Handshake Issues

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Fiddlesticks
OpenVpn Newbie
Posts: 4
Joined: Sat Jan 29, 2011 8:31 pm

Handshake Issues

Post by Fiddlesticks » Sat Jan 29, 2011 8:53 pm

Hello, and thanks in advance.

I've a VPS with openVPN Server installed, and a home network with the tomato version of openVPN client on my router. I've got them both set up and configured, but there appear to be handshake issues. I wonder if anyone would be able to offer advice?

Code: Select all

CLIENT LOG
****************************************************************
Jan 29 20:00:01 unknown syslog.info root: -- MARK --
Jan 29 20:34:48 unknown user.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
Jan 29 20:34:48 unknown daemon.notice openvpn[3423]: OpenVPN 2.1.1 mipsel-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Nov 30 2010
Jan 29 20:34:49 unknown daemon.warn openvpn[3423]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 29 20:34:49 unknown daemon.warn openvpn[3423]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 29 20:34:49 unknown daemon.notice openvpn[3423]: LZO compression initialized
Jan 29 20:34:49 unknown daemon.notice openvpn[3423]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 29 20:34:49 unknown daemon.notice openvpn[3423]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: UDPv4 link local: [undef]
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: UDPv4 link remote: 95.95.95.95:1194
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: TLS: Initial packet from 95.95.95.95:1194, sid=9d3ede58 12c1934a
Jan 29 20:34:49 unknown daemon.err openvpn[3429]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=GB/ST=GB/L=Liverpool/O=mydomain.co.uk/CN=mydomain.co.uk_CA/emailAddress=postmaster@mydomain.co.uk
Jan 29 20:34:49 unknown daemon.err openvpn[3429]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan 29 20:34:49 unknown daemon.err openvpn[3429]: TLS Error: TLS object -> incoming plaintext read error
Jan 29 20:34:49 unknown daemon.err openvpn[3429]: TLS Error: TLS handshake failed
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: TCP/UDP: Closing socket
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: SIGUSR1[soft,tls-error] received, process restarting
Jan 29 20:34:49 unknown daemon.notice openvpn[3429]: Restart pause, 2 second(s)
Jan 29 20:34:51 unknown daemon.warn openvpn[3429]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 29 20:34:51 unknown daemon.warn openvpn[3429]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: Re-using SSL/TLS context
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: LZO compression initialized
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: UDPv4 link local: [undef]
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: UDPv4 link remote: 95.95.95.95:1194
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: TLS: Initial packet from 95.95.95.95:1194, sid=642a0d6a 6b715f17
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=GB/ST=GB/L=Liverpool/O=mydomain.co.uk/CN=mydomain.co.uk_CA/emailAddress=postmaster@mydomain.co.uk
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS Error: TLS object -> incoming plaintext read error
Jan 29 20:34:51 unknown daemon.err openvpn[3429]: TLS Error: TLS handshake failed
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: TCP/UDP: Closing socket
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: SIGUSR1[soft,tls-error] received, process restarting
Jan 29 20:34:51 unknown daemon.notice openvpn[3429]: Restart pause, 2 second(s)
Jan 29 20:34:53 unknown daemon.warn openvpn[3429]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan 29 20:34:53 unknown daemon.warn openvpn[3429]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: Re-using SSL/TLS context
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: LZO compression initialized
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: UDPv4 link local: [undef]
Jan 29 20:34:53 unknown daemon.notice openvpn[3429]: UDPv4 link remote: 95.95.95.95:1194
Jan 29 20:34:53 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:53 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:53 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:53 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
............
Jan 29 20:34:55 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:34:55 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_CONTROL_V1)
Jan 29 20:35:23 unknown daemon.err openvpn[3429]: TLS Error: Unroutable control packet received from 95.95.95.95:1194 (si=3 op=P_ACK_V1)
Jan 29 20:35:25 unknown daemon.notice openvpn[3429]: TCP/UDP: Closing socket
Jan 29 20:35:25 unknown daemon.notice openvpn[3429]: SIGTERM[hard,] received, process exiting

