TLS Error: TLS Key negotiation failed to occur within 60 seconds

mrito

Hi All,
We are having trouble with our OpenVPN connection. I can connect with OpenVPN when I'm accessing it within the Philippines but when somebody access it outside our country, they were unable to connect. Please see the error they encounter on the Server:
Mar 10 12:07:40 openvpn 49540 175.45.73.99:60665 TLS Error: TLS handshake failed
Mar 10 12:07:40 openvpn 49540 175.45.73.99:60665 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 10 12:07:31 openvpn 49540 175.45.73.99:50881 TLS Error: TLS handshake failed
Mar 10 12:07:31 openvpn 49540 175.45.73.99:50881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 10 12:07:20 openvpn 49540 175.45.73.99:60232 TLS Error: TLS handshake failed
Mar 10 12:07:20 openvpn 49540 175.45.73.99:60232 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 10 12:07:11 openvpn 49540 175.45.73.99:60665 write UDPv4: No buffer space available (code=55)
Mar 10 12:07:10 openvpn 49540 175.45.73.99:51005 TLS Error: TLS handshake failed
Mar 10 12:07:10 openvpn 49540 175.45.73.99:51005 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Thanks,
Malvin

viragomann

I guess these log massages are from the client, not from the server.

This error is logged on the client if the server is not reachable from it. So check the connection. Maybe a country blocker (pfBlockeNG) or the port is blocked by the clients ISP?

mrito

Hi viragomann,
This error came from the client, no PFBlocker is implemented on the Server. 2 of our user connection via WiFi from China and Australia is having connection issue.

vinceent

@mrito Jul 2 12:41:01 openvpn 43855 ip:33556 TLS Error: TLS handshake failed
Jul 2 12:41:01 openvpn 43855 ip:33556 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 2 12:39:04 openvpn 66093 Initialization Sequence Completed
Jul 2 12:39:04 openvpn 66093 UDPv4 link remote: [AF_UNSPEC]
Jul 2 12:39:04 openvpn 66093 UDPv4 link local (bound): [AF_INET]127.0.0.1:44441
Jul 2 12:39:04 openvpn 66093 /usr/local/sbin/ovpn-linkup ovpns3 1500 1622 10.1.1.1 255.255.255.0 init
Jul 2 12:39:04 openvpn 66093 /sbin/ifconfig ovpns3 10.1.1.1 10.1.1.2 mtu 1500 netmask 255.255.255.0 up
Jul 2 12:39:04 openvpn 66093 TUN/TAP device /dev/tun3 opened
Jul 2 12:39:04 openvpn 66093 TUN/TAP device ovpns3 exists previously, keep at program end
Jul 2 12:39:04 openvpn 66093 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 2 12:39:04 openvpn 66093 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 2 12:39:04 openvpn 66093 WARNING: experimental option --capath /var/etc/openvpn/server3/ca
Jul 2 12:39:04 openvpn 66093 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 2 12:39:04 openvpn 65856 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
Jul 2 12:39:04 openvpn 65856 OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 5 2021
Jul 2 12:39:04 openvpn 65856 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

In firewall port is added ... to allow ... and this problem is after i update to 2.5.1
Tnx very much i use Mode: Peer to Peer ( SSL/TLS )