Hi,
i am having problems connecting to VPN Server. Extract from log is below.
My Setup is that i have a router connected to the internet and then I have another router (working as a gateway) connected the one with the internet which has the firmware for OpenVPN i.e. DD-WRT. I have setup port forwarding on the router connected to the interent to send UDP Packets with port 1194 to the DD-WRT router. I have disabled the firewall on the DD-WRT router and on the client laptop. I still get the error below. I am not too sure what the problem is? Help please please please....
Thu Apr 11 23:41:47 2013 us=636013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Apr 11 23:41:47 2013 us=636013 Need hold release from management interface, waiting...
Thu Apr 11 23:41:48 2013 us=119614 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Apr 11 23:41:48 2013 us=229814 MANAGEMENT: CMD 'state on'
Thu Apr 11 23:41:48 2013 us=229814 MANAGEMENT: CMD 'log all on'
Thu Apr 11 23:41:48 2013 us=323414 MANAGEMENT: CMD 'hold off'
Thu Apr 11 23:41:48 2013 us=323414 MANAGEMENT: CMD 'hold release'
Thu Apr 11 23:41:48 2013 us=323414 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 11 23:41:48 2013 us=619815 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Apr 11 23:41:48 2013 us=619815 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 11 23:41:48 2013 us=619815 MANAGEMENT: >STATE:1365720108,RESOLVE,,,
Thu Apr 11 23:41:50 2013 us=117417 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Thu Apr 11 23:41:50 2013 us=117417 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Apr 11 23:41:50 2013 us=117417 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Apr 11 23:41:50 2013 us=117417 Local Options hash (VER=V4): '8326dbaa'
Thu Apr 11 23:41:50 2013 us=117417 Expected Remote Options hash (VER=V4): 'b7f67de4'
Thu Apr 11 23:41:50 2013 us=117417 UDPv4 link local: [undef]
Thu Apr 11 23:41:50 2013 us=117417 UDPv4 link remote: [AF_INET]5.68.9.199:1194
Thu Apr 11 23:41:50 2013 us=117417 MANAGEMENT: >STATE:1365720110,WAIT,,,
Thu Apr 11 23:42:50 2013 us=739339 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 11 23:42:50 2013 us=739339 TLS Error: TLS handshake failed
Thu Apr 11 23:42:50 2013 us=739339 TCP/UDP: Closing socket
Thu Apr 11 23:42:50 2013 us=739339 SIGUSR1[soft,tls-error] received, process restarting
Thu Apr 11 23:42:50 2013 us=739339 MANAGEMENT: >STATE:1365720170,RECONNECTING,tls-error,,
Thu Apr 11 23:42:50 2013 us=739339 Restart pause, 2 second(s)
Thu Apr 11 23:42:52 2013 us=767343 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Apr 11 23:42:52 2013 us=767343 Re-using SSL/TLS context
Thu Apr 11 23:42:52 2013 us=767343 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Apr 11 23:42:52 2013 us=767343 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Apr 11 23:42:52 2013 us=767343 MANAGEMENT: >STATE:1365720172,RESOLVE,,,
Thu Apr 11 23:42:53 2013 us=313344 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Thu Apr 11 23:42:53 2013 us=313344 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Apr 11 23:42:53 2013 us=313344 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Apr 11 23:42:53 2013 us=313344 Local Options hash (VER=V4): '8326dbaa'
Thu Apr 11 23:42:53 2013 us=313344 Expected Remote Options hash (VER=V4): 'b7f67de4'
Thu Apr 11 23:42:53 2013 us=313344 UDPv4 link local: [undef]
Thu Apr 11 23:42:53 2013 us=313344 UDPv4 link remote: [AF_INET]5.68.9.199:1194
Thu Apr 11 23:42:53 2013 us=313344 MANAGEMENT: >STATE:1365720173,WAIT,,,
Thu Apr 11 23:43:02 2013 us=298960 TCP/UDP: Closing socket
Thu Apr 11 23:43:02 2013 us=298960 SIGTERM[hard,] received, process exiting
Thu Apr 11 23:43:02 2013 us=298960 MANAGEMENT: >STATE:1365720182,EXITING,SIGTERM,,
TLS handshake failed (all firwewalls checked & port forward)
-
01leo123
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Apr 11, 2013 12:54 pm
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: TLS handshake failed (all firwewalls checked & port forw
something is blocking access - a firewall or dodgy router. what is the corresponding log on the vpn server?Thu Apr 11 23:42:50 2013 us=739339 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Apr 11 23:42:50 2013 us=739339 TLS Error: TLS handshake failed
Thu Apr 11 23:42:50 2013 us=739339 TCP/UDP: Closing socket
-
01leo123
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Apr 11, 2013 12:54 pm
Re: TLS handshake failed (all firwewalls checked & port forw
Hi,
I have looked at the logs now on the router which is the server for OpenVPN and i cant see anything OpenVPN related!
