1
18.1 Legacy Series / TLS Error: TLS handshake failed
« on: March 21, 2018, 01:49:10 pm »
Hello everyone.
I'm new to this world so please be pattient
I have a private server in the cloud in a company that uses OPNSense firewall, so with the help of this tutorial (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html) I configured an OpenVPN Server. It worked like a charm.
Now without anyone making any change it just stopped working, I can't connect to the openvpn Server. I already reconfigured the server, changed to TCP, restarted the firewall/daemon, turned off the firewall on the client side, experimented on another pc or network, but nothing, it just doesn't connect. Ohhh and I also updated OpenVPN GUI. Can you guys please help me with this? I just don't know what to do next, this is just wierd.
This is my config file:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote 62.xx.xxx.xxx 1194 udp
lport 0
verify-x509-name "SSLVPN Server Certificate" name
pkcs12 100001402-CloudWall-udp-1194-xxxxxx.p12
tls-auth 100001402-CloudWall-udp-1194-xxxxxx-tls.key 1
ns-cert-type server
comp-lzo adaptive
Client log file:
Wed Mar 21 12:44:31 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Wed Mar 21 12:44:31 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Mar 21 12:44:31 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Wed Mar 21 12:44:32 2018 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Wed Mar 21 12:44:32 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]62.28.222.252:1194
Wed Mar 21 12:44:32 2018 UDP link local (bound): [AF_INET][undef]:0
Wed Mar 21 12:44:32 2018 UDP link remote: [AF_INET]62.28.222.252:1194
Wed Mar 21 12:45:32 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Mar 21 12:45:32 2018 TLS Error: TLS handshake failed
Wed Mar 21 12:45:32 2018 SIGUSR1[soft,tls-error] received, process restarting
OpenVPN Log:
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: CMD 'quit'
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: CMD 'quit'
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:43:26 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:43:26 openvpn[2342]: MANAGEMENT: CMD 'quit'
Mar 21 12:43:26 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:43:25 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:42:49 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:42:49 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:42:49 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:42:24 openvpn[2342]: MANAGEMENT: Client disconnected.
I'm new to this world so please be pattient
I have a private server in the cloud in a company that uses OPNSense firewall, so with the help of this tutorial (https://docs.opnsense.org/manual/how-tos/sslvpn_client.html) I configured an OpenVPN Server. It worked like a charm.
Now without anyone making any change it just stopped working, I can't connect to the openvpn Server. I already reconfigured the server, changed to TCP, restarted the firewall/daemon, turned off the firewall on the client side, experimented on another pc or network, but nothing, it just doesn't connect. Ohhh and I also updated OpenVPN GUI. Can you guys please help me with this? I just don't know what to do next, this is just wierd.
This is my config file:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote 62.xx.xxx.xxx 1194 udp
lport 0
verify-x509-name "SSLVPN Server Certificate" name
pkcs12 100001402-CloudWall-udp-1194-xxxxxx.p12
tls-auth 100001402-CloudWall-udp-1194-xxxxxx-tls.key 1
ns-cert-type server
comp-lzo adaptive
Client log file:
Wed Mar 21 12:44:31 2018 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 1 2018
Wed Mar 21 12:44:31 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Mar 21 12:44:31 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10
Wed Mar 21 12:44:32 2018 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Wed Mar 21 12:44:32 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]62.28.222.252:1194
Wed Mar 21 12:44:32 2018 UDP link local (bound): [AF_INET][undef]:0
Wed Mar 21 12:44:32 2018 UDP link remote: [AF_INET]62.28.222.252:1194
Wed Mar 21 12:45:32 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Mar 21 12:45:32 2018 TLS Error: TLS handshake failed
Wed Mar 21 12:45:32 2018 SIGUSR1[soft,tls-error] received, process restarting
OpenVPN Log:
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: CMD 'quit'
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:45:29 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: CMD 'quit'
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:44:27 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:43:26 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:43:26 openvpn[2342]: MANAGEMENT: CMD 'quit'
Mar 21 12:43:26 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:43:25 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:42:49 openvpn[2342]: MANAGEMENT: Client disconnected
Mar 21 12:42:49 openvpn[2342]: MANAGEMENT: CMD 'status 2'
Mar 21 12:42:49 openvpn[2342]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Mar 21 12:42:24 openvpn[2342]: MANAGEMENT: Client disconnected.