OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

TLS Error: TLS key negotiation failed to occur within 60 sec

https://forums.openvpn.net/viewtopic.php?t=9210

Page 1 of 1

TLS Error: TLS key negotiation failed to occur within 60 sec

Posted: Sun Nov 13, 2011 1:27 pm
by m0w1337
Hi!

Although my server is configured perfectly fine, and all the routers and firewalls, too i get this error message when trying to connect to my openVPN server via a Win 7 Laptop.

When using my macbook from the exact same network and with the same certificates and port/proto (Software: Tunnelblick) everything works fine.

I executed OpenVPN GUI as administrator, too and disabled all firewall on the windows laptop. Has anyone an idea what goes wrong here?

OpenVPN log:

Code: Select all

Sun Nov 13 14:20:49 2011 us=853000 Current Parameter Settings:
Sun Nov 13 14:20:49 2011 us=853000   config = 'client.ovpn'
Sun Nov 13 14:20:49 2011 us=853000   mode = 0
Sun Nov 13 14:20:49 2011 us=853000   show_ciphers = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   show_digests = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   show_engines = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   genkey = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   key_pass_file = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   show_tls_ciphers = DISABLED
Sun Nov 13 14:20:49 2011 us=853000 Connection profiles [default]:
Sun Nov 13 14:20:49 2011 us=853000   proto = udp
Sun Nov 13 14:20:49 2011 us=853000   local = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   local_port = 1194
Sun Nov 13 14:20:49 2011 us=853000   remote = 'wagner-markisen.dyndns.org'
Sun Nov 13 14:20:49 2011 us=853000   remote_port = 1194
Sun Nov 13 14:20:49 2011 us=853000   remote_float = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   bind_defined = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   bind_local = ENABLED
Sun Nov 13 14:20:49 2011 us=853000   connect_retry_seconds = 5
Sun Nov 13 14:20:49 2011 us=853000   connect_timeout = 10
Sun Nov 13 14:20:49 2011 us=853000   connect_retry_max = 0
Sun Nov 13 14:20:49 2011 us=853000   socks_proxy_server = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   socks_proxy_port = 0
Sun Nov 13 14:20:49 2011 us=853000   socks_proxy_retry = DISABLED
Sun Nov 13 14:20:49 2011 us=853000 Connection profiles END
Sun Nov 13 14:20:49 2011 us=853000   remote_random = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   ipchange = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   dev = 'tun'
Sun Nov 13 14:20:49 2011 us=853000   dev_type = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   dev_node = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   lladdr = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   topology = 1
Sun Nov 13 14:20:49 2011 us=853000   tun_ipv6 = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   ifconfig_local = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   ifconfig_remote_netmask = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   ifconfig_noexec = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   ifconfig_nowarn = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   shaper = 0
Sun Nov 13 14:20:49 2011 us=853000   tun_mtu = 1500
Sun Nov 13 14:20:49 2011 us=853000   tun_mtu_defined = ENABLED
Sun Nov 13 14:20:49 2011 us=853000   link_mtu = 1500
Sun Nov 13 14:20:49 2011 us=853000   link_mtu_defined = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   tun_mtu_extra = 0
Sun Nov 13 14:20:49 2011 us=853000   tun_mtu_extra_defined = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   fragment = 0
Sun Nov 13 14:20:49 2011 us=853000   mtu_discover_type = -1
Sun Nov 13 14:20:49 2011 us=853000   mtu_test = 0
Sun Nov 13 14:20:49 2011 us=853000   mlock = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   keepalive_ping = 0
Sun Nov 13 14:20:49 2011 us=853000   keepalive_timeout = 0
Sun Nov 13 14:20:49 2011 us=853000   inactivity_timeout = 0
Sun Nov 13 14:20:49 2011 us=853000   ping_send_timeout = 0
Sun Nov 13 14:20:49 2011 us=853000   ping_rec_timeout = 0
Sun Nov 13 14:20:49 2011 us=853000   ping_rec_timeout_action = 0
Sun Nov 13 14:20:49 2011 us=853000   ping_timer_remote = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   remap_sigusr1 = 0
Sun Nov 13 14:20:49 2011 us=853000   explicit_exit_notification = 0
Sun Nov 13 14:20:49 2011 us=853000   persist_tun = ENABLED
Sun Nov 13 14:20:49 2011 us=853000   persist_local_ip = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   persist_remote_ip = DISABLED
Sun Nov 13 14:20:49 2011 us=853000   persist_key = ENABLED
Sun Nov 13 14:20:49 2011 us=853000   mssfix = 1450
Sun Nov 13 14:20:49 2011 us=853000   resolve_retry_seconds = 1000000000
