Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Openvpn handhake failed

    OpenVPN
    2
    5
    799
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reishiki last edited by

      Hi all!
      I'm trouble with the creation of vpn connection between my personal pc and business network.

      A Ca is yet created so i'm gone to System / Certificate / ManagerCertificates and add a new certificate.
      Next, in System / User Manager / User / i edit my account with the user certificate create above.
      Next, in VPN / OpenVPN / Servers i create a new server:
          Server mode: Remote Access (SSL/TLS + User Auth);
          Protocol: TCP
          Device mode: tun
          Interface: WAN
          Local port: [xxxx]
          Enable authentication of TLS packets: NO
          Peer Certificate Authority: businessCA
          Server certificate: my_certificate (Server: NO, CA: businessCA, In Use)
          DH Parameter length: 2048
          Encryption Algorithm BF-CBC(128-bit)
          Auth digest algorithm: SHA1(160-bit)
          Hardware Crypto: No Hardware Crypto Acceleration
          Certificate Depth: One
          IPv4 Tunnel Network: 10.8.12.0/29 (indicative)
          IPv4 Local network: 192.168.1.0/24 (indicative)
          Concurrent connections: 1
          compression: enabled without Adaptive Compression
          Dynamic IP: NO
          Address Pool: YES
          Topology: net30
          [all other checkbox]: NO
          Verbosity level: 3

      The wizard was opened all poperly port.
      Next i download my certificate, my key and the CA.

      In my personal pc (win10) the file client.ovpn is:
      client
      dev tun
      proto tcp
      remote [business public ip] [xxxx]
      resolv-retry infinite
      nobind
      persist-key
      persist-tun
      ca [businessCA].crt
      cert my_certificate.crt
      key my_key.key
      remote-cert-tls server
      cipher BF-CBC
      comp-lzo
      verb 3
      auth-user-pass

      When i try to connect i put my username and password and then i receive these errors:
      TLS Error: BIO read tls_read_plaintext error
      TLS Error: TLS Object -> Incoming plantext read error
      TLS error: TLS handshake failed
      Fatal TLS error (check_tls_error_co), restarting
      …

      Please help

      1 Reply Last reply Reply Quote 0
      • M
        marvosa last edited by

        reishiki, we need to see more of the log, 4 lines is not going to cut it.

        Also, post your server1.conf

        1 Reply Last reply Reply Quote 0
        • R
          reishiki last edited by

          In /var/etc/openvpn/ i have found server1.conf, server2.conf…server12.conf.
          Which i have to open?

          Please help

          1 Reply Last reply Reply Quote 0
          • R
            reishiki last edited by

            i think this is the right conf

            dev ovpns12
            verb 1
            dev-type tun
            tun-ipv6
            dev-node /dev/tun12
            writepid /var/run/openvpn_server12.pid
            #user nobody
            #group nobody
            script-security 3
            daemon
            keepalive 10 60
            ping-timer-rem
            persist-tun
            persist-key
            proto udp
            cipher BF-CBC
            auth SHA1
            up /usr/local/sbin/ovpn-linkup
            down /usr/local/sbin/ovpn-linkdown
            tls-server
            server 10.8.12.0 255.255.255.248
            client-config-dir /var/etc/openvpn-csc/server12
            tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'Davide.Filippi' 1"
            lport 1194
            management /var/etc/openvpn/server12.sock unix
            push "route 192.168.1.0 255.255.255.0"
            client-to-client
            ca /var/etc/openvpn/server12.ca
            cert /var/etc/openvpn/server12.cert
            key /var/etc/openvpn/server12.key
            dh /etc/dh-parameters.1024
            topology subnet;

            Also, my new ovpn file is
              client
              dev tun
              proto udp
              remote x.x.x.x [port]
              ping 10
              resolv-retry infinite
              nobind
              persist-key
              persist-tun
              ca cacert.crt
              cert mycert.crt
              key mykey.key
              comp-lzo
              pull
              verb 3

            1 Reply Last reply Reply Quote 0
            • M
              marvosa last edited by

              Is your work LAN subnet really 192.168.1.0/24?

              Also, your tunnel network is fairly narrow (/29) which means it can only handle 6 clients max (depending on your topology)… even less if you switch to net30 .. is that what you wanted?  Although, you're not even getting that far, you're having handshake issues... so first... we'll need to see more of the log and second, were the client certs created upon user creation?  If not, that may be your issue.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post