILE].cert'
option key '[FILE].key'
option auth_user_pass '[FILE].auth_user_pass'
option route_noexec '1'
option route_nopull '1'
option up_delay '60'
option connect_retry '10 20'
option pull '0'
option comp_lzo 'yes'
list remote '[IP] 1194 udp4'
option verb '4'


Network

Code: Select all

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:438 errors:0 dropped:0 overruns:0 frame:0
          TX packets:438 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:31873 (31.1 KiB)  TX bytes:31873 (31.1 KiB)

tun       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.1.0.2  P-t-P:10.1.0.2  Mask:255.255.0.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:58 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:3468 (3.3 KiB)  TX bytes:4400 (4.2 KiB)

usb0      Link encap:Ethernet  HWaddr 
          inet addr:[IP]  Mask:255.255.255.248
          inet6 addr: [IP] Scope:Link
          UP RUNNING NOARP  MTU:1420  Metric:1
          RX packets:174 errors:0 dropped:0 overruns:0 frame:0
          TX packets:211 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23128 (22.5 KiB)  TX bytes:24149 (23.5 KiB)

wlan0     Link encap:Ethernet  HWaddr 
          inet addr:192.168.1.254  Bcast:192.168.3.255  Mask:255.255.252.0
          inet6 addr: [IP] Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:204 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15991 (15.6 KiB)  TX bytes:56242 (54.9 KiB)
Logs

Code: Select all

Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: OpenVPN 2.4.7 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: LZO compression initializing
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link local: (not bound)
Wed Aug 10 19:42:38 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link remote: [AF_INET][IP]:1194
Wed Aug 10 19:43:38 2022 daemon.err openvpn(CLIENT)[11990]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 10 19:43:38 2022 daemon.err openvpn(CLIENT)[11990]: TLS Error: TLS handshake failed
Wed Aug 10 19:43:38 2022 daemon.notice openvpn(CLIENT)[11990]: TCP/UDP: Closing socket
Wed Aug 10 19:43:38 2022 daemon.notice openvpn(CLIENT)[11990]: SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 10 19:43:38 2022 daemon.notice openvpn(CLIENT)[11990]: Restart pause, 10 second(s)
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Re-using SSL/TLS context
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: LZO compression initializing
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link local: (not bound)
Wed Aug 10 19:43:48 2022 daemon.notice openvpn(CLIENT)[11990]: UDPv4 link remote: [AF_INET][IP]:1194

====> curl myserver here <====

Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: TLS: Initial packet from [AF_INET][IP]:1194, sid=da1436fe 2c6562a5
Wed Aug 10 19:44:19 2022 daemon.warn openvpn(CLIENT)[11990]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY OK: depth=1, CN=[IP]
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY KU OK
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: Validating certificate extended key usage
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY EKU OK
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: VERIFY OK: depth=0, CN=[IP]
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Aug 10 19:44:19 2022 daemon.notice openvpn(CLIENT)[11990]: [IP] Peer Connection Initiated with [AF_INET][IP]:1194
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: SENT CONTROL [IP]: 'PUSH_REQUEST' (status=1)
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.1.0.1,topology subnet,ping 5,ping-restart 30,ifconfig 10.1.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM'
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: timers and/or timeouts modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: --ifconfig/up options modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: route-related options modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: peer-id set
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: OPTIONS IMPORT: data channel crypto options modified
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Interface 'ovpn' is enabled
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Network device 'tun' link is up
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Interface 'ovpns' has link connectivity
Wed Aug 10 19:44:20 2022 daemon.notice netifd: Interface 'ovpn' is setting up now
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: TUN/TAP device tun opened
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: TUN/TAP TX queue length set to 100
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: /sbin/ifconfig tun 10.1.0.2 netmask 255.255.0.0 mtu 1500 broadcast 10.1.255.255
Wed Aug 10 19:44:20 2022 daemon.notice openvpn(CLIENT)[11990]: Initialization Sequence Completed

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connection fails before network exchange

Post by TinCanTech » Wed Aug 10, 2022 8:20 pm

Shed3921 wrote:
Wed Aug 10, 2022 8:11 pm
Wed Aug 10 21:39:59 2022 us=568442 IFCONFIG POOL: base=10.1.0.2 size=65532, ipv6=0
Wed Aug 10 21:39:59 2022 us=568497 Initialization Sequence Completed

====> curl from client here <====

Wed Aug 10 21:44:19 2022 us=52796 MULTI: multi_create_instance called
Wed Aug 10 21:44:19 2022 us=52841 [IP]:19506 Re-using SSL/TLS context
And without the ====> curl from client here <==== your client cannot connect.

Shed3921
OpenVpn Newbie
Posts: 5
Joined: Wed Aug 10, 2022 5:37 pm

Re: Connection fails before network exchange

Post by Shed3921 » Wed Aug 10, 2022 8:23 pm

Yes, the client never connects if there is no network exchange with the server.

Exemple, client log without curl :

Code: Select all

Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link local: (not bound)
Wed Aug 10 19:40:01 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link remote: [AF_INET][IP]:1194
Wed Aug 10 19:41:01 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 10 19:41:01 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS handshake failed
Wed Aug 10 19:41:01 2022 daemon.notice openvpn(CLIENT)[3325]: SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 10 19:41:01 2022 daemon.notice openvpn(CLIENT)[3325]: Restart pause, 20 second(s)
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1194
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link local: (not bound)
Wed Aug 10 19:41:21 2022 daemon.notice openvpn(CLIENT)[3325]: UDPv4 link remote: [AF_INET[IP]:1194
Wed Aug 10 19:42:21 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Aug 10 19:42:21 2022 daemon.err openvpn(CLIENT)[3325]: TLS Error: TLS handshake failed
Wed Aug 10 19:42:21 2022 daemon.notice openvpn(CLIENT)[3325]: SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 10 19:42:21 2022 daemon.notice openvpn(CLIENT)[3325]: Restart pause, 20 second(s)
And so on...
Last edited by Shed3921 on Wed Aug 10, 2022 8:34 pm, edited 1 time in total.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connection fails before network exchange

Post by TinCanTech » Wed Aug 10, 2022 8:33 pm

I would normally advise you to speak to your network administrator, however,
you probably are the notwork administrator ..

Which means you have to figure out what you have done to your network.

It is almost certainly your server network router at fault, perhaps:
  • ARP - Unlikely
  • Port knocking - You never know
  • Firewall - The usual suspect
  • Wonky security setting - ISP
  • Edit: Other unspecified - Take your pick; more than one NIC .. or cat stuff

richieremington7
OpenVpn Newbie
Posts: 1
Joined: Wed Mar 09, 2022 7:26 am

Re: Connection fails before network exchange

Post by richieremington7 » Tue Aug 16, 2022 8:32 am

this is a too difficult situation when network connections fail.

Shed3921
OpenVpn Newbie
Posts: 5
Joined: Wed Aug 10, 2022 5:37 pm

Re: Connection fails before network exchange

Post by Shed3921 » Thu Nov 03, 2022 8:25 pm

Hello,

The problem was with the firewall of my server provider (OVH / Game Firwall).

Regards.

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: [Solved]Connection fails before network exchange

Post by Pippin » Fri Nov 04, 2022 7:34 pm

Glad you got it solved.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Post Reply