Sun Nov 13 14:20:49 2011 us=853000   username = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   groupname = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   chroot_dir = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   cd_dir = '[UNDEF]'
Sun Nov 13 14:20:49 2011 us=853000   writepid = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=40000   up_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=40000   down_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=40000   down_pre = DISABLED
Sun Nov 13 14:20:50 2011 us=40000   up_restart = DISABLED
Sun Nov 13 14:20:50 2011 us=40000   up_delay = DISABLED
Sun Nov 13 14:20:50 2011 us=40000   daemon = DISABLED
Sun Nov 13 14:20:50 2011 us=40000   inetd = 0
Sun Nov 13 14:20:50 2011 us=40000   log = DISABLED
Sun Nov 13 14:20:50 2011 us=40000   suppress_timestamps = DISABLED
Sun Nov 13 14:20:50 2011 us=40000   nice = 0
Sun Nov 13 14:20:50 2011 us=40000   verbosity = 4
Sun Nov 13 14:20:50 2011 us=40000   mute = 0
Sun Nov 13 14:20:50 2011 us=40000   gremlin = 0
Sun Nov 13 14:20:50 2011 us=40000   status_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=40000   status_file_version = 1
Sun Nov 13 14:20:50 2011 us=40000   status_file_update_freq = 60
Sun Nov 13 14:20:50 2011 us=40000   occ = ENABLED
Sun Nov 13 14:20:50 2011 us=40000   rcvbuf = 0
Sun Nov 13 14:20:50 2011 us=40000   sndbuf = 0
Sun Nov 13 14:20:50 2011 us=56000   sockflags = 0
Sun Nov 13 14:20:50 2011 us=56000   fast_io = DISABLED
Sun Nov 13 14:20:50 2011 us=56000   lzo = 0
Sun Nov 13 14:20:50 2011 us=56000   route_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=56000   route_default_gateway = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=56000   route_default_metric = 0
Sun Nov 13 14:20:50 2011 us=56000   route_noexec = DISABLED
Sun Nov 13 14:20:50 2011 us=56000   route_delay = 2
Sun Nov 13 14:20:50 2011 us=56000   route_delay_window = 30
Sun Nov 13 14:20:50 2011 us=56000   route_delay_defined = ENABLED
Sun Nov 13 14:20:50 2011 us=56000   route_nopull = DISABLED
Sun Nov 13 14:20:50 2011 us=56000   route_gateway_via_dhcp = DISABLED
Sun Nov 13 14:20:50 2011 us=56000   max_routes = 100
Sun Nov 13 14:20:50 2011 us=56000   allow_pull_fqdn = DISABLED
Sun Nov 13 14:20:50 2011 us=56000   management_addr = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=56000   management_port = 0
Sun Nov 13 14:20:50 2011 us=72000   management_user_pass = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=72000   management_log_history_cache = 250
Sun Nov 13 14:20:50 2011 us=72000   management_echo_buffer_size = 100
Sun Nov 13 14:20:50 2011 us=72000   management_write_peer_info_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=72000   management_client_user = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=72000   management_client_group = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=72000   management_flags = 0
Sun Nov 13 14:20:50 2011 us=72000   shared_secret_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=72000   key_direction = 0
Sun Nov 13 14:20:50 2011 us=72000   ciphername_defined = ENABLED
Sun Nov 13 14:20:50 2011 us=72000   ciphername = 'BF-CBC'
Sun Nov 13 14:20:50 2011 us=72000   authname_defined = ENABLED
Sun Nov 13 14:20:50 2011 us=72000   authname = 'SHA1'
Sun Nov 13 14:20:50 2011 us=72000   prng_hash = 'SHA1'
Sun Nov 13 14:20:50 2011 us=72000   prng_nonce_secret_len = 16
Sun Nov 13 14:20:50 2011 us=72000   keysize = 0
Sun Nov 13 14:20:50 2011 us=87000   engine = DISABLED
Sun Nov 13 14:20:50 2011 us=87000   replay = ENABLED
Sun Nov 13 14:20:50 2011 us=87000   mute_replay_warnings = DISABLED
Sun Nov 13 14:20:50 2011 us=87000   replay_window = 64
Sun Nov 13 14:20:50 2011 us=87000   replay_time = 15
Sun Nov 13 14:20:50 2011 us=87000   packet_id_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=87000   use_iv = ENABLED
Sun Nov 13 14:20:50 2011 us=87000   test_crypto = DISABLED
Sun Nov 13 14:20:50 2011 us=87000   tls_server = DISABLED
Sun Nov 13 14:20:50 2011 us=87000   tls_client = ENABLED
Sun Nov 13 14:20:50 2011 us=87000   key_method = 2
Sun Nov 13 14:20:50 2011 us=87000   ca_file = 'ca.crt'
Sun Nov 13 14:20:50 2011 us=87000   ca_path = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=87000   dh_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=87000   cert_file = 'Moritz.crt'
Sun Nov 13 14:20:50 2011 us=87000   priv_key_file = 'Moritz.key'
Sun Nov 13 14:20:50 2011 us=87000   pkcs12_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   cryptoapi_cert = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   cipher_list = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   tls_verify = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   tls_export_cert = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   tls_remote = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   crl_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   ns_cert_type = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_ku[i] = 0