The router which does the forwarding to the DD WRT router (openvpn server) has port forwarding set up. If I switch that off then I get a different error in OpenVPN - REFUSED error. So the first router with port forwarding does seem to do something.
All i can think of is that the DD WRT router is not letting the packet in. I have setup port forwarding on the DD WRT router to itself but it still doesnt work.
Something is missing but dont know what....?
I have looked at the logs now on the router which is the server for OpenVPN and i cant see anything OpenVPN related!
The router which does the forwarding to the DD WRT router (openvpn server) has port forwarding set up. If I switch that off then I get a different error in OpenVPN - REFUSED error. So the first router with port forwarding does seem to do something.
All i can think of is that the DD WRT router is not letting the packet in. I have setup port forwarding on the DD WRT router to itself but it still doesnt work.
Something is missing but dont know what....?
-
01leo123
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Apr 11, 2013 12:54 pm
Re: TLS handshake failed (all firwewalls checked & port forw
So, I have checkeded the log again on the DD WRT router and to be honest if their was any openvpn stuff on their i would not be able to tell.
It has statements on kernal, accept in, mac, src, dst, len, tos, prec, ttl, id, proto, spt, dpt, len.
I am not too sure what i need to look out for?
It has statements on kernal, accept in, mac, src, dst, len, tos, prec, ttl, id, proto, spt, dpt, len.
I am not too sure what i need to look out for?
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: TLS handshake failed (all firwewalls checked & port forw
also ensure that packets going OUT on udp port 1194 are allowed; furthermore, try temporarily switching to 'mode tcp' in your openvpn setup - if that works it will provide some extra info on where things are failing.
I'm not familiar with dd-wrt itself, but I hope you can add some logging rules in the iptables i/f (or run tcpdump directly). If you can add iptables logging rules, then add something like
I'm not familiar with dd-wrt itself, but I hope you can add some logging rules in the iptables i/f (or run tcpdump directly). If you can add iptables logging rules, then add something like
Code: Select all
iptables -I FORWARDING -p udp --dport 1194 -j LOG-
hiteshdhruv
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Apr 13, 2013 10:11 pm
Re: TLS handshake failed (all firwewalls checked & port forw
hi...friends i'm new to this vpn world so...i'm not getting it as easy as it could be....
i have downloaded a config to connect but every time i get a tls error : key negotiation failed within 60 seconds....
i had tried it without firewall and reinstalling windows but no gain
so could u guys help me in this..............
Sun Apr 14 03:17:43 2013 us=58000 Current Parameter Settings:
Sun Apr 14 03:17:43 2013 us=58000 config = 'BSNL NET 2.ovpn'
Sun Apr 14 03:17:43 2013 us=58000 mode = 0
Sun Apr 14 03:17:43 2013 us=58000 show_ciphers = DISABLED
Sun Apr 14 03:17:43 2013 us=58000 show_digests = DISABLED
Sun Apr 14 03:17:43 2013 us=58000 show_engines = DISABLED
Sun Apr 14 03:17:43 2013 us=58000 NOTE: --mute triggered...
