TLS error occurs when I try to connect to an OpenVPN server from a router
Posted: Sat Nov 19, 2022 5:47 pm
Hello everyone, today I created an OpenVPN server on my VDS to connect work devices to the same network, and although all clients on Windows 10 connect without any problems, I get an error on the router from the same network as Win10 machines
Nov 19 15:11:55 openvpn[1449]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=63731366 8295bc9d
Nov 19 15:12:55 openvpn[1449]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 19 15:12:55 openvpn[1449]: TLS Error: TLS handshake failed
Nov 19 15:12:55 openvpn[1449]: SIGUSR1[soft,tls-error] received, process restarting
Nov 19 15:12:55 openvpn[1449]: Restart pause, 2 second(s)
Nov 19 15:12:57 openvpn[1449]: Socket Buffers: R=[116736->131072] S=[116736->131072]
Nov 19 15:12:57 openvpn[1449]: UDPv4 link local: [undef]
Nov 19 15:12:57 openvpn[1449]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Nov 19 15:12:57 openvpn[1449]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=44190fe3 f770cb18
and so on
My server config
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "route 10.0.56.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 95.167.167.95"
client-to-client
keepalive 20 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256
### before TLS error, syslog on mu asus router complained about nobody and nogroup ###
;user nobody
;group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
No matter what i try to do TLS handshake still drops between router and server.
I will be glad for your advice.
Nov 19 15:11:55 openvpn[1449]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=63731366 8295bc9d
Nov 19 15:12:55 openvpn[1449]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 19 15:12:55 openvpn[1449]: TLS Error: TLS handshake failed
Nov 19 15:12:55 openvpn[1449]: SIGUSR1[soft,tls-error] received, process restarting
Nov 19 15:12:55 openvpn[1449]: Restart pause, 2 second(s)
Nov 19 15:12:57 openvpn[1449]: Socket Buffers: R=[116736->131072] S=[116736->131072]
Nov 19 15:12:57 openvpn[1449]: UDPv4 link local: [undef]
Nov 19 15:12:57 openvpn[1449]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Nov 19 15:12:57 openvpn[1449]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=44190fe3 f770cb18
and so on
My server config
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "route 10.0.1.0 255.255.255.0"
push "route 10.0.56.0 255.255.255.0"
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 95.167.167.95"
client-to-client
keepalive 20 120
tls-auth ta.key 0
cipher AES-256-CBC
auth SHA256
### before TLS error, syslog on mu asus router complained about nobody and nogroup ###
;user nobody
;group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 1
No matter what i try to do TLS handshake still drops between router and server.
I will be glad for your advice.