Sun Nov 13 14:20:50 2011 us=103000   remote_cert_eku = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=103000   tls_timeout = 2
Sun Nov 13 14:20:50 2011 us=103000   renegotiate_bytes = 0
Sun Nov 13 14:20:50 2011 us=103000   renegotiate_packets = 0
Sun Nov 13 14:20:50 2011 us=103000   renegotiate_seconds = 3600
Sun Nov 13 14:20:50 2011 us=103000   handshake_window = 60
Sun Nov 13 14:20:50 2011 us=103000   transition_window = 3600
Sun Nov 13 14:20:50 2011 us=103000   single_session = DISABLED
Sun Nov 13 14:20:50 2011 us=103000   push_peer_info = DISABLED
Sun Nov 13 14:20:50 2011 us=103000   tls_exit = DISABLED
Sun Nov 13 14:20:50 2011 us=118000   tls_auth_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=118000   server_network = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   server_netmask = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   server_bridge_ip = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   server_bridge_netmask = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   server_bridge_pool_start = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   server_bridge_pool_end = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   ifconfig_pool_defined = DISABLED
Sun Nov 13 14:20:50 2011 us=118000   ifconfig_pool_start = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   ifconfig_pool_end = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   ifconfig_pool_netmask = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=118000   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=118000   ifconfig_pool_persist_refresh_freq = 600
Sun Nov 13 14:20:50 2011 us=118000   n_bcast_buf = 256
Sun Nov 13 14:20:50 2011 us=118000   tcp_queue_limit = 64
Sun Nov 13 14:20:50 2011 us=134000   real_hash_size = 256
Sun Nov 13 14:20:50 2011 us=134000   virtual_hash_size = 256
Sun Nov 13 14:20:50 2011 us=134000   client_connect_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=134000   learn_address_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=134000   client_disconnect_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=134000   client_config_dir = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=134000   ccd_exclusive = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   tmp_dir = 'C:\Users\Wagner\AppData\Local\Temp\'
Sun Nov 13 14:20:50 2011 us=134000   push_ifconfig_defined = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   push_ifconfig_local = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=134000   push_ifconfig_remote_netmask = 0.0.0.0
Sun Nov 13 14:20:50 2011 us=134000   enable_c2c = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   duplicate_cn = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   cf_max = 0
Sun Nov 13 14:20:50 2011 us=134000   cf_per = 0
Sun Nov 13 14:20:50 2011 us=134000   max_clients = 1024
Sun Nov 13 14:20:50 2011 us=134000   max_routes_per_client = 256
Sun Nov 13 14:20:50 2011 us=134000   auth_user_pass_verify_script = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=134000   auth_user_pass_verify_script_via_file = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   ssl_flags = 0
Sun Nov 13 14:20:50 2011 us=134000   client = ENABLED
Sun Nov 13 14:20:50 2011 us=134000   pull = ENABLED
Sun Nov 13 14:20:50 2011 us=134000   auth_user_pass_file = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=134000   show_net_up = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   route_method = 2
Sun Nov 13 14:20:50 2011 us=134000   ip_win32_defined = DISABLED
Sun Nov 13 14:20:50 2011 us=134000   ip_win32_type = 3
Sun Nov 13 14:20:50 2011 us=134000   dhcp_masq_offset = 0
Sun Nov 13 14:20:50 2011 us=134000   dhcp_lease_time = 31536000
Sun Nov 13 14:20:50 2011 us=134000   tap_sleep = 0
Sun Nov 13 14:20:50 2011 us=150000   dhcp_options = DISABLED
Sun Nov 13 14:20:50 2011 us=150000   dhcp_renew = DISABLED
Sun Nov 13 14:20:50 2011 us=150000   dhcp_pre_release = DISABLED
Sun Nov 13 14:20:50 2011 us=150000   dhcp_release = DISABLED
Sun Nov 13 14:20:50 2011 us=150000   domain = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=150000   netbios_scope = '[UNDEF]'
Sun Nov 13 14:20:50 2011 us=150000   netbios_node_type = 0
Sun Nov 13 14:20:50 2011 us=150000   disable_nbt = DISABLED
Sun Nov 13 14:20:50 2011 us=150000 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul  1 2011
