OpenVPN Server connect issues after 2.5.1 update - TLS Handshake

paoloest

Hey all,

I have read a dozen posts but I haven't found a solution.

I have updated to 2.5.1 on Friday - until then my openvpn server worked just fine for 1,5 years. until now

any help is highly appreciated. thanks a lot

the syslog for openvpn while connection:

my config:

vinceent

@paoloest
Exactcly same problem i have with pfsense after update !!!
And i no found solution :-((
I appreciates if exists one solution for this !!

Tnx

paoloest

I am desperate! I cannot use the openvpn server anymore. I have tried to completely setup the server from scratch without luck

Any solution hints would be highly appreciated

gbitglenn

Is the OpenVPN service running?

Go to the PFSense dashboard, and if not already there, add the Services Status widget and see. If it's not running, see this post: [https://forum.netgate.com/topic/164784/openvpn-service-won-t-start-error-1-mobile-clients-can-t-connect](link url)

It's not your exact problem since I see you're not using custom commands, but it should at least point you on where to troubleshoot.

paoloest

@gbitglenn

"unfortunately" it is running. :( with a green check

viragomann

@paoloest
Did you export an new configuration package for the client and install it?

paoloest

@viragomann said in OpenVPN Server connect issues after 2.5.1 update - TLS Handshake:

an new configuration package for the client and install it?

yes, several times. with the client exporter

viragomann

@paoloest
I believe, there were some thread here solved by unchecking "Data Encryption Negotiation". Maybe give it a try.

vinceent

i use 3 servers with pfsense
1 is server-vpn
2 is client-vpn
3 client-vpn
all have installed pfsense and use Mode: Peer to Peer ( SSL/TLS ) and after update VPN disconected and no connect again ... all have TUN option enabled.

Jul 2 12:51:36 openvpn 20529 92.84.56.226:59685 TLS Error: TLS handshake failed
Jul 2 12:51:36 openvpn 20529 92.84.56.226:59685 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 2 12:49:29 openvpn 20529 Initialization Sequence Completed
Jul 2 12:49:29 openvpn 20529 UDPv4 link remote: [AF_UNSPEC]
Jul 2 12:49:29 openvpn 20529 UDPv4 link local (bound): [AF_INET]127.0.0.1:44441
Jul 2 12:49:29 openvpn 20529 /usr/local/sbin/ovpn-linkup ovpns3 1500 1622 10.1.1.1 255.255.255.0 init
Jul 2 12:49:29 openvpn 20529 /sbin/ifconfig ovpns3 10.1.1.1 10.1.1.2 mtu 1500 netmask 255.255.255.0 up
Jul 2 12:49:29 openvpn 20529 TUN/TAP device /dev/tun3 opened
Jul 2 12:49:29 openvpn 20529 TUN/TAP device ovpns3 exists previously, keep at program end
Jul 2 12:49:29 openvpn 20529 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 2 12:49:29 openvpn 20529 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 2 12:49:29 openvpn 20529 WARNING: experimental option --capath /var/etc/openvpn/server3/ca
Jul 2 12:49:29 openvpn 20529 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 2 12:49:29 openvpn 20366 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
Jul 2 12:49:29 openvpn 20366 OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 5 2021
Jul 2 12:49:29 openvpn 20366 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

In dashboard i see this in VON category: UNDEF IP:30965