Code: Select all

SERVER LOGS
****************************************************************
Sat Jan 29 20:34:40 2011 OpenVPN 2.1_rc11 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar  9 2009
Sat Jan 29 20:34:40 2011 Diffie-Hellman initialized with 1024 bit key
Sat Jan 29 20:34:40 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sat Jan 29 20:34:40 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jan 29 20:34:40 2011 ROUTE default_gateway=95.154.254.2
Sat Jan 29 20:34:40 2011 TUN/TAP device tun0 opened
Sat Jan 29 20:34:40 2011 TUN/TAP TX queue length set to 100
Sat Jan 29 20:34:40 2011 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Sat Jan 29 20:34:40 2011 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Sat Jan 29 20:34:40 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jan 29 20:34:40 2011 GID set to nogroup
Sat Jan 29 20:34:40 2011 UID set to nobody
Sat Jan 29 20:34:40 2011 Socket Buffers: R=[129024->131072] S=[129024->131072]
Sat Jan 29 20:34:40 2011 UDPv4 link local (bound): 95.95.95.95:1194
Sat Jan 29 20:34:40 2011 UDPv4 link remote: [undef]
Sat Jan 29 20:34:40 2011 MULTI: multi_init called, r=256 v=256
Sat Jan 29 20:34:40 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Sat Jan 29 20:34:40 2011 IFCONFIG POOL LIST
Sat Jan 29 20:34:40 2011 Initialization Sequence Completed
Sat Jan 29 20:34:48 2011 MULTI: multi_create_instance called
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 Re-using SSL/TLS context
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 LZO compression initialized
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 Local Options hash (VER=V4): '530fdded'
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 Expected Remote Options hash (VER=V4): '41690919'
Sat Jan 29 20:34:48 2011 82.82.82.82:1024 TLS: Initial packet from 82.82.82.82:1024, sid=4c7f2aa1 18251796
Sat Jan 29 20:34:51 2011 82.82.82.82:1024 TLS: new session incoming connection from 82.82.82.82:1024
Sat Jan 29 20:34:53 2011 82.82.82.82:1024 TLS: new session incoming connection from 82.82.82.82:1024
Sat Jan 29 20:35:25 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:25 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED|ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:27 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:29 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:31 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:33 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:33 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:35 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:35 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:37 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:37 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:40 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:40 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:41 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:43 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:45 2011 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:45 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:47 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:47 2011 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Jan 29 20:35:49 2011 82.82.82.82:1024 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 29 20:35:49 2011 82.82.82.82:1024 TLS Error: TLS handshake failed
Sat Jan 29 20:35:49 2011 82.82.82.82:1024 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Jan 29 20:35:52 2011 event_wait : Interrupted system call (code=4)
Sat Jan 29 20:35:52 2011 TCP/UDP: Closing socket
Sat Jan 29 20:35:52 2011 /sbin/route del -net 10.8.0.0 netmask 255.255.255.0
SIOCDELRT: Operation not permitted
Sat Jan 29 20:35:52 2011 ERROR: Linux route delete command failed: external program exited with error status: 7
Sat Jan 29 20:35:52 2011 Closing TUN/TAP interface
Sat Jan 29 20:35:52 2011 /sbin/ifconfig tun0 0.0.0.0
SIOCSIFADDR: Permission denied
SIOCSIFFLAGS: Permission denied
Sat Jan 29 20:35:52 2011 Linux ip addr del failed: external program exited with error status: 255
Sat Jan 29 20:35:52 2011 SIGINT[hard,] received, process exiting

Code: Select all


SERVER CONF FILE
***********************************************************************
mode server
tls-server
local 95.95.95.95
port 1194
#proto tcp
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
max-clients 10
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 95.154.254.254"
push "dhcp-option DNS 208.67.220.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
user nobody
group nogroup
Top
Fiddlesticks
OpenVpn Newbie
Posts: 4
Joined: Sat Jan 29, 2011 8:31 pm

Re: Handshake Issues

Post by Fiddlesticks » Sun Jan 30, 2011 12:13 am

Problem between chair and keyboard.

I had failed to copy the certificates from /etc/openvpn/easy-rsa/keys/ to /etc/openvpn/

:oops:
Top
Post Reply

Return to “Installation Help”