Sun Nov 13 14:20:50 2011 us=150000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 13 14:20:50 2011 us=150000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 13 14:20:50 2011 us=150000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 13 14:20:50 2011 us=524000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 13 14:20:50 2011 us=540000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 13 14:20:50 2011 us=696000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 13 14:20:50 2011 us=696000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 13 14:20:50 2011 us=696000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 13 14:20:50 2011 us=696000 Local Options hash (VER=V4): '3514370b'
Sun Nov 13 14:20:50 2011 us=696000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 13 14:20:50 2011 us=696000 UDPv4 link local (bound): [undef]:1194
Sun Nov 13 14:20:50 2011 us=696000 UDPv4 link remote: 95.112.248.66:1194
Sun Nov 13 14:21:50 2011 us=865000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 13 14:21:50 2011 us=865000 TLS Error: TLS handshake failed
Sun Nov 13 14:21:50 2011 us=865000 TCP/UDP: Closing socket
Sun Nov 13 14:21:50 2011 us=865000 SIGUSR1[soft,tls-error] received, process restarting
Sun Nov 13 14:21:50 2011 us=865000 Restart pause, 2 second(s)
Sun Nov 13 14:21:52 2011 us=878000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 13 14:21:52 2011 us=878000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 13 14:21:52 2011 us=878000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 13 14:21:52 2011 us=878000 Re-using SSL/TLS context
Sun Nov 13 14:21:52 2011 us=878000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 13 14:21:52 2011 us=878000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 13 14:21:53 2011 us=34000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 13 14:21:53 2011 us=34000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 13 14:21:53 2011 us=34000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 13 14:21:53 2011 us=34000 Local Options hash (VER=V4): '3514370b'
Sun Nov 13 14:21:53 2011 us=34000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 13 14:21:53 2011 us=49000 UDPv4 link local (bound): [undef]:1194
Sun Nov 13 14:21:53 2011 us=49000 UDPv4 link remote: 95.112.248.66:1194
Sun Nov 13 14:22:53 2011 us=203000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 13 14:22:53 2011 us=203000 TLS Error: TLS handshake failed
Sun Nov 13 14:22:53 2011 us=203000 TCP/UDP: Closing socket
Sun Nov 13 14:22:53 2011 us=203000 SIGUSR1[soft,tls-error] received, process restarting
Sun Nov 13 14:22:53 2011 us=203000 Restart pause, 2 second(s)
Sun Nov 13 14:22:55 2011 us=216000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 13 14:22:55 2011 us=216000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 13 14:22:55 2011 us=216000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 13 14:22:55 2011 us=216000 Re-using SSL/TLS context
Sun Nov 13 14:22:55 2011 us=216000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 13 14:22:55 2011 us=216000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 13 14:22:55 2011 us=372000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 13 14:22:55 2011 us=372000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 13 14:22:55 2011 us=372000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 13 14:22:55 2011 us=372000 Local Options hash (VER=V4): '3514370b'
Sun Nov 13 14:22:55 2011 us=372000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 13 14:22:55 2011 us=372000 UDPv4 link local (bound): [undef]:1194
Sun Nov 13 14:22:55 2011 us=372000 UDPv4 link remote: 95.112.248.66:1194
Sun Nov 13 14:23:55 2011 us=994000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 13 14:23:55 2011 us=994000 TLS Error: TLS handshake failed
Sun Nov 13 14:23:55 2011 us=994000 TCP/UDP: Closing socket
Sun Nov 13 14:23:55 2011 us=994000 SIGUSR1[soft,tls-error] received, process restarting
Sun Nov 13 14:23:55 2011 us=994000 Restart pause, 2 second(s)
Sun Nov 13 14:23:58 2011 us=6000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Nov 13 14:23:58 2011 us=6000 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Nov 13 14:23:58 2011 us=6000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Nov 13 14:23:58 2011 us=6000 Re-using SSL/TLS context
Sun Nov 13 14:23:58 2011 us=6000 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Nov 13 14:23:58 2011 us=6000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Nov 13 14:23:58 2011 us=146000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Sun Nov 13 14:23:58 2011 us=146000 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Nov 13 14:23:58 2011 us=146000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Nov 13 14:23:58 2011 us=146000 Local Options hash (VER=V4): '3514370b'
Sun Nov 13 14:23:58 2011 us=146000 Expected Remote Options hash (VER=V4): '239669a8'
Sun Nov 13 14:23:58 2011 us=146000 UDPv4 link local (bound): [undef]:1194
Sun Nov 13 14:23:58 2011 us=146000 UDPv4 link remote: 95.112.248.66:1194
I would be extremely happy, if anyone of you has some idea, because i don't have any more.
Thank you very much!!!
Moritz

