Openvpn handhake failed
I'm trouble with the creation of vpn connection between my personal pc and business network.
A Ca is yet created so i'm gone to System / Certificate / ManagerCertificates and add a new certificate.
Next, in System / User Manager / User / i edit my account with the user certificate create above.
Next, in VPN / OpenVPN / Servers i create a new server:
Server mode: Remote Access (SSL/TLS + User Auth);
Device mode: tun
Local port: [xxxx]
Enable authentication of TLS packets: NO
Peer Certificate Authority: businessCA
Server certificate: my_certificate (Server: NO, CA: businessCA, In Use)
DH Parameter length: 2048
Encryption Algorithm BF-CBC(128-bit)
Auth digest algorithm: SHA1(160-bit)
Hardware Crypto: No Hardware Crypto Acceleration
Certificate Depth: One
IPv4 Tunnel Network: 10.8.12.0/29 (indicative)
IPv4 Local network: 192.168.1.0/24 (indicative)
Concurrent connections: 1
compression: enabled without Adaptive Compression
Dynamic IP: NO
Address Pool: YES
[all other checkbox]: NO
Verbosity level: 3
The wizard was opened all poperly port.
Next i download my certificate, my key and the CA.
In my personal pc (win10) the file client.ovpn is:
remote [business public ip] [xxxx]
When i try to connect i put my username and password and then i receive these errors:
TLS Error: BIO read tls_read_plaintext error
TLS Error: TLS Object -> Incoming plantext read error
TLS error: TLS handshake failed
Fatal TLS error (check_tls_error_co), restarting
marvosa last edited by
reishiki, we need to see more of the log, 4 lines is not going to cut it.
Also, post your server1.conf
In /var/etc/openvpn/ i have found server1.conf, server2.conf…server12.conf.
Which i have to open?
i think this is the right conf
keepalive 10 60
server 10.8.12.0 255.255.255.248
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'Davide.Filippi' 1"
management /var/etc/openvpn/server12.sock unix
push "route 192.168.1.0 255.255.255.0"
Also, my new ovpn file is
remote x.x.x.x [port]
marvosa last edited by
Is your work LAN subnet really 192.168.1.0/24?
Also, your tunnel network is fairly narrow (/29) which means it can only handle 6 clients max (depending on your topology)… even less if you switch to net30 .. is that what you wanted? Although, you're not even getting that far, you're having handshake issues... so first... we'll need to see more of the log and second, were the client certs created upon user creation? If not, that may be your issue.