Resolved – Unresolvable TLS Handshake error when trying to connect via OpenVPN?

dparsons

Hey everyone.
  First I have RTFMed every FM I have found related to setting up OpenVPN and resolving the TLS Handshake Error. Relvelant articles would be:

• http://forum.pfsense.org/index.php/topic,7840.0.html

• http://www.openvpn.net/index.php/open-source/documentation/howto.html

Here is the setup of my network: T1 –> Cisco Router 2800 --> pfSense (assigned public IP)

In the cisco router I added the following to the ACL:

• permit gre any host 1.2.3.4

• permit udp any host 1.2.3.4 eq 1194

My OpenVPN settings are

• Protocol: UDP

• Port: 1194

• Address Pool: 192.168.100.0/24

• Local network: 192.168.1.0/24

• Cryptography: BF-CBC (128bit)

• Authentication method: PKI

• DHCP-OPt Disable NetBIOS: ticked

• LZO compression: ticked

Firewall settings were as pointed out in the tutorial but currently for L/WAN I have only a single rule allowing everything for the time being.

In the syslog for OpenVPN I have a bunch of entries for:
Aug 5 10:58:38 openvpn[2483]: 4.5.6.7:52810 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Aug 5 10:58:38 openvpn[2483]: 4.5.6.7:52810 TLS Error: TLS handshake failed

Doing a packet capture on the WAN while a connection is trying to be established results in the following output (snippet)

10:17:00.476688 00:19:06:b7:aa:e5 > 00:19:06:b7:aa:e5, ethertype Loopback (0x9000), length 60: 
10:17:01.678212 00:19:06:b7:aa:e5 > 00:14:22:22:84:78, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 113, id 11218, offset 0, flags [none], proto UDP (17), length 42) 5.6.7.8.54353 > 1.2.3.4.1194: [udp sum ok] UDP, length 14
10:17:01.678614 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 49216, offset 0, flags [none], proto UDP (17), length 54) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 26
10:17:01.704634 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 51055, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54351: [udp sum ok] UDP, length 14
10:17:02.605636 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 16451, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54352: [udp sum ok] UDP, length 14
10:17:02.788292 00:30:80:27:28:10 > 00:30:80:27:28:10, ethertype Loopback (0x9000), length 60: 
10:17:03.854630 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 15945, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54351: [udp sum ok] UDP, length 14
10:17:04.078620 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 56185, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 14
10:17:04.199690 00:19:06:b7:aa:e5 > 00:14:22:22:84:78, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 113, id 11225, offset 0, flags [none], proto UDP (17), length 42) 5.6.7.8.54353 > 1.2.3.4.1194: [udp sum ok] UDP, length 14
10:17:04.199765 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 64: (tos 0x0, ttl 64, id 23639, offset 0, flags [none], proto UDP (17), length 50) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 22
10:17:04.993676 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 56392, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54352: [udp sum ok] UDP, length 14
10:17:06.004658 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 45657, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54351: [udp sum ok] UDP, length 14
10:17:06.138613 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 42560, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54352: [udp sum ok] UDP, length 14
10:17:06.526614 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 50730, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 14
10:17:06.720545 00:19:06:b7:aa:e5 > 00:14:22:22:84:78, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 113, id 11228, offset 0, flags [none], proto UDP (17), length 42) 5.6.7.8.54353 > 1.2.3.4.1194: [udp sum ok] UDP, length 14
10:17:06.720629 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 64: (tos 0x0, ttl 64, id 21001, offset 0, flags [none], proto UDP (17), length 50) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 22
10:17:08.236605 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 19727, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54351: [udp sum ok] UDP, length 14
10:17:08.526599 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 36971, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54352: [udp sum ok] UDP, length 14
10:17:09.120599 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 23092, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 14
10:17:09.241273 00:19:06:b7:aa:e5 > 00:14:22:22:84:78, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 113, id 11232, offset 0, flags [none], proto UDP (17), length 42) 5.6.7.8.54353 > 1.2.3.4.1194: [udp sum ok] UDP, length 14
10:17:09.241348 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 64: (tos 0x0, ttl 64, id 19833, offset 0, flags [none], proto UDP (17), length 50) 1.2.3.4.1194 > 5.6.7.8.54353: [udp sum ok] UDP, length 22
10:17:09.324098 00:30:80:27:28:10 > 01:00:5e:00:00:09, ethertype IPv4 (0x0800), length 66: (tos 0xc0, ttl 2, id 0, offset 0, flags [none], proto UDP (17), length 52) 216.28.252.33.520 > 224.0.0.9.520: [udp sum ok] 
	RIPv2, Response, length: 24, routes: 1
	  AFI: IPv4:     192.168.1.0/24, tag 0x0000, metric: 1, next-hop: self
	0x0000:  0202 0000 0002 0000 c0a8 0100 ffff ff00
	0x0010:  0000 0000 0000 0001
10:17:10.468609 00:14:22:22:84:78 > 00:19:06:b7:aa:e5, ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 23041, offset 0, flags [none], proto UDP (17), length 42) 1.2.3.4.1194 > 5.6.7.8.54351: [udp sum ok] UDP, length 14
10:17:10.475654 00:19:06:b7:aa:e5 > 00:19:06:b7:aa:e5, ethertype Loopback (0x9000), length 60: 

