Can't connect via WAN

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
trialar
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 12, 2022 9:35 am

Can't connect via WAN

Post by trialar » Tue Apr 12, 2022 9:46 am

Hi,

I'm new to VPN configuration but gave it a try. I followed a tutorial to setup OpenVPN on a Windows Server 2019 machine. Then I created my client configuration on a Windows 10 machine.

I set my remote server to the LAN IP of ther server and everything seems to work as expected. When I set the remote to my WAN IP I get an authentication error, on client side, as well as on the server side, when I look at the log files.

client log:

Code: Select all

2022-04-12 11:08:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-04-12 11:08:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-04-12 11:08:32 TCP/UDP: Preserving recently used remote address: [AF_INET]62.54.40.116:1194
2022-04-12 11:08:32 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-04-12 11:08:32 UDP link local: (not bound)
2022-04-12 11:08:32 UDP link remote: [AF_INET]62.54.40.116:1194
2022-04-12 11:08:32 MANAGEMENT: >STATE:1649754512,WAIT,,,,,,
2022-04-12 11:09:32 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-04-12 11:09:32 TLS Error: TLS handshake failed
2022-04-12 11:09:32 SIGUSR1[soft,tls-error] received, process restarting
server log:

Code: Select all

2022-04-12 11:25:24 46.114.91.209:2804 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:46.114.91.209:2804
2022-04-12 11:25:25 46.114.91.209:2804 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1649755515) 2022-04-12 11:25:15 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2022-04-12 11:25:25 46.114.91.209:2804 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:46.114.91.209:2804
2022-04-12 11:25:27 46.114.91.209:21090 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-04-12 11:25:27 46.114.91.209:21090 TLS Error: TLS handshake failed
So correct me if I'm wrong, but if the server is logging my connection attempts, the port forwarding is working and the firewall isn't blocking anything. And if the authentication is working locally, my client configuration, keys and certs should work as well.

What else can it be? How can I provide more information for you to help me?

thanks in regard,
Tria
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Can't connect via WAN

Post by TinCanTech » Tue Apr 12, 2022 12:59 pm

All i can see is that your have a network problem. Sometimes it is easier to debug if you try TCP.
Top
300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Can't connect via WAN

Post by 300000 » Tue Apr 12, 2022 6:53 pm

TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:46.114.91.209:2804


You can connect to your server and there is nothing wrong with your network at all. TLS error mean something wrong with certificate and only you know how to correct it. How do you create certificate for server and client ?
Top
trialar
OpenVpn Newbie
Posts: 2
Joined: Tue Apr 12, 2022 9:35 am

Re: Can't connect via WAN

Post by trialar » Tue Apr 19, 2022 9:19 am

I followed this Tutorial with easytls:

https://supporthost.in/how-to-setup-ope ... rver-2019/

I started all over again and got the same error. Is this tutorial still valid?
Top
Post Reply

Return to “Server Administration”