Sun Apr 14 03:17:43 2013 us=58000 276 variation(s) on previous 6 message(s) suppressed by --mute
Sun Apr 14 03:17:43 2013 us=58000 NMDVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Apr 25 2011
Sun Apr 14 03:17:43 2013 us=58000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:17:43 2013 us=58000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:17:43 2013 us=58000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:17:43 2013 us=167000 LZO compression initialized
Sun Apr 14 03:17:43 2013 us=167000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:17:43 2013 us=183000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:17:43 2013 us=183000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:17:43 2013 us=183000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:17:43 2013 us=183000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:17:43 2013 us=183000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:17:43 2013 us=183000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:17:43 2013 us=183000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:17:44 2013 us=946000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:17:44 2013 us=946000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:17:44 2013 us=946000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:17:44 2013 us=946000 Host:bsnllive.in
Sun Apr 14 03:17:44 2013 us=946000 X-Online-Host:bsnllive.in
Sun Apr 14 03:17:45 2013 us=398000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:17:47 2013 us=411000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:17:47 2013 us=411000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:18:47 2013 us=970000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:18:47 2013 us=970000 TLS Error: TLS handshake failed
Sun Apr 14 03:18:47 2013 us=970000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:18:47 2013 us=970000 TCP/UDP: Closing socket
Sun Apr 14 03:18:47 2013 us=970000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:18:47 2013 us=970000 Restart pause, 5 second(s)
Sun Apr 14 03:18:52 2013 us=978000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:18:52 2013 us=978000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:18:52 2013 us=978000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:18:52 2013 us=978000 Re-using SSL/TLS context
Sun Apr 14 03:18:52 2013 us=978000 LZO compression initialized
Sun Apr 14 03:18:52 2013 us=978000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:18:52 2013 us=978000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:18:52 2013 us=978000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:18:52 2013 us=978000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:18:52 2013 us=978000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:18:52 2013 us=978000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:18:52 2013 us=978000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:18:52 2013 us=978000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:18:53 2013 us=212000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:18:53 2013 us=212000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:18:53 2013 us=212000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:18:53 2013 us=212000 Host:bsnllive.in
Sun Apr 14 03:18:53 2013 us=212000 X-Online-Host:bsnllive.in
Sun Apr 14 03:18:53 2013 us=680000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:18:55 2013 us=677000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:18:55 2013 us=677000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:19:55 2013 us=175000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:19:55 2013 us=175000 TLS Error: TLS handshake failed
Sun Apr 14 03:19:55 2013 us=175000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:19:55 2013 us=175000 TCP/UDP: Closing socket
Sun Apr 14 03:19:55 2013 us=175000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:19:55 2013 us=175000 Restart pause, 5 second(s)
Sun Apr 14 03:20:00 2013 us=183000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:20:00 2013 us=183000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:20:00 2013 us=183000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:20:00 2013 us=183000 Re-using SSL/TLS context
Sun Apr 14 03:20:00 2013 us=183000 LZO compression initialized
Sun Apr 14 03:20:00 2013 us=183000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:20:00 2013 us=183000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:20:00 2013 us=183000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:20:00 2013 us=183000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:20:00 2013 us=183000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:20:00 2013 us=183000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:20:00 2013 us=183000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:20:00 2013 us=183000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:20:00 2013 us=417000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:20:00 2013 us=417000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:20:00 2013 us=417000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:20:00 2013 us=417000 Host:bsnllive.in
Sun Apr 14 03:20:00 2013 us=417000 X-Online-Host:bsnllive.in
Sun Apr 14 03:20:00 2013 us=885000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:20:02 2013 us=897000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:20:02 2013 us=897000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:21:02 2013 us=349000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:21:02 2013 us=349000 TLS Error: TLS handshake failed
Sun Apr 14 03:21:02 2013 us=349000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:21:02 2013 us=349000 TCP/UDP: Closing socket
Sun Apr 14 03:21:02 2013 us=349000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:21:02 2013 us=349000 Restart pause, 5 second(s)
Sun Apr 14 03:21:07 2013 us=357000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:21:07 2013 us=357000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:21:07 2013 us=357000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:21:07 2013 us=357000 Re-using SSL/TLS context
Sun Apr 14 03:21:07 2013 us=357000 LZO compression initialized
Sun Apr 14 03:21:07 2013 us=357000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:21:07 2013 us=357000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:21:07 2013 us=357000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:21:07 2013 us=357000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:21:07 2013 us=357000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:21:07 2013 us=357000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:21:07 2013 us=357000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:21:07 2013 us=357000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:21:07 2013 us=575000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:21:07 2013 us=575000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:21:07 2013 us=575000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:21:07 2013 us=575000 Host:bsnllive.in
