angristan - OpenVPN TLS handshake failed

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
executable77
OpenVpn Newbie
Posts: 8
Joined: Wed Jan 09, 2019 11:30 am

angristan - OpenVPN TLS handshake failed

Post by executable77 » Wed Jan 09, 2019 11:34 am

OS :

- CentOS 7.6.1810 for the server
- Windows 7 for the client


I'm trying to test openvpn on a virtual machine (using virtual box) before running it on a VPS. The network of the VM is configured on bridge. After I installed openvpn and generated a client. I copy the .ovpn file from the server and I add it into the config directory of openvpn on Windows 7. Then I run it and I have this kind of errror :

Image

mat.ovpn

Code: Select all

client
proto udp
remote 192.168.0.19 56063
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_fxddhBSOAbr2syaQ name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwDCCAWegAwIBAgIJAK2zB/gpd/iZMAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E2NuX2hJVjg5OURiZkhmNTVaOW0wHhcNMTkwMTA4MDgxNjMxWhcNMjkwMTA1MDgx
NjMxWjAeMRwwGgYDVQQDDBNjbl9oSVY4OTlEYmZIZjU1WjltMFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAE4WMv1hdzAJqu3MP40iR8DO2Ugnuk+Mh6fEM9kisJZqkk
caot7dAuajId0164QQ6NbK1WUwR9nc/jqUDiRY8LMqOBjTCBijAdBgNVHQ4EFgQU
p4jKVdHc8HYRIDtcpEg8tmtnQ9owTgYDVR0jBEcwRYAUp4jKVdHc8HYRIDtcpEg8
tmtnQ9qhIqQgMB4xHDAaBgNVBAMME2NuX2hJVjg5OURiZkhmNTVaOW2CCQCtswf4
KU/4mTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNHADBE
AiBlfvGdUP1q8l8T8WxGe0WitUyUhQ3/m0s0NAJtfFqewwIge6DaxNYXSHbxDdxz
bnToqu4H/65cHWnrENlINSW3a34=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIByzCCAXCgAwIBAgIQF9FHw1X+byNL3OjOupf0WzAKBggqhkjOPQQDAjAeMRww
GgYDVQQDDBNjbl9oSVY4OTlEYmZIZjU1WjltMB4XDTE5MDEwODA4MTYzOFoXDTIx
MTIyMzA4MTYzOFowDjEMMAoGA1UEAwwDbWF0MFkwEwYHKoZIzj0CAQYIKoZIzj0D
AQcDQgAEMYyLH1RSmg/tg15NsFE+h2eKxY+NCIn+eNJT/Lx7wZxL1KoYiTeuYhuh
8YWvnBIiy76W4fGyQOc2sOTYz6FvaaOBnzdBnDAJBgNVHRMEAjAAMB0GA1UdDgQW
BBSz4NEePjT0LI+hms7xGSKPxZA/jjBOBgNVHSMERzBFgBSniMpV0dzwdhEgO1yk
SDy2a2dD2qEipCAwHjEcMBoGA1UEAwwTY25faElWODk5RGJmSGY1NVo5bYIJAK2z
B/gpT/iZMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAKBggqhkjO
PQQDAgNJADBGAiEAztdvKq41rKDMWk/ayV7zRGVx0WEjd/uIMLmMzS3CC8MCIQCW
DXnPS5ytWX6bReyYiIjC9CINLajVJk8i2c6hBaL0Hg==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgctqC9WxGdxIYKyLj
FCUTLq5da7BRMNvLgn4ChEag27uhRANCAAQxjIsfVFKaD+2DXk2wUT6HZ4rFj40I
if540lP8vHvBnEvUqhiJN65zG6Hxha+cEiLLvpbh8bJA5zaw5NjPoW9p
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
02136e91772c84fb80686ca20f81d15e
0d9562025260a637f5cc5a582bcf84cf
d471d103029453c80c60d5256045fc1d
0aa47da4635b37e7b38b19318a62cc0d
2a86f9db400258e28023e50cfaeba5eb
a6ec41e3df45e8736589592c61523151
54af6edd442095585dc5cb9028754664
ee2f50ad7bb440ca7b6c4f6047cf3b75
f667245f44a038afb84b080dd1c65965
07d046f5bd2cd93c3faec3eae6138461
8ae8922e7fa4a87c4116cae98b1c6aa1
44309a0e3b5827aa4badfff954c658b1
dcad4970d47c308c9dd57095aa427eca
2e2a8f165b0fb0511654124074f51de2
96a0356a12a69782c0e4ef4ded92a74d
47fcc5aa74a72493fed55b506dfe0b9d
-----END OpenVPN Static key V1-----
</tls-crypt>

/etc/openvpn/server.conf

Code: Select all

port 56063
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_fxNdhBSOAbr2syaQ.crt
key server_fxNdhBSOAbr2syaQ.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3

command line :

Code: Select all

ip a
Image

Code: Select all

openvpn server.conf
Image

I have used this https://github.com/angristan/openvpn-install

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5785
Joined: Fri Jun 03, 2016 1:17 pm

Re: angristan - OpenVPN TLS handshake failed

Post by TinCanTech » Wed Jan 09, 2019 2:38 pm

Read your log files.

executable77
OpenVpn Newbie
Posts: 8
Joined: Wed Jan 09, 2019 11:30 am

Re: angristan - OpenVPN TLS handshake failed

Post by executable77 » Thu Jan 10, 2019 8:31 am

It's working fine on a VPS. Idon't know why on my VM it doesn't worked.

Post Reply