Openvpn handhake failed
-
Hi all!
I'm trouble with the creation of vpn connection between my personal pc and business network.A Ca is yet created so i'm gone to System / Certificate / ManagerCertificates and add a new certificate.
Next, in System / User Manager / User / i edit my account with the user certificate create above.
Next, in VPN / OpenVPN / Servers i create a new server:
Server mode: Remote Access (SSL/TLS + User Auth);
Protocol: TCP
Device mode: tun
Interface: WAN
Local port: [xxxx]
Enable authentication of TLS packets: NO
Peer Certificate Authority: businessCA
Server certificate: my_certificate (Server: NO, CA: businessCA, In Use)
DH Parameter length: 2048
Encryption Algorithm BF-CBC(128-bit)
Auth digest algorithm: SHA1(160-bit)
Hardware Crypto: No Hardware Crypto Acceleration
Certificate Depth: One
IPv4 Tunnel Network: 10.8.12.0/29 (indicative)
IPv4 Local network: 192.168.1.0/24 (indicative)
Concurrent connections: 1
compression: enabled without Adaptive Compression
Dynamic IP: NO
Address Pool: YES
Topology: net30
[all other checkbox]: NO
Verbosity level: 3The wizard was opened all poperly port.
Next i download my certificate, my key and the CA.In my personal pc (win10) the file client.ovpn is:
client
dev tun
proto tcp
remote [business public ip] [xxxx]
resolv-retry infinite
nobind
persist-key
persist-tun
ca [businessCA].crt
cert my_certificate.crt
key my_key.key
remote-cert-tls server
cipher BF-CBC
comp-lzo
verb 3
auth-user-passWhen i try to connect i put my username and password and then i receive these errors:
TLS Error: BIO read tls_read_plaintext error
TLS Error: TLS Object -> Incoming plantext read error
TLS error: TLS handshake failed
Fatal TLS error (check_tls_error_co), restarting
…Please help
-
reishiki, we need to see more of the log, 4 lines is not going to cut it.
Also, post your server1.conf
-
In /var/etc/openvpn/ i have found server1.conf, server2.conf…server12.conf.
Which i have to open?Please help
-
i think this is the right conf
dev ovpns12
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun12
writepid /var/run/openvpn_server12.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher BF-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
tls-server
server 10.8.12.0 255.255.255.248
client-config-dir /var/etc/openvpn-csc/server12
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'Davide.Filippi' 1"
lport 1194
management /var/etc/openvpn/server12.sock unix
push "route 192.168.1.0 255.255.255.0"
client-to-client
ca /var/etc/openvpn/server12.ca
cert /var/etc/openvpn/server12.cert
key /var/etc/openvpn/server12.key
dh /etc/dh-parameters.1024
topology subnet;Also, my new ovpn file is
client
dev tun
proto udp
remote x.x.x.x [port]
ping 10
resolv-retry infinite
nobind
persist-key
persist-tun
ca cacert.crt
cert mycert.crt
key mykey.key
comp-lzo
pull
verb 3
-
Is your work LAN subnet really 192.168.1.0/24?
Also, your tunnel network is fairly narrow (/29) which means it can only handle 6 clients max (depending on your topology)… even less if you switch to net30 .. is that what you wanted? Although, you're not even getting that far, you're having handshake issues... so first... we'll need to see more of the log and second, were the client certs created upon user creation? If not, that may be your issue.