Where 1.2.3.4 is the public IP of the pfSense box and 5.6.7.8 is the IP of the box that is trying to connect.  Obviously there is traffic going back and forth.

To test this I have remoted into my personal box at home where I have the OpenVPN client configured (per the sticky) and it is giving me this output (verbose):

Thu Aug 05 11:24:33 2010 us=998000 Current Parameter Settings:
Thu Aug 05 11:24:33 2010 us=998000   config = 'ovpn_njiDCP.ovpn'
Thu Aug 05 11:24:33 2010 us=998000   mode = 0
Thu Aug 05 11:24:33 2010 us=998000   show_ciphers = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   show_digests = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   show_engines = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   genkey = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   key_pass_file = '[UNDEF]'
Thu Aug 05 11:24:33 2010 us=998000   show_tls_ciphers = DISABLED
Thu Aug 05 11:24:33 2010 us=998000 Connection profiles [default]:
Thu Aug 05 11:24:33 2010 us=998000   proto = udp
Thu Aug 05 11:24:33 2010 us=998000   local = '[UNDEF]'
Thu Aug 05 11:24:33 2010 us=998000   local_port = 0
Thu Aug 05 11:24:33 2010 us=998000   remote = '1.2.3.4'
Thu Aug 05 11:24:33 2010 us=998000   remote_port = 1194
Thu Aug 05 11:24:33 2010 us=998000   remote_float = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   bind_defined = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   bind_local = DISABLED
Thu Aug 05 11:24:33 2010 us=998000   connect_retry_seconds = 5
Thu Aug 05 11:24:33 2010 us=998000   connect_timeout = 10
Thu Aug 05 11:24:33 2010 us=998000   connect_retry_max = 0
Thu Aug 05 11:24:33 2010 us=998000   socks_proxy_server = '[UNDEF]'
Thu Aug 05 11:24:33 2010 us=998000   socks_proxy_port = 0
Thu Aug 05 11:24:33 2010 us=998000   socks_proxy_retry = DISABLED
Thu Aug 05 11:24:34 2010 us=14000 Connection profiles END
Thu Aug 05 11:24:34 2010 us=14000   remote_random = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   ipchange = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   dev = 'tun'
Thu Aug 05 11:24:34 2010 us=14000   dev_type = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   dev_node = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   lladdr = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   topology = 1
Thu Aug 05 11:24:34 2010 us=14000   tun_ipv6 = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   ifconfig_local = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   ifconfig_remote_netmask = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   ifconfig_noexec = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   ifconfig_nowarn = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   shaper = 0
Thu Aug 05 11:24:34 2010 us=14000   tun_mtu = 1500
Thu Aug 05 11:24:34 2010 us=14000   tun_mtu_defined = ENABLED
Thu Aug 05 11:24:34 2010 us=14000   link_mtu = 1500
Thu Aug 05 11:24:34 2010 us=14000   link_mtu_defined = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   tun_mtu_extra = 0
Thu Aug 05 11:24:34 2010 us=14000   tun_mtu_extra_defined = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   fragment = 0
Thu Aug 05 11:24:34 2010 us=14000   mtu_discover_type = -1
Thu Aug 05 11:24:34 2010 us=14000   mtu_test = 0
Thu Aug 05 11:24:34 2010 us=14000   mlock = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   keepalive_ping = 0
Thu Aug 05 11:24:34 2010 us=14000   keepalive_timeout = 0
Thu Aug 05 11:24:34 2010 us=14000   inactivity_timeout = 0
Thu Aug 05 11:24:34 2010 us=14000   ping_send_timeout = 10
Thu Aug 05 11:24:34 2010 us=14000   ping_rec_timeout = 0
Thu Aug 05 11:24:34 2010 us=14000   ping_rec_timeout_action = 0
