Sucessfull server lost 2 of 3 clients when adding a fourth

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
makem
OpenVpn Newbie
Posts: 17
Joined: Thu Jul 02, 2015 8:45 pm

Sucessfull server lost 2 of 3 clients when adding a fourth

Post by makem » Tue Jul 28, 2015 10:51 pm

I had an OpenVPN server running from a Raspberry Pi2 with 3 clients all made at the same time.
1. Windows pc: OpenvpnClient
2. Nexus 7: OpenvpnClient
3. Android phone: OpenVPN for Android

I needed another client eg. pi and when I came to make this I needed to make another certificate (./build-ca) before I could continue. I may have deleted that some time ago if it was not deleted during the initial set-up.

I made keys for 'pi' sucessfully.

I was not then able to connect to the server with (1) or (2) but could connect with (3) above. The log for the failed connections is:

Tue Jul 28 23:14:59 2015 OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jul 9 2015
Tue Jul 28 23:14:59 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Tue Jul 28 23:15:07 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 28 23:15:07 2015 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jul 28 23:15:07 2015 UDPv4 link local: [undef]
Tue Jul 28 23:15:07 2015 UDPv4 link remote: [AF_INET]xx.xxxx.xx.xxx:1111
Tue Jul 28 23:16:07 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 28 23:16:07 2015 TLS Error: TLS handshake failed
Tue Jul 28 23:16:07 2015 SIGUSR1[soft,tls-error] received, process restarting

Is Openvpn for Android less secure because it can still connect?

Also, is there a route to getting (1) and (2) to shake hands again without starting from scratch?
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Sucessfull server lost 2 of 3 clients when adding a four

Post by Traffic » Tue Aug 04, 2015 2:43 pm

makem wrote:I needed another client eg. pi and when I came to make this I needed to make another certificate (./build-ca)
You have created a new root ca which is only compatible with your new client ..

Roll back all your settings to your original setup if possible .. then create a new cert & key for your new client with (easy-rsa) ../vars & ./build-key client-name

If you cannot restore your original setup then recreate your entire PKI:
http://openvpn.net/index.php/open-sourc ... o.html#pki
Top
Post Reply

Return to “OpenVPN Connect (Android)”