Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS Error: TLS key negotiation failed to occur within 60 seconds and TLS Error: TLS handshake failed

    OpenVPN
    2
    5
    749
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      johnrfb
      last edited by

      Hi everyone,

      I'm using pfsense + openvpn configured in a EC2 instance, but we change instance type and below started occurs when we try to connect using openvpn client.

      My openvpn server config this.:

      Mode.: Remote Access (User Auth)
      Data Ciphers.: AES-256-CBC, AES-256-CFB, AES-256-GCM, AES-128-CBC
      Digest.: SHA256
      D-H Params.: 2048 bits
      Protocol.: UDP4
      Port.: 1194
      Tunnel.: 10.131.x.x/16

      And my vpn log.:

      2023-11-08 08:32:34 us=921000 Current Parameter Settings:
      2023-11-08 08:32:34 us=921000 config = 'myvpn.win.ovpn'
      2023-11-08 08:32:34 us=921000 mode = 0
      2023-11-08 08:32:34 us=921000 show_ciphers = DISABLED
      2023-11-08 08:32:34 us=921000 show_digests = DISABLED
      2023-11-08 08:32:34 us=921000 show_engines = DISABLED
      2023-11-08 08:32:34 us=921000 genkey = DISABLED
      2023-11-08 08:32:34 us=921000 genkey_filename = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 key_pass_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 show_tls_ciphers = DISABLED
      2023-11-08 08:32:34 us=921000 connect_retry_max = 0
      2023-11-08 08:32:34 us=921000 Connection profiles [0]:
      2023-11-08 08:32:34 us=921000 proto = udp4
      2023-11-08 08:32:34 us=921000 local = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 local_port = '0'
      2023-11-08 08:32:34 us=921000 remote = 'myvpn.tech'
      2023-11-08 08:32:34 us=921000 remote_port = '1194'
      2023-11-08 08:32:34 us=921000 remote_float = DISABLED
      2023-11-08 08:32:34 us=921000 bind_defined = DISABLED
      2023-11-08 08:32:34 us=921000 bind_local = ENABLED
      2023-11-08 08:32:34 us=921000 bind_ipv6_only = DISABLED
      2023-11-08 08:32:34 us=921000 connect_retry_seconds = 5
      2023-11-08 08:32:34 us=921000 connect_timeout = 120
      2023-11-08 08:32:34 us=921000 socks_proxy_server = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 socks_proxy_port = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 tun_mtu = 1500
      2023-11-08 08:32:34 us=921000 tun_mtu_defined = ENABLED
      2023-11-08 08:32:34 us=921000 link_mtu = 1500
      2023-11-08 08:32:34 us=921000 link_mtu_defined = DISABLED
      2023-11-08 08:32:34 us=921000 tun_mtu_extra = 0
      2023-11-08 08:32:34 us=921000 tun_mtu_extra_defined = DISABLED
      2023-11-08 08:32:34 us=921000 mtu_discover_type = -1
      2023-11-08 08:32:34 us=921000 fragment = 0
      2023-11-08 08:32:34 us=921000 mssfix = 1450
      2023-11-08 08:32:34 us=921000 explicit_exit_notification = 1
      2023-11-08 08:32:34 us=921000 tls_auth_file = '[INLINE]'
      2023-11-08 08:32:34 us=921000 key_direction = 1
      2023-11-08 08:32:34 us=921000 tls_crypt_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 tls_crypt_v2_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 Connection profiles END
      2023-11-08 08:32:34 us=921000 remote_random = DISABLED
      2023-11-08 08:32:34 us=921000 ipchange = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 dev = 'tun'
      2023-11-08 08:32:34 us=921000 dev_type = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 dev_node = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 lladdr = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 topology = 1
      2023-11-08 08:32:34 us=921000 ifconfig_local = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 ifconfig_remote_netmask = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 ifconfig_noexec = DISABLED
      2023-11-08 08:32:34 us=921000 ifconfig_nowarn = DISABLED
      2023-11-08 08:32:34 us=921000 ifconfig_ipv6_local = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 ifconfig_ipv6_netbits = 0
      2023-11-08 08:32:34 us=921000 ifconfig_ipv6_remote = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 shaper = 0
      2023-11-08 08:32:34 us=921000 mtu_test = 0
      2023-11-08 08:32:34 us=921000 mlock = DISABLED
      2023-11-08 08:32:34 us=921000 keepalive_ping = 0