Sun Apr 14 03:21:07 2013 us=575000 X-Online-Host:bsnllive.in
Sun Apr 14 03:21:08 2013 us=28000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:21:10 2013 us=25000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:21:10 2013 us=25000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:22:10 2013 us=725000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:22:10 2013 us=725000 TLS Error: TLS handshake failed
Sun Apr 14 03:22:10 2013 us=725000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:22:10 2013 us=725000 TCP/UDP: Closing socket
Sun Apr 14 03:22:10 2013 us=725000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:22:10 2013 us=725000 Restart pause, 5 second(s)
Sun Apr 14 03:22:15 2013 us=764000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:22:15 2013 us=764000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:22:15 2013 us=764000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:22:15 2013 us=764000 Re-using SSL/TLS context
Sun Apr 14 03:22:15 2013 us=764000 LZO compression initialized
Sun Apr 14 03:22:15 2013 us=764000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:22:15 2013 us=764000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:22:15 2013 us=764000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:22:15 2013 us=764000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:22:15 2013 us=764000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:22:15 2013 us=764000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:22:15 2013 us=764000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:22:15 2013 us=764000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:22:16 2013 us=60000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:22:16 2013 us=60000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:22:16 2013 us=60000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:22:16 2013 us=60000 Host:bsnllive.in
Sun Apr 14 03:22:16 2013 us=60000 X-Online-Host:bsnllive.in
Sun Apr 14 03:22:18 2013 us=852000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:22:20 2013 us=865000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:22:20 2013 us=865000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:23:20 2013 us=145000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:23:20 2013 us=145000 TLS Error: TLS handshake failed
Sun Apr 14 03:23:20 2013 us=145000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:23:20 2013 us=145000 TCP/UDP: Closing socket
Sun Apr 14 03:23:20 2013 us=145000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:23:20 2013 us=145000 Restart pause, 5 second(s)
Sun Apr 14 03:23:25 2013 us=153000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:23:25 2013 us=153000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:23:25 2013 us=153000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:23:25 2013 us=153000 Re-using SSL/TLS context
Sun Apr 14 03:23:25 2013 us=153000 LZO compression initialized
Sun Apr 14 03:23:25 2013 us=153000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:23:25 2013 us=153000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:23:25 2013 us=153000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:23:25 2013 us=153000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:23:25 2013 us=153000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:23:25 2013 us=153000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:23:25 2013 us=153000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:23:25 2013 us=153000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:23:25 2013 us=246000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:23:25 2013 us=246000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:23:25 2013 us=246000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:23:25 2013 us=246000 Host:bsnllive.in
Sun Apr 14 03:23:25 2013 us=246000 X-Online-Host:bsnllive.in
Sun Apr 14 03:23:25 2013 us=886000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:23:27 2013 us=898000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:23:27 2013 us=898000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:24:27 2013 us=226000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:24:27 2013 us=226000 TLS Error: TLS handshake failed
Sun Apr 14 03:24:27 2013 us=226000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:24:27 2013 us=226000 TCP/UDP: Closing socket
Sun Apr 14 03:24:27 2013 us=226000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:24:27 2013 us=226000 Restart pause, 5 second(s)
Sun Apr 14 03:24:32 2013 us=233000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:24:32 2013 us=233000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:24:32 2013 us=233000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:24:32 2013 us=233000 Re-using SSL/TLS context
Sun Apr 14 03:24:32 2013 us=233000 LZO compression initialized
Sun Apr 14 03:24:32 2013 us=233000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:24:32 2013 us=233000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:24:32 2013 us=233000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:24:32 2013 us=233000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:24:32 2013 us=233000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:24:32 2013 us=233000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:24:32 2013 us=233000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:24:32 2013 us=233000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:24:32 2013 us=436000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:24:32 2013 us=436000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:24:32 2013 us=436000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:24:32 2013 us=436000 Host:bsnllive.in
Sun Apr 14 03:24:32 2013 us=436000 X-Online-Host:bsnllive.in
Sun Apr 14 03:24:32 2013 us=873000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:24:34 2013 us=885000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:24:34 2013 us=885000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:24:59 2013 us=50000 TCP/UDP: Closing socket
Sun Apr 14 03:24:59 2013 us=50000 SIGTERM[hard,] received, process exiting
i have downloaded a config to connect but every time i get a tls error : key negotiation failed within 60 seconds....
i had tried it without firewall and reinstalling windows but no gain
so could u guys help me in this..............
