Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS handshake failed

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 15.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iulian_2007
      last edited by

      I followed the tutorial for road warrior configuration but I cannot get the openvpn server to work.
      I see in the server log:

      Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 LZO compression initialized
      Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 Re-using SSL/TLS context
      Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS handshake failed
      Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Aug 24 09:14:38 openvpn[13492]: 93.112.65.219:1194 LZO compression initialized
      Aug 24 09:14:38 openvpn[13492]: 93.112.65.219:1194 Re-using SSL/TLS context
      Aug 24 08:40:49 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS handshake failed
      Aug 24 08:40:49 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Aug 24 08:39:49 openvpn[13492]: 93.112.65.219:1194 LZO compression initialized
      Aug 24 08:39:49 openvpn[13492]: 93.112.65.219:1194 Re-using SSL/TLS context
      Aug 24 08:39:29 openvpn[13492]: Need IPv6 code in mroute_extract_addr_from_packet
      Aug 24 08:39:22 openvpn[13492]: Need IPv6 code in mroute_extract_addr_from_packet
      Aug 24 08:39:22 openvpn[13492]: Initialization Sequence Completed
      Aug 24 08:39:22 openvpn[13492]: UDPv4 link remote: [undef]
      Aug 24 08:39:22 openvpn[13492]: UDPv4 link local (bound): [undef]:1194
      Aug 24 08:39:21 openvpn[13471]: /etc/rc.filter_configure tun0 1500 1542 192.168.15.1 192.168.15.2 init
      Aug 24 08:39:21 openvpn[13471]: /sbin/ifconfig tun0 192.168.15.1 192.168.15.2 mtu 1500 netmask 255.255.255.255 up
      Aug 24 08:39:21 openvpn[13471]: TUN/TAP device /dev/tun0 opened
      Aug 24 08:39:21 openvpn[13471]: gw 81.180.x.y
      Aug 24 08:39:21 openvpn[13471]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
      Aug 24 08:39:21 openvpn[13471]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
      Aug 24 08:39:19 openvpn[12794]: SIGTERM[hard,] received, process exiting
      Aug 24 08:39:19 openvpn[12794]: /etc/rc.filter_configure tun0 1500 1543 192.168.15.1 192.168.15.2 init

      1 Reply Last reply Reply Quote 0
      • AhnHELA
        AhnHEL
        last edited by

        Do you have an Advanced Outbound NAT Rule for your Road Warrior Network?  (Firewall/NAT/Outbound)

        What does your Road Warrior Firewall Rule look like on WAN interface?

        ![Picture 2.png](/public/imported_attachments/1/Picture 2.png)
        ![Picture 1.png_thumb](/public/imported_attachments/1/Picture 1.png_thumb)
        ![Picture 1.png](/public/imported_attachments/1/Picture 1.png)
        ![Picture 2.png_thumb](/public/imported_attachments/1/Picture 2.png_thumb)

        AhnHEL (Angel)

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          The client at ip 93.112.65.219 is using port 1194 as the source port for outgoing connection which might be a problem. Add nobind -option to the client config, checking the "dynamic source port" -option will do that if the client is also a pfSense machine.

          Post the client side log as well if possible.

          1 Reply Last reply Reply Quote 0
          • I
            iulian_2007
            last edited by

            I've solved this one….was from the ISP, was blocking some ports...with another ISP is working...

            1 Reply Last reply Reply Quote 0
            • AhnHELA
              AhnHEL
              last edited by

              Change the default port from 1194 to something else should resolve your ISP from blocking your VPN connection

              AhnHEL (Angel)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.