      2023-11-08 08:32:34 us=921000 keepalive_timeout = 0
      2023-11-08 08:32:34 us=921000 inactivity_timeout = 0
      2023-11-08 08:32:34 us=921000 inactivity_minimum_bytes = 0
      2023-11-08 08:32:34 us=921000 ping_send_timeout = 0
      2023-11-08 08:32:34 us=921000 ping_rec_timeout = 0
      2023-11-08 08:32:34 us=921000 ping_rec_timeout_action = 0
      2023-11-08 08:32:34 us=921000 ping_timer_remote = DISABLED
      2023-11-08 08:32:34 us=921000 remap_sigusr1 = 0
      2023-11-08 08:32:34 us=921000 persist_tun = ENABLED
      2023-11-08 08:32:34 us=921000 persist_local_ip = DISABLED
      2023-11-08 08:32:34 us=921000 persist_remote_ip = DISABLED
      2023-11-08 08:32:34 us=921000 persist_key = ENABLED
      2023-11-08 08:32:34 us=921000 passtos = DISABLED
      2023-11-08 08:32:34 us=921000 resolve_retry_seconds = 1000000000
      2023-11-08 08:32:34 us=921000 resolve_in_advance = DISABLED
      2023-11-08 08:32:34 us=921000 username = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 groupname = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 chroot_dir = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 cd_dir = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 writepid = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 up_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 down_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 down_pre = DISABLED
      2023-11-08 08:32:34 us=921000 up_restart = DISABLED
      2023-11-08 08:32:34 us=921000 up_delay = DISABLED
      2023-11-08 08:32:34 us=921000 daemon = DISABLED
      2023-11-08 08:32:34 us=921000 inetd = 0
      2023-11-08 08:32:34 us=921000 log = ENABLED
      2023-11-08 08:32:34 us=921000 suppress_timestamps = DISABLED
      2023-11-08 08:32:34 us=921000 machine_readable_output = DISABLED
      2023-11-08 08:32:34 us=921000 nice = 0
      2023-11-08 08:32:34 us=921000 verbosity = 4
      2023-11-08 08:32:34 us=921000 mute = 0
      2023-11-08 08:32:34 us=921000 status_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 status_file_version = 1
      2023-11-08 08:32:34 us=921000 status_file_update_freq = 60
      2023-11-08 08:32:34 us=921000 occ = ENABLED
      2023-11-08 08:32:34 us=921000 rcvbuf = 0
      2023-11-08 08:32:34 us=921000 sndbuf = 0
      2023-11-08 08:32:34 us=921000 sockflags = 0
      2023-11-08 08:32:34 us=921000 fast_io = DISABLED
      2023-11-08 08:32:34 us=921000 comp.alg = 0
      2023-11-08 08:32:34 us=921000 comp.flags = 0
      2023-11-08 08:32:34 us=921000 route_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 route_default_gateway = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 route_default_metric = 0
      2023-11-08 08:32:34 us=921000 route_noexec = DISABLED
      2023-11-08 08:32:34 us=921000 route_delay = 1
      2023-11-08 08:32:34 us=921000 route_delay_window = 3
      2023-11-08 08:32:34 us=921000 route_delay_defined = ENABLED
      2023-11-08 08:32:34 us=921000 route_nopull = DISABLED
      2023-11-08 08:32:34 us=921000 route_gateway_via_dhcp = DISABLED
      2023-11-08 08:32:34 us=921000 allow_pull_fqdn = DISABLED
      2023-11-08 08:32:34 us=921000 Pull filters:
      2023-11-08 08:32:34 us=921000 ignore "route-method"
      2023-11-08 08:32:34 us=921000 management_addr = '127.0.0.1'
      2023-11-08 08:32:34 us=921000 management_port = '25340'
      2023-11-08 08:32:34 us=921000 management_user_pass = 'stdin'
      2023-11-08 08:32:34 us=921000 management_log_history_cache = 250
      2023-11-08 08:32:34 us=921000 management_echo_buffer_size = 100
      2023-11-08 08:32:34 us=921000 management_write_peer_info_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 management_client_user = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 management_client_group = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 management_flags = 6
      2023-11-08 08:32:34 us=921000 shared_secret_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 key_direction = 1
      2023-11-08 08:32:34 us=921000 ciphername = 'AES-128-CBC'
      2023-11-08 08:32:34 us=921000 ncp_enabled = ENABLED
      2023-11-08 08:32:34 us=921000 ncp_ciphers = 'AES-256-CBC:AES-256-CFB:AES-256-GCM:AES-128-CBC'
