TLS error occurs when I try to connect to an OpenVPN server from a router

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
DmitriyTashnov
OpenVpn Newbie
Posts: 1
Joined: Sat Nov 19, 2022 5:18 pm

TLS error occurs when I try to connect to an OpenVPN server from a router

Post by DmitriyTashnov » Sat Nov 19, 2022 5:47 pm

Hello everyone, today I created an OpenVPN server on my VDS to connect work devices to the same network, and although all clients on Windows 10 connect without any problems, I get an error on the router from the same network as Win10 machines

Nov 19 15:11:55 openvpn[1449]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=63731366 8295bc9d
Nov 19 15:12:55 openvpn[1449]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 19 15:12:55 openvpn[1449]: TLS Error: TLS handshake failed
Nov 19 15:12:55 openvpn[1449]: SIGUSR1[soft,tls-error] received, process restarting
Nov 19 15:12:55 openvpn[1449]: Restart pause, 2 second(s)
Nov 19 15:12:57 openvpn[1449]: Socket Buffers: R=[116736->131072] S=[116736->131072]
Nov 19 15:12:57 openvpn[1449]: UDPv4 link local: [undef]
Nov 19 15:12:57 openvpn[1449]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Nov 19 15:12:57 openvpn[1449]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=44190fe3 f770cb18
and so on

My server config

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "route 10.0.56.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 95.167.167.95"
client-to-client
keepalive 20 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256

### before TLS error, syslog on mu asus router complained about nobody and nogroup ###

;user nobody
;group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

No matter what i try to do TLS handshake still drops between router and server.
I will be glad for your advice.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: TLS error occurs when I try to connect to an OpenVPN server from a router

Post by ordex » Tue Nov 29, 2022 9:54 pm

unfortunately this is not useful because this simply means that this device hasn't got any reply back within 60 seconds.
I'd suggest to enable "verb 4" on the server and post the server log during the router connection attempt. It should contain the actual reason for not processing the incoming connection request.

Post Reply