Re: TLS Error: TLS key negotiation failed to occur within 60

Posted: Sun Nov 13, 2011 7:38 pm
by Mimiko
From win 7 do a tracert 95.112.248.66

Re: TLS Error: TLS key negotiation failed to occur within 60

Posted: Sun Nov 13, 2011 9:47 pm
by m0w1337
I did that now using my macbook because i haven't acces to the win7 PC at the moment.
I also encountered, that the connection won't work here either, but only sometimes... this seems to be very strange, because the webserver running on the sasme machin as the OpenVPN server is accessible, while the VPN connection won't work.

The traceroute output was as follows (95.112.202.191 is the new IP of the server):

Code: Select all

traceroute to 95.112.202.191 (95.112.202.191), 64 hops max, 52 byte packets
 1  fritz.box (192.168.178.1)  4.273 ms  1.990 ms  1.676 ms
 2  ppp-default.m-online.net (82.135.16.28)  30.936 ms  32.669 ms  33.868 ms
 3  te1-4-2001.r1.muc7.m-online.net (82.135.16.161)  46.878 ms  59.214 ms  43.753 ms
 4  xe-2-1-0.rt-inxs-1.m-online.net (212.18.6.110)  32.579 ms  31.842 ms  32.944 ms
 5  inxs.mediaways.net (194.59.190.9)  40.253 ms  31.907 ms  32.198 ms
 6  xmwc-mnch-de01-gigaet-1-4.nw.mediaways.net (213.20.152.225)  31.726 ms  34.108 ms
    xmwc-mnch-de02-gigaet-1-4.nw.mediaways.net (213.20.152.229)  35.546 ms
 7  213.20.173.161 (213.20.173.161)  33.180 ms
    62.53.207.162 (62.53.207.162)  34.339 ms  33.445 ms
 8  rmwc-mnch-de01-chan-3-0.nw.mediaways.net (213.20.172.61)  31.483 ms  31.918 ms  35.065 ms
 9  rmwc-stgt-de01-pos-0-1.nw.mediaways.net (195.71.254.90)  35.894 ms  38.588 ms
    rmwc-stgt-de01-pos-5-0.nw.mediaways.net (195.71.212.234)  36.021 ms
10  xmwc-stgt-de01-vlan-6.nw.mediaways.net (62.53.220.131)  37.655 ms
    xmwc-stgt-de01-vlan-4.nw.mediaways.net (195.71.231.71)  35.670 ms  37.220 ms
11  rdsl-stgt-de02-chan-1.nw.mediaways.net (195.71.151.25)  35.624 ms  35.345 ms  34.395 ms
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
this doesn't look very good, does it? what's the matter with this? For me it looks as if the rout gets lost somwhere in stuttgart, doesn't it? but if this is the case, then why is my webserver reachable in this very moment?


Sorry for those lots of questions, and thanks for the help!
Moritz

Re: TLS Error: TLS key negotiation failed to occur within 60

Posted: Sun Nov 13, 2011 10:02 pm
by Mimiko
Please resolve traceroute and pings issues.

Re: TLS Error: TLS key negotiation failed to occur within 60

Posted: Sun Nov 13, 2011 10:06 pm
by m0w1337
ping is working correctly and how should i resolve the traceroute issues?? i don't have a clue sorry.... I mean how is my laptop getting the website from this server, if it eaven can't trace the route??

Re: TLS Error: TLS key negotiation failed to occur within 60

Posted: Sun Nov 13, 2011 10:11 pm
by Mimiko
From mea the traceroute got with 11 hopes only without problems. Something on the way from you interferes. Web site is tolerrant on packets losts, so even with problems with pings and traceroutes it will show. The OpenVPN is sensitive to packets losts. So check firewall and hidden proxies.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/