Sun Apr 14 03:17:43 2013 us=58000 Current Parameter Settings:
Sun Apr 14 03:17:43 2013 us=58000 config = 'BSNL NET 2.ovpn'
Sun Apr 14 03:17:43 2013 us=58000 mode = 0
Sun Apr 14 03:17:43 2013 us=58000 show_ciphers = DISABLED
Sun Apr 14 03:17:43 2013 us=58000 show_digests = DISABLED
Sun Apr 14 03:17:43 2013 us=58000 show_engines = DISABLED
Sun Apr 14 03:17:43 2013 us=58000 NOTE: --mute triggered...
Sun Apr 14 03:17:43 2013 us=58000 276 variation(s) on previous 6 message(s) suppressed by --mute
Sun Apr 14 03:17:43 2013 us=58000 NMDVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Apr 25 2011
Sun Apr 14 03:17:43 2013 us=58000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:17:43 2013 us=58000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:17:43 2013 us=58000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:17:43 2013 us=167000 LZO compression initialized
Sun Apr 14 03:17:43 2013 us=167000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:17:43 2013 us=183000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:17:43 2013 us=183000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:17:43 2013 us=183000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:17:43 2013 us=183000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:17:43 2013 us=183000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:17:43 2013 us=183000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:17:43 2013 us=183000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:17:44 2013 us=946000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:17:44 2013 us=946000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:17:44 2013 us=946000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:17:44 2013 us=946000 Host:bsnllive.in
Sun Apr 14 03:17:44 2013 us=946000 X-Online-Host:bsnllive.in
Sun Apr 14 03:17:45 2013 us=398000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:17:47 2013 us=411000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:17:47 2013 us=411000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:18:47 2013 us=970000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:18:47 2013 us=970000 TLS Error: TLS handshake failed
Sun Apr 14 03:18:47 2013 us=970000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:18:47 2013 us=970000 TCP/UDP: Closing socket
Sun Apr 14 03:18:47 2013 us=970000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:18:47 2013 us=970000 Restart pause, 5 second(s)
Sun Apr 14 03:18:52 2013 us=978000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:18:52 2013 us=978000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:18:52 2013 us=978000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:18:52 2013 us=978000 Re-using SSL/TLS context
Sun Apr 14 03:18:52 2013 us=978000 LZO compression initialized
Sun Apr 14 03:18:52 2013 us=978000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:18:52 2013 us=978000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:18:52 2013 us=978000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:18:52 2013 us=978000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:18:52 2013 us=978000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:18:52 2013 us=978000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:18:52 2013 us=978000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:18:52 2013 us=978000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:18:53 2013 us=212000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:18:53 2013 us=212000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:18:53 2013 us=212000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:18:53 2013 us=212000 Host:bsnllive.in
Sun Apr 14 03:18:53 2013 us=212000 X-Online-Host:bsnllive.in
Sun Apr 14 03:18:53 2013 us=680000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:18:55 2013 us=677000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:18:55 2013 us=677000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:19:55 2013 us=175000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:19:55 2013 us=175000 TLS Error: TLS handshake failed
Sun Apr 14 03:19:55 2013 us=175000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:19:55 2013 us=175000 TCP/UDP: Closing socket
Sun Apr 14 03:19:55 2013 us=175000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:19:55 2013 us=175000 Restart pause, 5 second(s)
Sun Apr 14 03:20:00 2013 us=183000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:20:00 2013 us=183000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:20:00 2013 us=183000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:20:00 2013 us=183000 Re-using SSL/TLS context
Sun Apr 14 03:20:00 2013 us=183000 LZO compression initialized
