Re: tls hand shake problem - please help
Posted: Sun Jan 10, 2021 4:31 pm
Do you trust banks as well ?!?!?
OpenVPN Support Forum
Community Support Forum
https://forums.openvpn.net/
tls hand shake problem - please help
Page 2 of 2
Re: tls hand shake problem - please help
Posted: Sun Jan 10, 2021 4:44 pm
if you need everything to buy you need to ask banks , from small to big so the banks will know all your money you got, no matter who you are , they will record all active spending on all items you bought and spent. Can you bring the whole 500000 pounds cash and buy the house is that ok? or you need to pay over the bank? ask yourself that question first and like or not you still give all info to the bank anyway.
Re: tls hand shake problem - please help
Posted: Sun Jan 10, 2021 5:39 pm
Microshaft STOLE practically everything they are known for.
That business use Microshaft was a hasty decision, made by people who did not understand what they were getting into.
Because the financial service industry is nothing more than a massive con-trick to put people into debt. Because that is the only way banks make money.
Getting back to the OP's problem:
While the online scanner restults are completely inconclusive, the server log posted does show that no packets are received by the server. So, probably port-forwarding or firewall is misconfigured.
Re: tls hand shake problem - please help
Posted: Sun Jan 10, 2021 5:43 pm
Exactly, off topic can go into ... off topicGetting back to the OP's problem:
Thanks.
Re: tls hand shake problem - please help
Posted: Sun Jan 10, 2021 10:58 pm
Re: tls hand shake problem - please help
Posted: Sun Jan 10, 2021 11:01 pm
when i posted the server log, i did not start the client vpn connection. so shouldn't it show no packets received?TinCanTech wrote: ↑Sun Jan 10, 2021 5:39 pm
While the online scanner restults are completely inconclusive, the server log posted does show that no packets are received by the server. So, probably port-forwarding or firewall is misconfigured.
Re: tls hand shake problem - please help
Posted: Mon Jan 11, 2021 12:50 am
i exit the openvpn server, same tls error.
i disabled the windows firewall rule for 1962, same tls error;
i create a new rule to block the port 1962, still same tls error.
is it safe to say that there is something wrong with my client setup?
here is the client log:
anything wrong there?
i disabled the windows firewall rule for 1962, same tls error;
i create a new rule to block the port 1962, still same tls error.
is it safe to say that there is something wrong with my client setup?
here is the client log:
Code: Select all
2021-01-10 19:46:10 OpenVPN 2.5.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2020
2021-01-10 19:46:10 Windows version 10.0 (Windows 10 or greater) 64bit
2021-01-10 19:46:10 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10
Enter Management Password:
2021-01-10 19:46:10 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-01-10 19:46:10 Need hold release from management interface, waiting...
2021-01-10 19:46:10 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-01-10 19:46:10 MANAGEMENT: CMD 'state on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'log all on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'echo all on'
2021-01-10 19:46:10 MANAGEMENT: CMD 'bytecount 5'
2021-01-10 19:46:10 MANAGEMENT: CMD 'hold off'
2021-01-10 19:46:10 MANAGEMENT: CMD 'hold release'
2021-01-10 19:46:10 MANAGEMENT: CMD 'password [...]'
2021-01-10 19:46:10 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-01-10 19:46:10 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-10 19:46:10 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-01-10 19:46:10 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1962
2021-01-10 19:46:10 Socket Buffers: R=[65536->65536] S=[65536->65536]
2021-01-10 19:46:10 UDPv4 link local: (not bound)
2021-01-10 19:46:10 UDPv4 link remote: [AF_INET]*.*.*.*:1962
2021-01-10 19:46:10 MANAGEMENT: >STATE:1610325970,WAIT,,,,,,
2021-01-10 19:47:10 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-01-10 19:47:10 TLS Error: TLS handshake failed
Re: tls hand shake problem - please help
Posted: Mon Jan 11, 2021 12:57 am
Re: tls hand shake problem - please help
Posted: Mon Jan 11, 2021 3:24 pm
in the client.ovpn config file, there are 4 markers: <ca>, <cert>, <key>, and <tls-auth>
<tls-auth> should have the contents of ta.key?
what should be in <cert>? is it the contents of server.crt? or client.crt?
how about <key>? is it from server.key or client.key?
<tls-auth> should have the contents of ta.key?
what should be in <cert>? is it the contents of server.crt? or client.crt?
how about <key>? is it from server.key or client.key?
Re: tls hand shake problem - please help
Posted: Tue Jan 12, 2021 12:19 am
my understanding is the <cert> and <key> markers are not required if i specify file paths to client.crt and client.key.
so to connect, the client sends ca.crt, asking for specific ip and port number. the server recognizes the ca.crt, and knows that this is a client. now how does that server authenticate the client? it automatically reaches into the default relative path openvpn\easy-rsa\pki to grab and compare the client.crt, and client.key?
so to connect, the client sends ca.crt, asking for specific ip and port number. the server recognizes the ca.crt, and knows that this is a client. now how does that server authenticate the client? it automatically reaches into the default relative path openvpn\easy-rsa\pki to grab and compare the client.crt, and client.key?
Re: tls hand shake problem - please help
Posted: Tue Jan 12, 2021 12:29 am
The server has already loaded the X509 files which it requires.
Inlining a file is the same as loading it via a file name.
Inlining a file is the same as loading it via a file name.
Re: tls hand shake problem - please help
Posted: Tue Jan 12, 2021 3:53 am
i did in command prompt: netstat -nba | findstr "LISTEN" and did not see anything listening on port 1962?
Re: tls hand shake problem - please help
Posted: Tue Jan 12, 2021 4:04 am
UDP does not "LISTEN"
Try the OpenVPN howto.
Try the OpenVPN howto.
Re: tls hand shake problem - please help
Posted: Tue Jan 12, 2021 7:08 pm
Turn your firewall and try it first .you are so confident to do but it not work untill you can connect first and if you keep doing what you think is right it not work for you