4. TLS handshake failed

TLS handshake failed

  • I

    I followed the tutorial for road warrior configuration but I cannot get the openvpn server to work.
    I see in the server log:

    Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 LZO compression initialized
    Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 Re-using SSL/TLS context
    Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS handshake failed
    Aug 24 09:15:39 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Aug 24 09:14:38 openvpn[13492]: 93.112.65.219:1194 LZO compression initialized
    Aug 24 09:14:38 openvpn[13492]: 93.112.65.219:1194 Re-using SSL/TLS context
    Aug 24 08:40:49 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS handshake failed
    Aug 24 08:40:49 openvpn[13492]: 93.112.65.219:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Aug 24 08:39:49 openvpn[13492]: 93.112.65.219:1194 LZO compression initialized
    Aug 24 08:39:49 openvpn[13492]: 93.112.65.219:1194 Re-using SSL/TLS context
    Aug 24 08:39:29 openvpn[13492]: Need IPv6 code in mroute_extract_addr_from_packet
    Aug 24 08:39:22 openvpn[13492]: Need IPv6 code in mroute_extract_addr_from_packet
    Aug 24 08:39:22 openvpn[13492]: Initialization Sequence Completed
    Aug 24 08:39:22 openvpn[13492]: UDPv4 link remote: [undef]
    Aug 24 08:39:22 openvpn[13492]: UDPv4 link local (bound): [undef]:1194
    Aug 24 08:39:21 openvpn[13471]: /etc/rc.filter_configure tun0 1500 1542 192.168.15.1 192.168.15.2 init
    Aug 24 08:39:21 openvpn[13471]: /sbin/ifconfig tun0 192.168.15.1 192.168.15.2 mtu 1500 netmask 255.255.255.255 up
    Aug 24 08:39:21 openvpn[13471]: TUN/TAP device /dev/tun0 opened
    Aug 24 08:39:21 openvpn[13471]: gw 81.180.x.y
    Aug 24 08:39:21 openvpn[13471]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Aug 24 08:39:21 openvpn[13471]: OpenVPN 2.0.6 i386-portbld-freebsd7.0 [SSL] [LZO] built on Nov 9 2008
    Aug 24 08:39:19 openvpn[12794]: SIGTERM[hard,] received, process exiting
    Aug 24 08:39:19 openvpn[12794]: /etc/rc.filter_configure tun0 1500 1543 192.168.15.1 192.168.15.2 init

    0

  • Do you have an Advanced Outbound NAT Rule for your Road Warrior Network?  (Firewall/NAT/Outbound)

    What does your Road Warrior Firewall Rule look like on WAN interface?

    ![Picture 2.png](/public/imported_attachments/1/Picture 2.png)
    ![Picture 1.png_thumb](/public/imported_attachments/1/Picture 1.png_thumb)
    ![Picture 1.png](/public/imported_attachments/1/Picture 1.png)
    ![Picture 2.png_thumb](/public/imported_attachments/1/Picture 2.png_thumb)

    0
  • K

    The client at ip 93.112.65.219 is using port 1194 as the source port for outgoing connection which might be a problem. Add nobind -option to the client config, checking the "dynamic source port" -option will do that if the client is also a pfSense machine.

    Post the client side log as well if possible.

    0
  • I

    I've solved this one….was from the ISP, was blocking some ports...with another ISP is working...

    0

  • Change the default port from 1194 to something else should resolve your ISP from blocking your VPN connection

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy