OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Can't connect via WAN

https://forums.openvpn.net/viewtopic.php?t=34076

Page 1 of 1

Can't connect via WAN

Posted: Tue Apr 12, 2022 9:46 am
by trialar
Hi,

I'm new to VPN configuration but gave it a try. I followed a tutorial to setup OpenVPN on a Windows Server 2019 machine. Then I created my client configuration on a Windows 10 machine.

I set my remote server to the LAN IP of ther server and everything seems to work as expected. When I set the remote to my WAN IP I get an authentication error, on client side, as well as on the server side, when I look at the log files.

client log:

Code: Select all

2022-04-12 11:08:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-04-12 11:08:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-04-12 11:08:32 TCP/UDP: Preserving recently used remote address: [AF_INET]62.54.40.116:1194
2022-04-12 11:08:32 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-04-12 11:08:32 UDP link local: (not bound)
2022-04-12 11:08:32 UDP link remote: [AF_INET]62.54.40.116:1194
2022-04-12 11:08:32 MANAGEMENT: >STATE:1649754512,WAIT,,,,,,
2022-04-12 11:09:32 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-04-12 11:09:32 TLS Error: TLS handshake failed
2022-04-12 11:09:32 SIGUSR1[soft,tls-error] received, process restarting
server log:

Code: Select all

2022-04-12 11:25:24 46.114.91.209:2804 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:46.114.91.209:2804
2022-04-12 11:25:25 46.114.91.209:2804 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1649755515) 2022-04-12 11:25:15 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
2022-04-12 11:25:25 46.114.91.209:2804 TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:46.114.91.209:2804
2022-04-12 11:25:27 46.114.91.209:21090 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-04-12 11:25:27 46.114.91.209:21090 TLS Error: TLS handshake failed
So correct me if I'm wrong, but if the server is logging my connection attempts, the port forwarding is working and the firewall isn't blocking anything. And if the authentication is working locally, my client configuration, keys and certs should work as well.

What else can it be? How can I provide more information for you to help me?

thanks in regard,
Tria

Re: Can't connect via WAN

Posted: Tue Apr 12, 2022 12:59 pm
by TinCanTech
All i can see is that your have a network problem. Sometimes it is easier to debug if you try TCP.

Re: Can't connect via WAN

Posted: Tue Apr 12, 2022 6:53 pm
by 300000
TLS Error: incoming packet authentication failed from [AF_INET6]::ffff:46.114.91.209:2804


You can connect to your server and there is nothing wrong with your network at all. TLS error mean something wrong with certificate and only you know how to correct it. How do you create certificate for server and client ?

Re: Can't connect via WAN

Posted: Tue Apr 19, 2022 9:19 am
by trialar
I followed this Tutorial with easytls:

https://supporthost.in/how-to-setup-ope ... rver-2019/

I started all over again and got the same error. Is this tutorial still valid?
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/