TLS ERROR: tls key negotiation failed to occur within 60 sec

pendrive · Post by **pendrive** » Sat Feb 11, 2012 3:45 am

hello dears.
I've got a problem with seems could not deal with that.
i've set up a openvpn on a remote ubuntu server vps.
every time I try to connect to it with o

Code: Select all

~# penvpn client.conf

on my linux client,
it fails and gives me the

Code: Select all

TLS ERROR: tls key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS ERROR: TLS handshake error

because of I have a openvpn server in my lan exactly with the same configuration on the remote vps and it does great, to get rid of remote gateway problems, I even use of port tcp 80. (and you can see in the openvpn server log the connection itself does not have any problems. even I checked it out with wireshark)

even I tested putting the tun-mtu 1500 option in the both client and server confs.
I have not created the server.key and server.crt and client1.key and client1.crt and etc files on the vps. I transferred them from my tested solution but I tested them with the

Code: Select all

~# openssl verify -CAfile ca.crt -purpose sslclient client1.crt
~# openssl verify -CAfile ca.crt -purpose sslserver server.crt

and gives me OK with no error

in the client there just a tls handshake error

and here's the openvpn.log in the server side

Code: Select all

root@srv5943:~# root@srv5943:~# tail -20 /etc/openvpn/openvpn.log
Sat Feb 11 05:37:56 2012 LZO compression initialized
Sat Feb 11 05:37:56 2012 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Feb 11 05:37:56 2012 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Feb 11 05:37:56 2012 Local Options hash (VER=V4): 'c0103fa8'
Sat Feb 11 05:37:56 2012 Expected Remote Options hash (VER=V4): '69109d17'
Sat Feb 11 05:37:56 2012 TCP connection established with [AF_INET]37.98.4.204:18003
Sat Feb 11 05:37:56 2012 Socket Buffers: R=[131072->131072] S=[131072->131072]
Sat Feb 11 05:37:56 2012 TCPv4_SERVER link local: [undef]
Sat Feb 11 05:37:56 2012 TCPv4_SERVER link remote: [AF_INET]37.98.4.204:18003
Sat Feb 11 05:37:56 2012 37.98.4.204:18003 TLS: Initial packet from [AF_INET]37.98.4.204:18003, sid=464c4100 a22387a2
Sat Feb 11 05:38:07 2012 37.98.4.204:18002 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Feb 11 05:38:07 2012 37.98.4.204:18002 TLS Error: TLS handshake failed
Sat Feb 11 05:38:07 2012 37.98.4.204:18002 Fatal TLS error (check_tls_errors_co), restarting
Sat Feb 11 05:38:07 2012 37.98.4.204:18002 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Feb 11 05:38:07 2012 TCP/UDP: Closing socket
Sat Feb 11 05:38:56 2012 37.98.4.204:18003 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Feb 11 05:38:56 2012 37.98.4.204:18003 TLS Error: TLS handshake failed
Sat Feb 11 05:38:56 2012 37.98.4.204:18003 Fatal TLS error (check_tls_errors_co), restarting
Sat Feb 11 05:38:56 2012 37.98.4.204:18003 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Feb 11 05:38:56 2012 TCP/UDP: Closing socket

the vps iptables does't fingering any packets

is there possibility there are some rules on the remote network's gateway that block tls?
I mean as I know openvpn does't use tls with other ports like HTTPS and it just use openssl to make a negotiation
and the one last thing is that i have't used of tls-auth option on server
hope some one could help me . . .