Everything works fine with OpenVPN Client 2.3.10 or older, but when I attempt to use OpenVPN Client 2.3.11 I am getting a TSL error.
The change log does not mention anything in particularly useful, closest I can find is "Restrict default TLS cipher list" but it isn't very enlightening.
Install packeges:
- openvpn-install-2.3.10-I601-x86_64.exe
- openvpn-install-2.3.11-I601-x86_64.exe
Code: Select all
* OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
* Windows version 6.2 (Windows 8 or greater) 64bit
* library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
* MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
* Need hold release from management interface, waiting...
* MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
* MANAGEMENT: CMD 'state on'
* MANAGEMENT: CMD 'log all on'
* MANAGEMENT: CMD 'hold off'
* MANAGEMENT: CMD 'hold release'
* Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
* Socket Buffers: R=[65536->65536] S=[65536->65536]
* MANAGEMENT: >STATE:1471505278,RESOLVE,,,
* Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
* Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
* Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
* Local Options hash (VER=V4): 'db02a8f8'
* Expected Remote Options hash (VER=V4): '7e068940'
* Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
* MANAGEMENT: >STATE:1471505278,TCP_CONNECT,,,
* TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
* TCPv4_CLIENT link local: [undef]
* TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
* MANAGEMENT: >STATE:1471505279,WAIT,,,
* MANAGEMENT: >STATE:1471505279,AUTH,,,
* TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=0661f363 2fc75f21
* WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
* OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* TLS_ERROR: BIO read tls_read_plaintext error
* TLS Error: TLS object -> incoming plaintext read error
* TLS Error: TLS handshake failed
* Fatal TLS error (check_tls_errors_co), restarting
* TCP/UDP: Closing socket
* SIGUSR1[soft,tls-error] received, process restarting
* MANAGEMENT: >STATE:1471505279,RECONNECTING,tls-error,,
* Restart pause, 5 second(s)
* Re-using SSL/TLS context
* Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
* Socket Buffers: R=[65536->65536] S=[65536->65536]
* MANAGEMENT: >STATE:1471505284,RESOLVE,,,
* Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
* Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
* Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
* Local Options hash (VER=V4): 'db02a8f8'
* Expected Remote Options hash (VER=V4): '7e068940'
* Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
* MANAGEMENT: >STATE:1471505284,TCP_CONNECT,,,
* TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
* TCPv4_CLIENT link local: [undef]
* TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
* MANAGEMENT: >STATE:1471505285,WAIT,,,
* MANAGEMENT: >STATE:1471505285,AUTH,,,
* TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=0847f2a5 e2a1d851
* OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
* TLS_ERROR: BIO read tls_read_plaintext error
* TLS Error: TLS object -> incoming plaintext read error
* TLS Error: TLS handshake failed
* Fatal TLS error (check_tls_errors_co), restarting
* TCP/UDP: Closing socket
* SIGUSR1[soft,tls-error] received, process restarting
* MANAGEMENT: >STATE:1471505285,RECONNECTING,tls-error,,
* Restart pause, 5 second(s)
* SIGTERM[hard,init_instance] received, process exiting
* MANAGEMENT: >STATE:1471505286,EXITING,init_instance,,
Code: Select all
* ovpn,info TCP connection established from xxx.xxx.xxx.xxx
* ovpn,debug,error duplicate packet, dropping
* ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <TLS failed>
* ovpn,info TCP connection established from xxx.xxx.xxx.xxx
* ovpn,debug,error duplicate packet, dropping
* ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <TLS failed>
* ovpn,info TCP connection established from xxx.xxx.xxx.xxx
* ovpn,debug,error duplicate packet, dropping
* ovpn,debug <xxx.xxx.xxx.xxx>: disconnected <TLS failed>