Openvpn handhake failed



  • Hi all!
    I'm trouble with the creation of vpn connection between my personal pc and business network.

    A Ca is yet created so i'm gone to System / Certificate / ManagerCertificates and add a new certificate.
    Next, in System / User Manager / User / i edit my account with the user certificate create above.
    Next, in VPN / OpenVPN / Servers i create a new server:
        Server mode: Remote Access (SSL/TLS + User Auth);
        Protocol: TCP
        Device mode: tun
        Interface: WAN
        Local port: [xxxx]
        Enable authentication of TLS packets: NO
        Peer Certificate Authority: businessCA
        Server certificate: my_certificate (Server: NO, CA: businessCA, In Use)
        DH Parameter length: 2048
        Encryption Algorithm BF-CBC(128-bit)
        Auth digest algorithm: SHA1(160-bit)
        Hardware Crypto: No Hardware Crypto Acceleration
        Certificate Depth: One
        IPv4 Tunnel Network: 10.8.12.0/29 (indicative)
        IPv4 Local network: 192.168.1.0/24 (indicative)
        Concurrent connections: 1
        compression: enabled without Adaptive Compression
        Dynamic IP: NO
        Address Pool: YES
        Topology: net30
        [all other checkbox]: NO
        Verbosity level: 3

    The wizard was opened all poperly port.
    Next i download my certificate, my key and the CA.

    In my personal pc (win10) the file client.ovpn is:
    client
    dev tun
    proto tcp
    remote [business public ip] [xxxx]
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ca [businessCA].crt
    cert my_certificate.crt
    key my_key.key
    remote-cert-tls server
    cipher BF-CBC
    comp-lzo
    verb 3
    auth-user-pass

    When i try to connect i put my username and password and then i receive these errors:
    TLS Error: BIO read tls_read_plaintext error
    TLS Error: TLS Object -> Incoming plantext read error
    TLS error: TLS handshake failed
    Fatal TLS error (check_tls_error_co), restarting

    Please help



  • reishiki, we need to see more of the log, 4 lines is not going to cut it.

    Also, post your server1.conf



  • In /var/etc/openvpn/ i have found server1.conf, server2.conf…server12.conf.
    Which i have to open?

    Please help



  • i think this is the right conf

    dev ovpns12
    verb 1
    dev-type tun
    tun-ipv6
    dev-node /dev/tun12
    writepid /var/run/openvpn_server12.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto udp
    cipher BF-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    tls-server
    server 10.8.12.0 255.255.255.248
    client-config-dir /var/etc/openvpn-csc/server12
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'Davide.Filippi' 1"
    lport 1194
    management /var/etc/openvpn/server12.sock unix
    push "route 192.168.1.0 255.255.255.0"
    client-to-client
    ca /var/etc/openvpn/server12.ca
    cert /var/etc/openvpn/server12.cert
    key /var/etc/openvpn/server12.key
    dh /etc/dh-parameters.1024
    topology subnet;

    Also, my new ovpn file is
      client
      dev tun
      proto udp
      remote x.x.x.x [port]
      ping 10
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca cacert.crt
      cert mycert.crt
      key mykey.key
      comp-lzo
      pull
      verb 3



  • Is your work LAN subnet really 192.168.1.0/24?

    Also, your tunnel network is fairly narrow (/29) which means it can only handle 6 clients max (depending on your topology)… even less if you switch to net30 .. is that what you wanted?  Although, you're not even getting that far, you're having handshake issues... so first... we'll need to see more of the log and second, were the client certs created upon user creation?  If not, that may be your issue.


Log in to reply