OpenVPN Support Forum

Hello, I've moved to openvpn because wireguard didn't support tcp, I've used : https://github.com/angristan/openvpn-install
To install it on my centos and downloaded the latest version of macos client.

Here's the server.conf from /etc/openvpn

```
port 1194
proto tcp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_1IVTxvurQLC1Hno6.crt
key server_1IVTxvurQLC1Hno6.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
```
Here's the log:

```
cat /var/log/openvpn/status.log
TITLE,OpenVPN 2.4.12 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 17 2022
TIME,Sun Jun 26 13:56:24 2022,1656266184
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
GLOBAL_STATS,Max bcast/mcast queue length,0
END
```
Here's the service status:

```
status openvpn-server@server.service
* openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-06-26 13:46:22 EDT; 11min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 25096 (openvpn)
Status: "Initialization Sequence Completed"
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
`-25096 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf

Jun 26 13:51:54 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61593 Fatal TLS error (check_tls_errors_co), restarting
Jun 26 13:51:54 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61593 SIGUSR1[soft,tls-error] received, client-instance restarting
Jun 26 13:52:04 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61594 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your networ...ectivity)
Jun 26 13:52:04 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61594 TLS Error: TLS handshake failed
Jun 26 13:52:04 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61594 Fatal TLS error (check_tls_errors_co), restarting
Jun 26 13:52:04 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61594 SIGUSR1[soft,tls-error] received, client-instance restarting
Jun 26 13:52:14 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61595 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your networ...ectivity)
Jun 26 13:52:14 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61595 TLS Error: TLS handshake failed
Jun 26 13:52:14 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61595 Fatal TLS error (check_tls_errors_co), restarting
Jun 26 13:52:14 static.252.198.9.5.clients.your-server.de openvpn[25096]: 5.238.89.181:61595 SIGUSR1[soft,tls-error] received, client-instance restarting
Hint: Some lines were ellipsized, use -l to show in full.
[root@static openvpn]#
```

Here's the firewall config (csf):

```
cat /etc/csf/csfpost.sh
#!/bin/bash
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o ens192 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i ens192 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o ens192 -j ACCEPT
iptables -I INPUT 1 -i ens192 -p tcp --dport 1194 -j ACCEPT
```

Okay now let me give some info from the client.
The tcp connection seems to be fine :

```
telnet 5.9.198.252 1194
Trying 5.9.198.252...
Connected to 5.9.198.252.
Escape character is '^]'.
```