Thu Aug 05 11:24:34 2010 us=14000   ping_timer_remote = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   remap_sigusr1 = 0
Thu Aug 05 11:24:34 2010 us=14000   explicit_exit_notification = 0
Thu Aug 05 11:24:34 2010 us=14000   persist_tun = ENABLED
Thu Aug 05 11:24:34 2010 us=14000   persist_local_ip = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   persist_remote_ip = DISABLED
Thu Aug 05 11:24:34 2010 us=14000   persist_key = ENABLED
Thu Aug 05 11:24:34 2010 us=14000   mssfix = 1450
Thu Aug 05 11:24:34 2010 us=14000   resolve_retry_seconds = 1000000000
Thu Aug 05 11:24:34 2010 us=14000   username = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   groupname = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   chroot_dir = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   cd_dir = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   writepid = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=14000   up_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=232000   down_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=232000   down_pre = DISABLED
Thu Aug 05 11:24:34 2010 us=232000   up_restart = DISABLED
Thu Aug 05 11:24:34 2010 us=232000   up_delay = DISABLED
Thu Aug 05 11:24:34 2010 us=232000   daemon = DISABLED
Thu Aug 05 11:24:34 2010 us=232000   inetd = 0
Thu Aug 05 11:24:34 2010 us=232000   log = DISABLED
Thu Aug 05 11:24:34 2010 us=232000   suppress_timestamps = DISABLED
Thu Aug 05 11:24:34 2010 us=232000   nice = 0
Thu Aug 05 11:24:34 2010 us=232000   verbosity = 5
Thu Aug 05 11:24:34 2010 us=232000   mute = 0
Thu Aug 05 11:24:34 2010 us=232000   gremlin = 0
Thu Aug 05 11:24:34 2010 us=232000   status_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=232000   status_file_version = 1
Thu Aug 05 11:24:34 2010 us=232000   status_file_update_freq = 60
Thu Aug 05 11:24:34 2010 us=232000   occ = ENABLED
Thu Aug 05 11:24:34 2010 us=232000   rcvbuf = 0
Thu Aug 05 11:24:34 2010 us=232000   sndbuf = 0
Thu Aug 05 11:24:34 2010 us=263000   sockflags = 0
Thu Aug 05 11:24:34 2010 us=263000   fast_io = DISABLED
Thu Aug 05 11:24:34 2010 us=263000   lzo = 7
Thu Aug 05 11:24:34 2010 us=263000   route_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=263000   route_default_gateway = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=263000   route_default_metric = 0
Thu Aug 05 11:24:34 2010 us=263000   route_noexec = DISABLED
Thu Aug 05 11:24:34 2010 us=263000   route_delay = 5
Thu Aug 05 11:24:34 2010 us=263000   route_delay_window = 30
Thu Aug 05 11:24:34 2010 us=263000   route_delay_defined = ENABLED
Thu Aug 05 11:24:34 2010 us=263000   route_nopull = DISABLED
Thu Aug 05 11:24:34 2010 us=263000   route_gateway_via_dhcp = DISABLED
Thu Aug 05 11:24:34 2010 us=263000   max_routes = 100
Thu Aug 05 11:24:34 2010 us=263000   allow_pull_fqdn = DISABLED
Thu Aug 05 11:24:34 2010 us=263000   management_addr = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=263000   management_port = 0
Thu Aug 05 11:24:34 2010 us=263000   management_user_pass = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=294000   management_log_history_cache = 250
Thu Aug 05 11:24:34 2010 us=294000   management_echo_buffer_size = 100
Thu Aug 05 11:24:34 2010 us=294000   management_write_peer_info_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=294000   management_client_user = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=294000   management_client_group = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=294000   management_flags = 0
Thu Aug 05 11:24:34 2010 us=294000   shared_secret_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=294000   key_direction = 0
