Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1 User suddenly can't connect

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 365 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stewart
      last edited by

      We have a site where OpenVPN has been working well for users for a while now but suddenly 1 user can't connect. We've tried uninstalling the whole package and then reinstalling it with the same issue.

      On the server the logs show:

      xxx.xxx.xxx.xxx:1194 TLS Error: TLS handshake failed
xxx.xxx.xxx.xxx:1194 TLS Error: TLS object -> incoming plaintext read error
xxx.xxx.xxx.xxx:1194 TLS_ERROR: BIO read tls_read_plaintext error
xxx.xxx.xxx.xxx:1194 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
xxx.xxx.xxx.xxx:1194 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: CN=User_Name, O=OU Group, emailAddress=user@company.com, C=US

      The PC gets:

      TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
TCP/UDP: Preserving recently used remote address: [AF_INET]yyyy.yyyy.yyyy.yyyy:1194
UDP link local (bound): [AF_INET][undef]:1194
UDP link remote: [AF_INET]yyyy.yyyy.yyyy.yyyy:1194

      The config file is:

      dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote yyyy.yyyy.yyyy.yyyy 1194 udp
verify-x509-name "OpenVPN_Cert" name
auth-user-pass
ca OpenVPN-UDP4-1194-user-ca.crt
cryptoapicert "SUBJ:user"
tls-auth OpenVPN-UDP4-1194-user-tls.key 1
remote-cert-tls server
auth-nocache

      I have verified that both the
      OpenVPN-UDP4-1194-user-ca.crt
      and the
      OpenVPN-UDP4-1194-user-tls.key
      files are in the same directory as the ovpn config file. If I rename either of those files then OpenVPN fails to load with an error so I know it's seeing the files.

      I've also installed this package onto another PC and it connects in just fine so I know it's limited to this PC. I've moved the laptop to a cell hot spot and the error persists so it isn't the network connection. It's something on this particular PC.

      My understanding is that the error indicates that the PC can't see the CA certificate but it appears to be installed fine. Any ideas?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.