TLS protocol error / log and config in post
Posted: Thu May 25, 2023 5:20 pm
I receive an error when connecting a previously connected client to our vpn network. All other clients connect with out issue. Below is the error log and config file information
OpenVpn client version: 2.6.4 (latest)
Error:
Thu May 25 12:46:59 2023 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
Thu May 25 12:46:59 2023 OpenSSL: error:0A000102:SSL routines::unsupported protocol
Thu May 25 12:46:59 2023 TLS_ERROR: BIO read tls_read_plaintext error
Thu May 25 12:46:59 2023 TLS Error: TLS object -> incoming plaintext read error
Thu May 25 12:46:59 2023 TLS Error: TLS handshake failed
Config file contents - minus CA info:
client
dev tun
proto udp
explicit-exit-notify 3
remote x.x.x.x
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-256-CBC
comp-lzo no
tun-mtu 45000
mssfix 0
#Enable following txqueuelen option on Linux Clients for better performance
#txqueuelen 1000
mute-replay-warnings
I tried to add the tls min 1.0 line to the config file but when i try to reconnect the client says it cannot open the config file.
i have also enabled tls 1.2 and 1.0 on the client machine The client machine is windows 11 and the OpenVPN server is running on a cisco rv260w router
Please advise?
I appreciate your assistance
Thank you
Westman
OpenVpn client version: 2.6.4 (latest)
Error:
Thu May 25 12:46:59 2023 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
Thu May 25 12:46:59 2023 OpenSSL: error:0A000102:SSL routines::unsupported protocol
Thu May 25 12:46:59 2023 TLS_ERROR: BIO read tls_read_plaintext error
Thu May 25 12:46:59 2023 TLS Error: TLS object -> incoming plaintext read error
Thu May 25 12:46:59 2023 TLS Error: TLS handshake failed
Config file contents - minus CA info:
client
dev tun
proto udp
explicit-exit-notify 3
remote x.x.x.x
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
cipher AES-256-CBC
comp-lzo no
tun-mtu 45000
mssfix 0
#Enable following txqueuelen option on Linux Clients for better performance
#txqueuelen 1000
mute-replay-warnings
I tried to add the tls min 1.0 line to the config file but when i try to reconnect the client says it cannot open the config file.
i have also enabled tls 1.2 and 1.0 on the client machine The client machine is windows 11 and the OpenVPN server is running on a cisco rv260w router
Please advise?
I appreciate your assistance
Thank you
Westman