Here's the config for client (ovpn file):

```
client
proto tcp-client
remote 5.9.198.252 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_1IVTxvurQLC1Hno6 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBwTCCAWegAwIBAgIJAM2UO8XlZ8+MMAoGCCqGSM49BAMCMB4xHDAaBgNVBAMM
E2NuX3doZlZOcnpyUm5MczBScGwwHhcNMjIwNjI2MTYyNzU3WhcNMzIwNjIzMTYy
NzU3WjAeMRwwGgYDVQQDDBNjbl93aGZWTnJ6clJuTHMwUnBsMFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEY7+bOlbvp5paF07ZIfTPThoDj0V9v9gIA/4g5FQs+h6V
p1arkOadAY8RWqP1w94D4slSBXn5FKDiVGi05b4pj6OBjTCBijAdBgNVHQ4EFgQU
KV/DnziHKxpErIAxhkOewLZrJcAwTgYDVR0jBEcwRYAUKV/DnziHKxpErIAxhkOe
wLZrJcChIqQgMB4xHDAaBgNVBAMME2NuX3doZlZOcnpyUm5MczBScGyCCQDNlDvF
5WfPjDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBF
AiEAnB0nIY3+kuZzXiLtlX1mXtHmDNO6tq8ZWXW8lkKN0O0CIGvtd2j2UVo+ImCJ
d6CpW55VfijbquLfajqbDIxrLCun
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIByzCCAXGgAwIBAgIRALScONnjINcqYnXWvsOcRVswCgYIKoZIzj0EAwIwHjEc
MBoGA1UEAwwTY25fd2hmVk5yenJSbkxzMFJwbDAeFw0yMjA2MjYxNjI4MTFaFw0y
NDA5MjgxNjI4MTFaMA4xDDAKBgNVBAMMA3ZwbjBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABJCn4tfHYu5Lr67+C0loJ/bnDQZWQz6dXV+2T5qAHlydQQbHhAIbak+t
lnSU+ExgQilJG/VvYqDryB6bi3tCGJ2jgZ8wgZwwCQYDVR0TBAIwADAdBgNVHQ4E
FgQUv8F5Cx0TeYhkefVOfZchdyuktZgwTgYDVR0jBEcwRYAUKV/DnziHKxpErIAx
hkOewLZrJcChIqQgMB4xHDAaBgNVBAMME2NuX3doZlZOcnpyUm5MczBScGyCCQDN
lDvF5WfPjDATBgNVHSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwCgYIKoZI
zj0EAwIDSAAwRQIhAINarKQntk1NezLBKef1ftsXkOe68c9xbS/b8s2rnDRyAiAg
2D+n2Rn9IXVOjJyToak8BLHlGQtY2dRiKYga79CbJA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgmZmYKOfMcyCUwSI8
JnhSrrYqgyOq4Xscs+1hjbLiaAyhRANCAASQp+LXx2LuS6+u/gtJaCf25w0GVkM+
nV1ftk+agB5cnUEGx4QCG2pPrZZ0lPhMYEIpSRv1b2Kg68gem4t7Qhid
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
f224faa1ffe3f34581a94c69427d2d8c
453c534935b406b137bf5da92d9ef778
f0c05223b84b7c50f99c55cb62e0ed65
070466c0099f9bdd8977048aaa034341
1aace26ff332d0f579025cd1cf9ddea9
17411df538b3df4036236c0d8a5336df
dd4b418350755e7573ef9fb83e576c63
fe11ea37769799708cbf12e9e523e5d4
fb231f6b58933c21408e60b5d881a15c
a742ae0d5e5cde2eebce0409f7408495
f24ec6839dd440c66e8c8c17ed8aa1d0
b263936af6bdd1beb9d6b5fc32f6783e
7a6ff687ff46471d575239a0f174302e
cd59a8aedf6d40bb76c4a5639328a718
285f0775521c8f2acd34ed6f24263f23
3c967f5699d64cf88830ce8817f51a56
-----END OpenVPN Static key V1-----
</tls-crypt>
```

