OpenVPN Server connect issues after 2.5.1 update - TLS Handshake
-
Hey all,
I have read a dozen posts but I haven't found a solution.
I have updated to 2.5.1 on Friday - until then my openvpn server worked just fine for 1,5 years. until now
any help is highly appreciated. thanks a lot
the syslog for openvpn while connection:
my config:
-
@paoloest
Exactcly same problem i have with pfsense after update !!!
And i no found solution :-((
I appreciates if exists one solution for this !!Tnx
-
I am desperate! I cannot use the openvpn server anymore. I have tried to completely setup the server from scratch without luck
Any solution hints would be highly appreciated
-
Is the OpenVPN service running?
Go to the PFSense dashboard, and if not already there, add the Services Status widget and see. If it's not running, see this post: [https://forum.netgate.com/topic/164784/openvpn-service-won-t-start-error-1-mobile-clients-can-t-connect](link url)
It's not your exact problem since I see you're not using custom commands, but it should at least point you on where to troubleshoot.
-
"unfortunately" it is running. :( with a green check
-
@paoloest
Did you export an new configuration package for the client and install it? -
@viragomann said in OpenVPN Server connect issues after 2.5.1 update - TLS Handshake:
an new configuration package for the client and install it?
yes, several times. with the client exporter
-
@paoloest
I believe, there were some thread here solved by unchecking "Data Encryption Negotiation". Maybe give it a try. -
i use 3 servers with pfsense
1 is server-vpn
2 is client-vpn
3 client-vpn
all have installed pfsense and use Mode: Peer to Peer ( SSL/TLS ) and after update VPN disconected and no connect again ... all have TUN option enabled.Jul 2 12:51:36 openvpn 20529 92.84.56.226:59685 TLS Error: TLS handshake failed
Jul 2 12:51:36 openvpn 20529 92.84.56.226:59685 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jul 2 12:49:29 openvpn 20529 Initialization Sequence Completed
Jul 2 12:49:29 openvpn 20529 UDPv4 link remote: [AF_UNSPEC]
Jul 2 12:49:29 openvpn 20529 UDPv4 link local (bound): [AF_INET]127.0.0.1:44441
Jul 2 12:49:29 openvpn 20529 /usr/local/sbin/ovpn-linkup ovpns3 1500 1622 10.1.1.1 255.255.255.0 init
Jul 2 12:49:29 openvpn 20529 /sbin/ifconfig ovpns3 10.1.1.1 10.1.1.2 mtu 1500 netmask 255.255.255.0 up
Jul 2 12:49:29 openvpn 20529 TUN/TAP device /dev/tun3 opened
Jul 2 12:49:29 openvpn 20529 TUN/TAP device ovpns3 exists previously, keep at program end
Jul 2 12:49:29 openvpn 20529 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 2 12:49:29 openvpn 20529 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Jul 2 12:49:29 openvpn 20529 WARNING: experimental option --capath /var/etc/openvpn/server3/ca
Jul 2 12:49:29 openvpn 20529 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 2 12:49:29 openvpn 20366 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
Jul 2 12:49:29 openvpn 20366 OpenVPN 2.5.1 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Apr 5 2021
Jul 2 12:49:29 openvpn 20366 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.In dashboard i see this in VON category: UNDEF IP:30965