Sun Apr 14 03:20:00 2013 us=183000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:20:00 2013 us=183000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:20:00 2013 us=183000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:20:00 2013 us=183000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:20:00 2013 us=183000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:20:00 2013 us=183000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:20:00 2013 us=183000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:20:00 2013 us=183000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:20:00 2013 us=417000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:20:00 2013 us=417000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:20:00 2013 us=417000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:20:00 2013 us=417000 Host:bsnllive.in
Sun Apr 14 03:20:00 2013 us=417000 X-Online-Host:bsnllive.in
Sun Apr 14 03:20:00 2013 us=885000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:20:02 2013 us=897000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:20:02 2013 us=897000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:21:02 2013 us=349000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:21:02 2013 us=349000 TLS Error: TLS handshake failed
Sun Apr 14 03:21:02 2013 us=349000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:21:02 2013 us=349000 TCP/UDP: Closing socket
Sun Apr 14 03:21:02 2013 us=349000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:21:02 2013 us=349000 Restart pause, 5 second(s)
Sun Apr 14 03:21:07 2013 us=357000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:21:07 2013 us=357000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:21:07 2013 us=357000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:21:07 2013 us=357000 Re-using SSL/TLS context
Sun Apr 14 03:21:07 2013 us=357000 LZO compression initialized
Sun Apr 14 03:21:07 2013 us=357000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:21:07 2013 us=357000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:21:07 2013 us=357000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:21:07 2013 us=357000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:21:07 2013 us=357000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:21:07 2013 us=357000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:21:07 2013 us=357000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:21:07 2013 us=357000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:21:07 2013 us=575000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:21:07 2013 us=575000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:21:07 2013 us=575000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:21:07 2013 us=575000 Host:bsnllive.in
Sun Apr 14 03:21:07 2013 us=575000 X-Online-Host:bsnllive.in
Sun Apr 14 03:21:08 2013 us=28000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:21:10 2013 us=25000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:21:10 2013 us=25000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:22:10 2013 us=725000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:22:10 2013 us=725000 TLS Error: TLS handshake failed
Sun Apr 14 03:22:10 2013 us=725000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:22:10 2013 us=725000 TCP/UDP: Closing socket
Sun Apr 14 03:22:10 2013 us=725000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:22:10 2013 us=725000 Restart pause, 5 second(s)
Sun Apr 14 03:22:15 2013 us=764000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:22:15 2013 us=764000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:22:15 2013 us=764000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:22:15 2013 us=764000 Re-using SSL/TLS context
Sun Apr 14 03:22:15 2013 us=764000 LZO compression initialized
Sun Apr 14 03:22:15 2013 us=764000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:22:15 2013 us=764000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:22:15 2013 us=764000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:22:15 2013 us=764000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:22:15 2013 us=764000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:22:15 2013 us=764000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:22:15 2013 us=764000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:22:15 2013 us=764000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:22:16 2013 us=60000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:22:16 2013 us=60000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:22:16 2013 us=60000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:22:16 2013 us=60000 Host:bsnllive.in
Sun Apr 14 03:22:16 2013 us=60000 X-Online-Host:bsnllive.in
Sun Apr 14 03:22:18 2013 us=852000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:22:20 2013 us=865000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:22:20 2013 us=865000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:23:20 2013 us=145000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:23:20 2013 us=145000 TLS Error: TLS handshake failed
Sun Apr 14 03:23:20 2013 us=145000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:23:20 2013 us=145000 TCP/UDP: Closing socket
Sun Apr 14 03:23:20 2013 us=145000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:23:20 2013 us=145000 Restart pause, 5 second(s)