But the app keeps giving me connection timeout (I have saved this from the app clicked the icon on top):

```
Jun 26, 2022, 22:30:10] OpenVPN core 3.git::d3f8b18b mac x86_64 64-bit built on May 18 2022 07:15:04
?[Jun 26, 2022, 22:30:10] Frame=512/2048/512 mssfix-ctrl=1250
?[Jun 26, 2022, 22:30:10] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
11 [auth-nocache]
13 [tls-client]
16 [ignore-unknown-option] [block-outside-dns]
17 [block-outside-dns]
18 [verb] [3]
?[Jun 26, 2022, 22:30:10] EVENT: RESOLVE ?[Jun 26, 2022, 22:30:10] EVENT: WAIT ?[Jun 26, 2022, 22:30:10] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "5.9.198.252",
"ipv6" : false,
"pid" : 13445
}

?[Jun 26, 2022, 22:30:11] Connecting to [5.9.198.252]:1194 (5.9.198.252) via TCPv4
?[Jun 26, 2022, 22:30:20] Server poll timeout, trying next remote entry...
?[Jun 26, 2022, 22:30:20] EVENT: RECONNECTING ?[Jun 26, 2022, 22:30:20] EVENT: RESOLVE ?[Jun 26, 2022, 22:30:20] EVENT: WAIT ?[Jun 26, 2022, 22:30:20] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "5.9.198.252",
"ipv6" : false,
"pid" : 13445
}

?[Jun 26, 2022, 22:30:21] Connecting to [5.9.198.252]:1194 (5.9.198.252) via TCPv4
?[Jun 26, 2022, 22:30:30] Server poll timeout, trying next remote entry...
?[Jun 26, 2022, 22:30:30] EVENT: RECONNECTING ?[Jun 26, 2022, 22:30:30] EVENT: RESOLVE ?[Jun 26, 2022, 22:30:30] EVENT: WAIT ?[Jun 26, 2022, 22:30:30] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "5.9.198.252",
"ipv6" : false,
"pid" : 13445
}

?[Jun 26, 2022, 22:30:31] Connecting to [5.9.198.252]:1194 (5.9.198.252) via TCPv4
?[Jun 26, 2022, 22:30:40] Server poll timeout, trying next remote entry...
?[Jun 26, 2022, 22:30:40] EVENT: RECONNECTING ?[Jun 26, 2022, 22:30:40] EVENT: RESOLVE ?[Jun 26, 2022, 22:30:40] EVENT: WAIT ?[Jun 26, 2022, 22:30:40] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "5.9.198.252",
"ipv6" : false,
"pid" : 13445
}

?[Jun 26, 2022, 22:30:41] Connecting to [5.9.198.252]:1194 (5.9.198.252) via TCPv4
?[Jun 26, 2022, 22:30:50] Server poll timeout, trying next remote entry...
?[Jun 26, 2022, 22:30:50] EVENT: RECONNECTING ?[Jun 26, 2022, 22:30:50] EVENT: RESOLVE ?[Jun 26, 2022, 22:30:50] EVENT: WAIT ?[Jun 26, 2022, 22:30:50] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "5.9.198.252",
"ipv6" : false,
"pid" : 13445
}

?[Jun 26, 2022, 22:30:51] Connecting to [5.9.198.252]:1194 (5.9.198.252) via TCPv4
?[Jun 26, 2022, 22:31:00] Server poll timeout, trying next remote entry...
?[Jun 26, 2022, 22:31:00] EVENT: RECONNECTING ?[Jun 26, 2022, 22:31:00] EVENT: RESOLVE ?[Jun 26, 2022, 22:31:00] EVENT: WAIT ?[Jun 26, 2022, 22:31:00] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "5.9.198.252",
"ipv6" : false,
"pid" : 13445
}

?[Jun 26, 2022, 22:31:01] Connecting to [5.9.198.252]:1194 (5.9.198.252) via TCPv4
?[Jun 26, 2022, 22:31:10] EVENT: CONNECTION_TIMEOUT BYTES_OUT : 336
PACKETS_OUT : 6
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5
?[Jun 26, 2022, 22:31:10] EVENT: DISCONNECTED ?[Jun 26, 2022, 22:31:12] Raw stats on disconnect:
BYTES_OUT : 336
PACKETS_OUT : 6
CONNECTION_TIMEOUT : 1
N_RECONNECT : 5

?[Jun 26, 2022, 22:31:12] Performance stats on disconnect:
CPU usage (microseconds): 24454671
Network bytes per CPU second: 13
Tunnel bytes per CPU second: 0
?

```

I'm pretty new to both networking and openvpn, please guide me through this.
Thank you so much in advance

stevemoretz wrote: ↑

Sun Jun 26, 2022 6:02 pm

I'm pretty new to both networking and openvpn, please guide me through this.

Please start by reading the OpenVPN Howto.

WRT your issue, check that you have forwarded the port TCP:1194 for your server.

TinCanTech wrote: ↑

Sun Jun 26, 2022 6:33 pm

stevemoretz wrote: ↑

Sun Jun 26, 2022 6:02 pm

I'm pretty new to both networking and openvpn, please guide me through this.

Please start by reading the OpenVPN Howto.

WRT your issue, check that you have forwarded the port TCP:1194 for your server.

Hi thank you for the reply, I have search many places first then created this issue. I'm sorry but as I said I'm pretty new to this whole thing.

Here's the firewall config (csf):

```
cat /etc/csf/csfpost.sh
#!/bin/bash
iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o ens192 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i ens192 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o ens192 -j ACCEPT
iptables -I INPUT 1 -i ens192 -p tcp --dport 1194 -j ACCEPT
```

I'm guessing this should do the job, is there any command that let's me test if TCP:1194 is forwarded? I have root access to the server, but I don't know how to test this.