Thu Aug 05 11:24:34 2010 us=294000   ciphername_defined = ENABLED
Thu Aug 05 11:24:34 2010 us=294000   ciphername = 'BF-CBC'
Thu Aug 05 11:24:34 2010 us=294000   authname_defined = ENABLED
Thu Aug 05 11:24:34 2010 us=294000   authname = 'SHA1'
Thu Aug 05 11:24:34 2010 us=294000   prng_hash = 'SHA1'
Thu Aug 05 11:24:34 2010 us=294000   prng_nonce_secret_len = 16
Thu Aug 05 11:24:34 2010 us=294000   keysize = 0
Thu Aug 05 11:24:34 2010 us=294000   engine = DISABLED
Thu Aug 05 11:24:34 2010 us=326000   replay = ENABLED
Thu Aug 05 11:24:34 2010 us=326000   mute_replay_warnings = DISABLED
Thu Aug 05 11:24:34 2010 us=326000   replay_window = 64
Thu Aug 05 11:24:34 2010 us=326000   replay_time = 15
Thu Aug 05 11:24:34 2010 us=326000   packet_id_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=326000   use_iv = ENABLED
Thu Aug 05 11:24:34 2010 us=326000   test_crypto = DISABLED
Thu Aug 05 11:24:34 2010 us=326000   tls_server = DISABLED
Thu Aug 05 11:24:34 2010 us=326000   tls_client = ENABLED
Thu Aug 05 11:24:34 2010 us=326000   key_method = 2
Thu Aug 05 11:24:34 2010 us=326000   ca_file = 'ca.crt'
Thu Aug 05 11:24:34 2010 us=326000   ca_path = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=326000   dh_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=326000   cert_file = 'ovpn_njiDCP.crt'
Thu Aug 05 11:24:34 2010 us=326000   priv_key_file = 'ovpn_njiDCP.key'
Thu Aug 05 11:24:34 2010 us=326000   pkcs12_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=357000   cryptoapi_cert = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=357000   cipher_list = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=357000   tls_verify = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=357000   tls_remote = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=357000   crl_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=357000   ns_cert_type = 64
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=357000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_ku[i] = 0
Thu Aug 05 11:24:34 2010 us=716000   remote_cert_eku = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=716000   tls_timeout = 2
Thu Aug 05 11:24:34 2010 us=716000   renegotiate_bytes = 0
Thu Aug 05 11:24:34 2010 us=716000   renegotiate_packets = 0
Thu Aug 05 11:24:34 2010 us=716000   renegotiate_seconds = 3600
Thu Aug 05 11:24:34 2010 us=716000   handshake_window = 60
Thu Aug 05 11:24:34 2010 us=716000   transition_window = 3600
Thu Aug 05 11:24:34 2010 us=716000   single_session = DISABLED
Thu Aug 05 11:24:34 2010 us=716000   tls_exit = DISABLED
Thu Aug 05 11:24:34 2010 us=716000   tls_auth_file = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=716000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=747000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_protected_authentication = DISABLED
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=778000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_private_mode = 00000000
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=809000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_cert_private = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_pin_cache_period = -1
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_id = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=887000   pkcs11_id_management = DISABLED