Sun Apr 14 03:23:25 2013 us=153000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:23:25 2013 us=153000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:23:25 2013 us=153000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:23:25 2013 us=153000 Re-using SSL/TLS context
Sun Apr 14 03:23:25 2013 us=153000 LZO compression initialized
Sun Apr 14 03:23:25 2013 us=153000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:23:25 2013 us=153000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:23:25 2013 us=153000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:23:25 2013 us=153000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:23:25 2013 us=153000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:23:25 2013 us=153000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:23:25 2013 us=153000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:23:25 2013 us=153000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:23:25 2013 us=246000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:23:25 2013 us=246000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:23:25 2013 us=246000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:23:25 2013 us=246000 Host:bsnllive.in
Sun Apr 14 03:23:25 2013 us=246000 X-Online-Host:bsnllive.in
Sun Apr 14 03:23:25 2013 us=886000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:23:27 2013 us=898000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:23:27 2013 us=898000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:24:27 2013 us=226000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 03:24:27 2013 us=226000 TLS Error: TLS handshake failed
Sun Apr 14 03:24:27 2013 us=226000 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 14 03:24:27 2013 us=226000 TCP/UDP: Closing socket
Sun Apr 14 03:24:27 2013 us=226000 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 14 03:24:27 2013 us=226000 Restart pause, 5 second(s)
Sun Apr 14 03:24:32 2013 us=233000 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 14 03:24:32 2013 us=233000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 14 03:24:32 2013 us=233000 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Apr 14 03:24:32 2013 us=233000 Re-using SSL/TLS context
Sun Apr 14 03:24:32 2013 us=233000 LZO compression initialized
Sun Apr 14 03:24:32 2013 us=233000 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Apr 14 03:24:32 2013 us=233000 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Apr 14 03:24:32 2013 us=233000 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Apr 14 03:24:32 2013 us=233000 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 14 03:24:32 2013 us=233000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 14 03:24:32 2013 us=233000 Local Options hash (VER=V4): '69109d17'
Sun Apr 14 03:24:32 2013 us=233000 Expected Remote Options hash (VER=V4): 'c0103fa8'
Sun Apr 14 03:24:32 2013 us=233000 Attempting to establish TCP connection with 10.220.67.131:8080
Sun Apr 14 03:24:32 2013 us=436000 TCP connection established with 10.220.67.131:8080
Sun Apr 14 03:24:32 2013 us=436000 Send to HTTP proxy: 'CONNECT 96.44.171.106:443 HTTP/1.0'
Sun Apr 14 03:24:32 2013 us=436000 User-Agent: Opera/9.80 (J2ME/MIDP; Opera Mini/528.16 (iPhone; U; CPU iPhone OS 3.0 like Mac OS X; en-us; compatible; Googlebot/870; U; en) Presto/2.4.15
Sun Apr 14 03:24:32 2013 us=436000 Host:bsnllive.in
Sun Apr 14 03:24:32 2013 us=436000 X-Online-Host:bsnllive.in
Sun Apr 14 03:24:32 2013 us=873000 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Sun Apr 14 03:24:34 2013 us=885000 TCPv4_CLIENT link local: [undef]
Sun Apr 14 03:24:34 2013 us=885000 TCPv4_CLIENT link remote: 10.220.67.131:8080
Sun Apr 14 03:24:59 2013 us=50000 TCP/UDP: Closing socket
Sun Apr 14 03:24:59 2013 us=50000 SIGTERM[hard,] received, process exiting
-
01leo123
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Apr 11, 2013 12:54 pm
Re: TLS handshake failed (all firwewalls checked & port forw
hiteshdhruv - Please create your own thread.
Hi Jan, thanks for your response. I tried to set my config to TCP but it didnt work - i get a (WSAETIMEDOUT) error. I have gone to further detail in my config below.
The configuration of my OpenVPN is detailed below. There is a Sky Router connected to a Buffalo DD WRT Router which has the OpenVPN Server Running. The IP Addresses are DDWRT: WAN IP - 192.168.0.8, LAN IP - 192.168.11.1. SKY: LAN IP Address 192.168.0.1.
I have carried out a number of tests and just cannot get OpenVPN Working. Details of the tests below
Any advice on the above and why OpenVPN will just not work? Have I configured anything incorrectly? Please note I have no previous knoweldge on OpenVPN or network routing. All the above is based on reading wikis and guides so any of it could be potentially incorrect!
Many Many Thanks!
Hi Jan, thanks for your response. I tried to set my config to TCP but it didnt work - i get a (WSAETIMEDOUT) error. I have gone to further detail in my config below.
