TLS Error: TLS handshake failed

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Peach554
OpenVpn Newbie
Posts: 1
Joined: Wed Jan 02, 2019 6:10 pm

TLS Error: TLS handshake failed

Post by Peach554 » Wed Jan 02, 2019 6:28 pm

Hello,
I'm having a classic "TLS handshake failed" issue. Server runs fine, shows assigned ip and that's on, but I cant connect with a client. It seems that I'm having some kinda client.ovpn issue but cant realize what causing it. Strangely enough, I can connect to mine linux server ovpn no prob.I created server by this tutorial https://www.youtube.com/watch?v=hKfHwQgAsUo , im student and my other groupmates tell that it works for them, but I cant realize what I'm doing different.. Maybe somebody see anything unusual?
Here's server config:
----
dev-node "ServerVPN"
mode server
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ServerVPN.key"
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\dh4096.pem"
server 10.10.10.0 255.255.255.0
client-to-client
client-config-dir "C:\\Program Files\\OpenVPN\\config"
keepalive 10 120
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
verb 3
route-delay 5
route-method exe
push "route 192.168.0.0 255.255.255.0"
route 192.168.182.0 255.255.255.255
----
And here is a log:
====
Wed Jan 02 17:51:24 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Wed Jan 02 17:51:24 2019 Windows version 6.1 (Windows 7) 64bit
Wed Jan 02 17:51:24 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Wed Jan 02 17:51:24 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jan 02 17:51:24 2019 Need hold release from management interface, waiting...
Wed Jan 02 17:51:24 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jan 02 17:51:24 2019 MANAGEMENT: CMD 'state on'
Wed Jan 02 17:51:24 2019 MANAGEMENT: CMD 'log all on'
Wed Jan 02 17:51:24 2019 MANAGEMENT: CMD 'echo all on'
Wed Jan 02 17:51:24 2019 MANAGEMENT: CMD 'bytecount 5'
Wed Jan 02 17:51:24 2019 MANAGEMENT: CMD 'hold off'
Wed Jan 02 17:51:24 2019 MANAGEMENT: CMD 'hold release'
Wed Jan 02 17:51:24 2019 Diffie-Hellman initialized with 2048 bit key
Wed Jan 02 17:51:24 2019 interactive service msg_channel=0
Wed Jan 02 17:51:24 2019 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 I=12 HWADDR=00:0d:3a:b4:6d:2a
Wed Jan 02 17:51:24 2019 open_tun
Wed Jan 02 17:51:24 2019 TAP-WIN32 device [ServerVPN] opened: \\.\Global\{3B49E70E-0B7E-46D1-80C4-BECBCEC2B4B2}.tap
Wed Jan 02 17:51:24 2019 TAP-Windows Driver Version 9.21
Wed Jan 02 17:51:24 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.10.1/255.255.255.252 on interface {3B49E70E-0B7E-46D1-80C4-BECBCEC2B4B2} [DHCP-serv: 10.10.10.2, lease-time: 31536000]
Wed Jan 02 17:51:24 2019 Sleeping for 5 seconds...
Wed Jan 02 17:51:29 2019 Successful ARP Flush on interface [14] {3B49E70E-0B7E-46D1-80C4-BECBCEC2B4B2}
Wed Jan 02 17:51:29 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan 02 17:51:29 2019 MANAGEMENT: >STATE:1546451489,ASSIGN_IP,,10.10.10.1,,,,
Wed Jan 02 17:51:29 2019 MANAGEMENT: >STATE:1546451489,ADD_ROUTES,,,,,,
Wed Jan 02 17:51:29 2019 C:\windows\system32\route.exe ADD 192.168.182.0 MASK 255.255.255.255 10.10.10.2
Wed Jan 02 17:51:29 2019 env_block: add PATH=C:\windows\System32;C:\windows;C:\windows\System32\Wbem
Wed Jan 02 17:51:29 2019 C:\windows\system32\route.exe ADD 10.10.10.0 MASK 255.255.255.0 10.10.10.2
Wed Jan 02 17:51:29 2019 env_block: add PATH=C:\windows\System32;C:\windows;C:\windows\System32\Wbem
Wed Jan 02 17:51:29 2019 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Wed Jan 02 17:51:29 2019 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jan 02 17:51:29 2019 setsockopt(IPV6_V6ONLY=0)
Wed Jan 02 17:51:29 2019 UDPv6 link local (bound): [AF_INET6][undef]:1194
Wed Jan 02 17:51:29 2019 UDPv6 link remote: [AF_UNSPEC]
Wed Jan 02 17:51:29 2019 MULTI: multi_init called, r=256 v=256
Wed Jan 02 17:51:29 2019 IFCONFIG POOL: base=10.10.10.4 size=62, ipv6=0
Wed Jan 02 17:51:29 2019 Initialization Sequence Completed
Wed Jan 02 17:51:29 2019 MANAGEMENT: >STATE:1546451489,CONNECTED,SUCCESS,10.10.10.1,,,::ffff:0:0,1194
===
Client Ovpn config (note microsoft server):
++++
remote 40.115.109.138
client
port 1194
proto udp
dev tun
tls-client
tls-auth "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
remote-cert-tls server
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\ClientVPN.crt"
key "C:\\Program Files\\OpenVPN\\config\\ClientVPN.key"
cipher AES-128-CBC
comp-lzo
persist-key
persist-tun
verb 3
++++
Client error log:
======
Wed Jan 02 20:24:20 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 02 20:24:20 2019 TLS Error: TLS handshake failed
Wed Jan 02 20:24:20 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 02 20:24:20 2019 MANAGEMENT: >STATE:1546453460,RECONNECTING,tls-error,,,,,
Wed Jan 02 20:24:20 2019 Restart pause, 300 second(s)
Wed Jan 02 20:26:31 2019 MANAGEMENT: CMD 'signal SIGHUP'
Wed Jan 02 20:26:31 2019 SIGHUP[hard,init_instance] received, process restarting
Wed Jan 02 20:26:31 2019 MANAGEMENT: >STATE:1546453591,RECONNECTING,init_instance,,,,,
Wed Jan 02 20:26:31 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Wed Jan 02 20:26:31 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jan 02 20:26:31 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Wed Jan 02 20:26:31 2019 Restart pause, 5 second(s)
Wed Jan 02 20:26:36 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 02 20:26:36 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jan 02 20:26:36 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]40.115.109.138:1194
Wed Jan 02 20:26:36 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jan 02 20:26:36 2019 UDP link local (bound): [AF_INET][undef]:1194
Wed Jan 02 20:26:36 2019 UDP link remote: [AF_INET]40.115.109.138:1194
Wed Jan 02 20:26:36 2019 MANAGEMENT: >STATE:1546453596,WAIT,,,,,,
======
I'm very desperate. I really appreciate if you take a look. Thank You in Advance.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS Error: TLS handshake failed

Post by TinCanTech » Thu Jan 03, 2019 5:14 pm

See your server log after you try to connect from the client ..

Post Reply