I have already tested this on the client and thought it was enough:

```
telnet 5.9.198.252 1194
Trying 5.9.198.252...
Connected to 5.9.198.252.
Escape character is '^]'.
```

I'm not sure about forwarding... a new concept to me...

I could enable the logs and here's what happens when the client is trying to connect in 60 seconds .

Listening for incoming TCP connection on [AF_INET][undef]:1195
TCPv4_SERVER link local (bound): [AF_INET][undef]:1195
TCPv4_SERVER link remote: [AF_UNSPEC]
GID set to nobody
UID set to nobody
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
IFCONFIG POOL LIST
MULTI: TCP INIT maxclients=1024 maxevents=1028
Initialization Sequence Completed
MULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
TCP connection established with [AF_INET]5.238.21.93:49962
TCPv4_SERVER link local: (not bound)
TCPv4_SERVER link remote: [AF_INET]5.238.21.93:49962
R5.238.21.93:49962 TLS: Initial packet from [AF_INET]5.238.21.93:49962, sid=93d22eb7 22aa1aee
WWWMULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
TCP connection established with [AF_INET]5.238.21.93:49963
TCPv4_SERVER link local: (not bound)
TCPv4_SERVER link remote: [AF_INET]5.238.21.93:49963
R5.238.21.93:49963 TLS: Initial packet from [AF_INET]5.238.21.93:49963, sid=26510223 3c79515f
WWWWMULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
TCP connection established with [AF_INET]5.238.21.93:49964
TCPv4_SERVER link local: (not bound)
TCPv4_SERVER link remote: [AF_INET]5.238.21.93:49964
R5.238.21.93:49964 TLS: Initial packet from [AF_INET]5.238.21.93:49964, sid=c2957f41 8663fc3a
WWWWMULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
TCP connection established with [AF_INET]5.238.21.93:49967
TCPv4_SERVER link local: (not bound)
TCPv4_SERVER link remote: [AF_INET]5.238.21.93:49967
R5.238.21.93:49967 TLS: Initial packet from [AF_INET]5.238.21.93:49967, sid=f920d3a5 a2affbed
WWWWWMULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
TCP connection established with [AF_INET]5.238.21.93:49968
TCPv4_SERVER link local: (not bound)
TCPv4_SERVER link remote: [AF_INET]5.238.21.93:49968
WR5.238.21.93:49968 TLS: Initial packet from [AF_INET]5.238.21.93:49968, sid=92d3929c cc99b167
WWWWMULTI: multi_create_instance called
Re-using SSL/TLS context
Control Channel MTU parms [ L:1623 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-server'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-GCM,auth [null-digest],keysize 128,key-method 2,tls-client'
TCP connection established with [AF_INET]5.238.21.93:49969
TCPv4_SERVER link local: (not bound)
TCPv4_SERVER link remote: [AF_INET]5.238.21.93:49969
R5.238.21.93:49969 TLS: Initial packet from [AF_INET]5.238.21.93:49969, sid=77da50a2 2281a969
WWWWW5.238.21.93:49962 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
5.238.21.93:49962 TLS Error: TLS handshake failed
5.238.21.93:49962 Fatal TLS error (check_tls_errors_co), restarting
5.238.21.93:49962 SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket
WW5.238.21.93:49963 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
5.238.21.93:49963 TLS Error: TLS handshake failed
5.238.21.93:49963 Fatal TLS error (check_tls_errors_co), restarting
5.238.21.93:49963 SIGUSR1[soft,tls-error] received, client-instance restarting
TCP/UDP: Closing socket

Also I noticed in the log that I sent, https://serverfault.com/a/765562 this issue occurs.
The port is changing but I am already using tcp!

Maybe
TCPv4_SERVER link local: (not bound)
This is the issue?

No one is gonna help me?I'm new and stuck.

There is something wrong with your network and it stops openvpn from connecting.