The configuration of my OpenVPN is detailed below. There is a Sky Router connected to a Buffalo DD WRT Router which has the OpenVPN Server Running. The IP Addresses are DDWRT: WAN IP - 192.168.0.8, LAN IP - 192.168.11.1. SKY: LAN IP Address 192.168.0.1.
OpenVPN Client File
client
dev tun
proto udp
remote <ip address> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert Dell-Laptop.crt
key Dell-Laptop.key
ns-cert-type server
cipher AES-128-CBC
verb 4
Server Config in DD WRT OpenVPN
OpenVPN Sever – Enable
Start Type – System
Config via – GUI
Server Mode – Router(TUN)
Network: 192.168.11.1 (this is the DD WRT Router LAN IP)
Netmask: 255.255.255.0
Port: 1194
Tunnel Protocol: UDP
Encryption Cipher: AES-128 CBC
Hash Algorithm: SHA1
Advanced Options: Disable
Public Server Cert: <the openvpn server certificate pasted here>
CA Cert: <CA Certificate>
Private Server Key: <the openvpn server key pasted here>
DH PEM: <dh PEM file pasted here>
Additional Config: <left blank>
CCD-Dir DEFAULT file: <left blank>
TLD Auth Key: <left blank>
Certificate Revoke List: <left blank>
DDWRT Router Port Forwarding Config
Setup in DDWRT under NAT/QoS -> Port Forward
Protocol: Both, Source Net: 192.168.11.1 (WAN IP DDWRT), Port From: 1194, IP Address: 192.168.0.1 (LAN IP Sky Router), Port To: 1194
Protocol: Both, Source Net: 192.168.0.1 (LAN IP Sky Router), Port From: 1194, IP Address: 192.168.11.1 (LAN IP DDWRT), Port To: 1194
DDWRT Firewall Commands Setup
Setup in DDWRT under Administration -> Commands
iptables -I INPUT 1 -p udp -dport 1194 -j ACCEPT
iptables -I FORWARD 1 -source 192.168.11.1/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
SKY Router Port Forwarding Config
TCP/UDP, LAN Server IP: 198.168.11.1 (LAN IP DDWRT), Port From: 1194, Port to: 1194
I have carried out a number of tests and just cannot get OpenVPN Working. Details of the tests below
TEST 1:
With the settings above – I get the error…..
Sun Apr 14 17:39:39 2013 us=674847 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 17:39:39 2013 us=674847 TLS Error: TLS handshake failed
TEST 2:
Change settings so that the WAN IP for the DDWRT Router is in the DMZ i.e. 192.168.0.8
Sun Apr 14 18:10:21 2013 us=567800 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 18:10:21 2013 us=567800 TLS Error: TLS handshake failed
TEST 3:
Change settings so that the LAN IP for the DDWRT Router is in the DMZ i.e. 192.168.11.1
Sun Apr 14 18:13:50 2013 us=561367 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 14 18:13:50 2013 us=561367 TLS Error: TLS handshake failed
TEST 4:
I changed the settings on the DD WRT Router to TCP and the config file on the client to “proto tcp”
Sun Apr 14 18:26:27 2013 us=822898 Attempting to establish TCP connection with [AF_INET]X.XXX.XXX.X:1194
Sun Apr 14 18:26:27 2013 us=822898 MANAGEMENT: >STATE:1365960387,TCP_CONNECT,,,
Sun Apr 14 18:26:48 2013 us=851735 TCP: connect to [AF_INET]X.XXX.XXX.X:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Sun Apr 14 18:26:53 2013 us=921744 MANAGEMENT: >STATE:1365960413,RESOLVE,,,
note: ip address replaced with xxx to protect security.
.
Any advice on the above and why OpenVPN will just not work? Have I configured anything incorrectly? Please note I have no previous knoweldge on OpenVPN or network routing. All the above is based on reading wikis and guides so any of it could be potentially incorrect!
Many Many Thanks!
-
01leo123
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Apr 11, 2013 12:54 pm
Re: TLS handshake failed (all firwewalls checked & port forw
Hi, Jan or anyone else? Can you please help? Many thanks