OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

One Windows 7 PC fails to connect across internet

https://forums.openvpn.net/viewtopic.php?t=24155

Page 1 of 1

One Windows 7 PC fails to connect across internet

Posted: Sun May 21, 2017 4:15 pm
by Whynotme
I have set up a Raspberry PI Open VPN which for the most part is working well apart from one machine. When connected through the same router it connects just fine but from a different router it fails with TLS Error: TLS Handshake Failed. Two other machines using the same version of Windows can connect through the second router and also an android phone using 4G.

Server Config

Code: Select all

dev tun
proto udp
port 1195
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.0 255.255.255.0"
# Set your primary domain name server address for clients
push "dhcp-option DNS 62.6.40.178"
push "dhcp-option DNS 8.8.8.8"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
Client Config

Code: Select all

client
dev tun
proto udp
remote dyndns.net 1195
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
Laptop connected locally - Working
client log

Code: Select all

Sun May 21 16:13:10 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Sun May 21 16:13:10 2017 Windows version 6.1 (Windows 7) 64bit
Sun May 21 16:13:10 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Sun May 21 16:13:11 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun May 21 16:13:11 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1195
Sun May 21 16:13:11 2017 UDP link local: (not bound)
Sun May 21 16:13:11 2017 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1195
Sun May 21 16:13:11 2017 [server] Peer Connection Initiated with [AF_INET]xx.xxx.xxx.xxx:1195
Sun May 21 16:13:12 2017 open_tun
Sun May 21 16:13:12 2017 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{B5B208F1-83F7-421F-8AFE-FBD7079DDB45}.tap
Sun May 21 16:13:13 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Sun May 21 16:13:13 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {B5B208F1-83F7-421F-8AFE-FBD7079DDB45} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Sun May 21 16:13:13 2017 Successful ARP Flush on interface [28] {B5B208F1-83F7-421F-8AFE-FBD7079DDB45}
Sun May 21 16:13:13 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun May 21 16:13:18 2017 Initialization Sequence Completed
Adapters

Code: Select all

Homenetwork
Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
   Physical Address. . . . . . . . . : 84-3A-4B-44-6E-1C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e8ce:dac1:32b5:2b31%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 21 May 2017 16:12:09
   Lease Expires . . . . . . . . . . : 11 June 2017 16:12:09
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 293878347
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-5B-17-B6-84-3A-4B-44-6E-1C
   DNS Servers . . . . . . . . . . . : 62.6.40.178
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
   
   Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-B5-B2-08-F1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6df9:182c:5acc:480c%28(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 21 May 2017 16:13:13
   Lease Expires . . . . . . . . . . : 21 May 2018 16:13:12
   Default Gateway . . . . . . . . . : 10.8.0.3
   DHCP Server . . . . . . . . . . . : 10.8.0.254
   DHCPv6 IAID . . . . . . . . . . . : 436273077
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-5B-17-B6-84-3A-4B-44-6E-1C
   DNS Servers . . . . . . . . . . . : 62.6.40.178
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
Different Laptop - Working
Client Log

Code: Select all

Tue May 16 15:47:59 2017 OpenVPN 2.4.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Tue May 16 15:47:59 2017 Windows version 6.1 (Windows 7) 64bit
Tue May 16 15:47:59 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Tue May 16 15:47:59 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue May 16 15:47:59 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xxx.xxx.xxx:1195
Tue May 16 15:47:59 2017 UDP link local: (not bound)
Tue May 16 15:47:59 2017 UDP link remote: [AF_INET]xx.xxx.xxx.xxx:1195
Tue May 16 15:48:00 2017 [server] Peer Connection Initiated with [AF_INET]xx.xxx.xxx.xxx:1195
Tue May 16 15:48:01 2017 open_tun
Tue May 16 15:48:01 2017 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{9B5C75A0-DB09-474E-AAAE-3A9B445531AB}.tap
Tue May 16 15:48:01 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.2/255.255.255.0 [SUCCEEDED]
Tue May 16 15:48:01 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.2/255.255.255.0 on interface {9B5C75A0-DB09-474E-AAAE-3A9B445531AB} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Tue May 16 15:48:01 2017 Successful ARP Flush on interface [51] {9B5C75A0-DB09-474E-AAAE-3A9B445531AB}
Tue May 16 15:48:01 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue May 16 15:48:06 2017 Initialization Sequence Completed
Adapters

Code: Select all

Ethernet adapter Local Area Connection 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-9B-5C-75-A0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7c35:b922:58df:33fe%51(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.8.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 16 May 2017 15:48:01
   Lease Expires . . . . . . . . . . : 16 May 2018 15:48:01
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.8.0.254
   DHCPv6 IAID . . . . . . . . . . . : 1375797147
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-E0-EF-3C-18-3D-A2-23-65-C0

   DNS Servers . . . . . . . . . . . : 62.6.40.178
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : 802.11n USB Wireless LAN Card
   Physical Address. . . . . . . . . : 00-C0-CA-88-86-02
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b065:2a2f:c1c1:7791%15(Preferred)
   IPv4 Address. . . . . . . . . . . : xx.x.xxx.xx(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Lease Obtained. . . . . . . . . . : 16 May 2017 13:08:25
   Lease Expires . . . . . . . . . . : 16 May 2017 16:01:19
   Default Gateway . . . . . . . . . : 10.5.132.17
   DHCP Server . . . . . . . . . . . : 10.5.132.17
   DHCPv6 IAID . . . . . . . . . . . : 570474698
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-E0-EF-3C-18-3D-A2-23-65-C0

   DNS Servers . . . . . . . . . . . : 192.168.22.22
                                       192.168.22.23
   NetBIOS over Tcpip. . . . . . . . : Enabled
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/