      2023-11-08 08:32:34 us=921000 authname = 'SHA256'
      2023-11-08 08:32:34 us=921000 prng_hash = 'SHA1'
      2023-11-08 08:32:34 us=921000 prng_nonce_secret_len = 16
      2023-11-08 08:32:34 us=921000 keysize = 0
      2023-11-08 08:32:34 us=921000 engine = DISABLED
      2023-11-08 08:32:34 us=921000 replay = ENABLED
      2023-11-08 08:32:34 us=921000 mute_replay_warnings = DISABLED
      2023-11-08 08:32:34 us=921000 replay_window = 64
      2023-11-08 08:32:34 us=921000 replay_time = 15
      2023-11-08 08:32:34 us=921000 packet_id_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 test_crypto = DISABLED
      2023-11-08 08:32:34 us=921000 tls_server = DISABLED
      2023-11-08 08:32:34 us=921000 tls_client = ENABLED
      2023-11-08 08:32:34 us=921000 ca_file = 'C:\Program Files\OpenVPN\config\myvpn.tech-ca.crt'
      2023-11-08 08:32:34 us=921000 ca_path = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 dh_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 cert_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 extra_certs_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 priv_key_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 pkcs12_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 cryptoapi_cert = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 cipher_list = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 cipher_list_tls13 = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 tls_cert_profile = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 tls_verify = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 tls_export_cert = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 verify_x509_type = 0
      2023-11-08 08:32:34 us=921000 verify_x509_name = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 crl_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 ns_cert_type = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 65535
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_ku[i] = 0
      2023-11-08 08:32:34 us=921000 remote_cert_eku = 'TLS Web Server Authentication'
      2023-11-08 08:32:34 us=921000 ssl_flags = 0
      2023-11-08 08:32:34 us=921000 tls_timeout = 2
      2023-11-08 08:32:34 us=921000 renegotiate_bytes = -1
      2023-11-08 08:32:34 us=921000 renegotiate_packets = 0
      2023-11-08 08:32:34 us=921000 renegotiate_seconds = 0
      2023-11-08 08:32:34 us=921000 handshake_window = 60
      2023-11-08 08:32:34 us=921000 transition_window = 3600
      2023-11-08 08:32:34 us=921000 single_session = DISABLED
      2023-11-08 08:32:34 us=921000 push_peer_info = DISABLED
      2023-11-08 08:32:34 us=921000 tls_exit = DISABLED
      2023-11-08 08:32:34 us=921000 tls_crypt_v2_metadata = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_protected_authentication = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_private_mode = 00000000
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_cert_private = DISABLED
      2023-11-08 08:32:34 us=921000 pkcs11_pin_cache_period = -1
      2023-11-08 08:32:34 us=921000 pkcs11_id = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 pkcs11_id_management = DISABLED
      2023-11-08 08:32:34 us=921000 server_network = 0.0.0.0
      2023-11-08 08:32:34 us=921000 server_netmask = 0.0.0.0
      2023-11-08 08:32:34 us=921000 server_network_ipv6 = ::
      2023-11-08 08:32:34 us=921000 server_netbits_ipv6 = 0
      2023-11-08 08:32:34 us=921000 server_bridge_ip = 0.0.0.0
      2023-11-08 08:32:34 us=921000 server_bridge_netmask = 0.0.0.0
      2023-11-08 08:32:34 us=921000 server_bridge_pool_start = 0.0.0.0
      2023-11-08 08:32:34 us=921000 server_bridge_pool_end = 0.0.0.0
      2023-11-08 08:32:34 us=921000 ifconfig_pool_defined = DISABLED
      2023-11-08 08:32:34 us=921000 ifconfig_pool_start = 0.0.0.0
      2023-11-08 08:32:34 us=921000 ifconfig_pool_end = 0.0.0.0
      2023-11-08 08:32:34 us=921000 ifconfig_pool_netmask = 0.0.0.0
      2023-11-08 08:32:34 us=921000 ifconfig_pool_persist_filename = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 ifconfig_pool_persist_refresh_freq = 600
      2023-11-08 08:32:34 us=921000 ifconfig_ipv6_pool_defined = DISABLED
      2023-11-08 08:32:34 us=921000 ifconfig_ipv6_pool_base = ::
      2023-11-08 08:32:34 us=921000 ifconfig_ipv6_pool_netbits = 0
      2023-11-08 08:32:34 us=921000 n_bcast_buf = 256
      2023-11-08 08:32:34 us=921000 tcp_queue_limit = 64
      2023-11-08 08:32:34 us=921000 real_hash_size = 256
      2023-11-08 08:32:34 us=921000 virtual_hash_size = 256
      2023-11-08 08:32:34 us=921000 client_connect_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 learn_address_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 client_disconnect_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 client_config_dir = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 ccd_exclusive = DISABLED
      2023-11-08 08:32:34 us=921000 tmp_dir = 'C:\Users\MyUser\AppData\Local\Temp'
      2023-11-08 08:32:34 us=921000 push_ifconfig_defined = DISABLED
      2023-11-08 08:32:34 us=921000 push_ifconfig_local = 0.0.0.0
      2023-11-08 08:32:34 us=921000 push_ifconfig_remote_netmask = 0.0.0.0
      2023-11-08 08:32:34 us=921000 push_ifconfig_ipv6_defined = DISABLED
      2023-11-08 08:32:34 us=921000 push_ifconfig_ipv6_local = ::/0
      2023-11-08 08:32:34 us=921000 push_ifconfig_ipv6_remote = ::
      2023-11-08 08:32:34 us=921000 enable_c2c = DISABLED
      2023-11-08 08:32:34 us=921000 duplicate_cn = DISABLED
      2023-11-08 08:32:34 us=921000 cf_max = 0
      2023-11-08 08:32:34 us=921000 cf_per = 0
      2023-11-08 08:32:34 us=921000 max_clients = 1024
      2023-11-08 08:32:34 us=921000 max_routes_per_client = 256
      2023-11-08 08:32:34 us=921000 auth_user_pass_verify_script = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 auth_user_pass_verify_script_via_file = DISABLED
      2023-11-08 08:32:34 us=921000 auth_token_generate = DISABLED
      2023-11-08 08:32:34 us=921000 auth_token_lifetime = 0
      2023-11-08 08:32:34 us=921000 auth_token_secret_file = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 vlan_tagging = DISABLED
      2023-11-08 08:32:34 us=921000 vlan_accept = all
      2023-11-08 08:32:34 us=921000 vlan_pvid = 1
      2023-11-08 08:32:34 us=921000 client = ENABLED
      2023-11-08 08:32:34 us=921000 pull = ENABLED
      2023-11-08 08:32:34 us=921000 auth_user_pass_file = 'stdin'
      2023-11-08 08:32:34 us=921000 show_net_up = DISABLED
      2023-11-08 08:32:34 us=921000 route_method = 3
      2023-11-08 08:32:34 us=921000 block_outside_dns = DISABLED
      2023-11-08 08:32:34 us=921000 ip_win32_defined = ENABLED
      2023-11-08 08:32:34 us=921000 ip_win32_type = 1
      2023-11-08 08:32:34 us=921000 dhcp_masq_offset = 0
      2023-11-08 08:32:34 us=921000 dhcp_lease_time = 31536000
      2023-11-08 08:32:34 us=921000 tap_sleep = 10
      2023-11-08 08:32:34 us=921000 dhcp_options = DISABLED
      2023-11-08 08:32:34 us=921000 dhcp_renew = DISABLED
      2023-11-08 08:32:34 us=921000 dhcp_pre_release = DISABLED
      2023-11-08 08:32:34 us=921000 domain = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 netbios_scope = '[UNDEF]'
      2023-11-08 08:32:34 us=921000 netbios_node_type = 0
      2023-11-08 08:32:34 us=921000 disable_nbt = DISABLED
      2023-11-08 08:32:34 us=921000 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
      2023-11-08 08:32:34 us=921000 Windows version 10.0 (Windows 10 or greater) 64bit
      2023-11-08 08:32:34 us=921000 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
      2023-11-08 08:32:34 us=921000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
      2023-11-08 08:32:34 us=921000 Need hold release from management interface, waiting...
      2023-11-08 08:32:35 us=312000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
      2023-11-08 08:32:35 us=421000 MANAGEMENT: CMD 'state on'
      2023-11-08 08:32:35 us=437000 MANAGEMENT: CMD 'log on all'
      2023-11-08 08:32:36 us=62000 MANAGEMENT: CMD 'echo on all'
      2023-11-08 08:32:36 us=78000 MANAGEMENT: CMD 'bytecount 5'
      2023-11-08 08:32:36 us=93000 MANAGEMENT: CMD 'state'
      2023-11-08 08:32:36 us=93000 MANAGEMENT: CMD 'hold off'
      2023-11-08 08:32:36 us=93000 MANAGEMENT: CMD 'hold release'
      2023-11-08 08:34:39 us=125000 MANAGEMENT: CMD 'username "Auth" "johnrfb"'
      2023-11-08 08:34:39 us=140000 MANAGEMENT: CMD 'password [...]'
      2023-11-08 08:34:39 us=140000 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
      2023-11-08 08:34:39 us=140000 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
      2023-11-08 08:34:39 us=140000 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
      2023-11-08 08:34:39 us=140000 MANAGEMENT: >STATE:1699443279,RESOLVE,,,,,,
      2023-11-08 08:34:39 us=156000 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
      2023-11-08 08:34:39 us=156000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
      2023-11-08 08:34:39 us=156000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
      2023-11-08 08:34:39 us=156000 TCP/UDP: Preserving recently used remote address: [AF_INET]18.232.133.247:1194
      2023-11-08 08:34:39 us=156000 Socket Buffers: R=[65536->65536] S=[65536->65536]
      2023-11-08 08:34:39 us=156000 UDPv4 link local (bound): [AF_INET][undef]:0
      2023-11-08 08:34:39 us=156000 UDPv4 link remote: [AF_INET]18.232.133.247:1194
      2023-11-08 08:34:39 us=156000 MANAGEMENT: >STATE:1699443279,WAIT,,,,,,
      2023-11-08 08:35:40 us=218000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      2023-11-08 08:35:40 us=218000 TLS Error: TLS handshake failed
      2023-11-08 08:35:40 us=218000 TCP/UDP: Closing socket
      2023-11-08 08:35:40 us=218000 SIGUSR1[soft,tls-error] received, process restarting
      2023-11-08 08:35:40 us=218000 MANAGEMENT: >STATE:1699443340,RECONNECTING,tls-error,,,,,
      2023-11-08 08:35:40 us=218000 Restart pause, 5 second(s)
      2023-11-08 08:35:45 us=265000 Re-using SSL/TLS context
      2023-11-08 08:35:45 us=265000 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
      2023-11-08 08:35:45 us=265000 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
      2023-11-08 08:35:45 us=265000 Control Channel MTU parms [ L:1621 D:1172 EF:78 EB:0 ET:0 EL:3 ]
      2023-11-08 08:35:45 us=265000 MANAGEMENT: >STATE:1699443345,RESOLVE,,,,,,
      2023-11-08 08:35:45 us=265000 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
      2023-11-08 08:35:45 us=265000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client'
      2023-11-08 08:35:45 us=265000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server'
      2023-11-08 08:35:45 us=265000 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
      2023-11-08 08:35:45 us=265000 Socket Buffers: R=[65536->65536] S=[65536->65536]
      2023-11-08 08:35:45 us=265000 UDPv4 link local (bound): [AF_INET][undef]:0
      2023-11-08 08:35:45 us=265000 UDPv4 link remote: [AF_INET]x.x.x.x:1194
      2023-11-08 08:35:45 us=265000 MANAGEMENT: >STATE:1699443345,WAIT,,,,,,

      Please, could you help me identify the problem and fix it?

      Thanks,
      JohnRFB

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @johnrfb
        last edited by

        @johnrfb
        This error could indicate that the client is not able to reach the server at UDPv4 port 1194. Could be something wrong anywhere in the network path or a missing firewall rule or fortwarding at the server site.

        If all rules and forwardings are good I'd check if the OpenVPN packets even arrive at the server WAN interface by sniffing the traffic to investigate the issue.

        J 1 Reply Last reply Reply Quote 0
        • J
          johnrfb @viragomann
          last edited by

          @viragomann
          Unfortunately it didn't work, the error continues =/ and my LAN Interface is status.: Unknown <full-duplex> 10.129.51.54

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @johnrfb
            last edited by

            @johnrfb said in TLS Error: TLS key negotiation failed to occur within 60 seconds and TLS Error: TLS handshake failed:

            Unfortunately it didn't work, the error continues

            I didn't expect it to work, since I didn't give a solution. There are multiple possible reasons for your issue and you have to find out which. I just advised investigation methods.

            J 1 Reply Last reply Reply Quote 0
            • J
              johnrfb @viragomann
              last edited by

              @viragomann

              Thanks Virago, the error is because a DNS problem, we fix it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.