Thu Aug 05 11:24:34 2010 us=887000   server_network = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=887000   server_netmask = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=887000   server_bridge_ip = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=887000   server_bridge_netmask = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=887000   server_bridge_pool_start = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=918000   server_bridge_pool_end = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=918000   ifconfig_pool_defined = DISABLED
Thu Aug 05 11:24:34 2010 us=918000   ifconfig_pool_start = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=918000   ifconfig_pool_end = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=918000   ifconfig_pool_netmask = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=918000   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=918000   ifconfig_pool_persist_refresh_freq = 600
Thu Aug 05 11:24:34 2010 us=918000   n_bcast_buf = 256
Thu Aug 05 11:24:34 2010 us=918000   tcp_queue_limit = 64
Thu Aug 05 11:24:34 2010 us=918000   real_hash_size = 256
Thu Aug 05 11:24:34 2010 us=918000   virtual_hash_size = 256
Thu Aug 05 11:24:34 2010 us=918000   client_connect_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=918000   learn_address_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=918000   client_disconnect_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=918000   client_config_dir = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=981000   ccd_exclusive = DISABLED
Thu Aug 05 11:24:34 2010 us=981000   tmp_dir = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=981000   push_ifconfig_defined = DISABLED
Thu Aug 05 11:24:34 2010 us=981000   push_ifconfig_local = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=981000   push_ifconfig_remote_netmask = 0.0.0.0
Thu Aug 05 11:24:34 2010 us=981000   enable_c2c = DISABLED
Thu Aug 05 11:24:34 2010 us=981000   duplicate_cn = DISABLED
Thu Aug 05 11:24:34 2010 us=981000   cf_max = 0
Thu Aug 05 11:24:34 2010 us=981000   cf_per = 0
Thu Aug 05 11:24:34 2010 us=981000   max_clients = 1024
Thu Aug 05 11:24:34 2010 us=981000   max_routes_per_client = 256
Thu Aug 05 11:24:34 2010 us=981000   auth_user_pass_verify_script = '[UNDEF]'
Thu Aug 05 11:24:34 2010 us=981000   auth_user_pass_verify_script_via_file = DISABLED
Thu Aug 05 11:24:34 2010 us=981000   ssl_flags = 0
Thu Aug 05 11:24:34 2010 us=981000   client = ENABLED
Thu Aug 05 11:24:35 2010 us=12000   pull = ENABLED
Thu Aug 05 11:24:35 2010 us=12000   auth_user_pass_file = '[UNDEF]'
Thu Aug 05 11:24:35 2010 us=12000   show_net_up = DISABLED
Thu Aug 05 11:24:35 2010 us=12000   route_method = 0
Thu Aug 05 11:24:35 2010 us=12000   ip_win32_defined = DISABLED
Thu Aug 05 11:24:35 2010 us=12000   ip_win32_type = 3
Thu Aug 05 11:24:35 2010 us=12000   dhcp_masq_offset = 0
Thu Aug 05 11:24:35 2010 us=12000   dhcp_lease_time = 31536000
Thu Aug 05 11:24:35 2010 us=12000   tap_sleep = 0
Thu Aug 05 11:24:35 2010 us=12000   dhcp_options = DISABLED
Thu Aug 05 11:24:35 2010 us=12000   dhcp_renew = DISABLED
Thu Aug 05 11:24:35 2010 us=12000   dhcp_pre_release = DISABLED
Thu Aug 05 11:24:35 2010 us=12000   dhcp_release = DISABLED
Thu Aug 05 11:24:35 2010 us=12000   domain = '[UNDEF]'
Thu Aug 05 11:24:35 2010 us=12000   netbios_scope = '[UNDEF]'
Thu Aug 05 11:24:35 2010 us=12000   netbios_node_type = 0
Thu Aug 05 11:24:35 2010 us=121000   disable_nbt = DISABLED
Thu Aug 05 11:24:35 2010 us=121000 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Aug 05 11:24:35 2010 us=121000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Aug 05 11:24:35 2010 us=324000 LZO compression initialized
Thu Aug 05 11:24:35 2010 us=324000 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 05 11:24:35 2010 us=324000 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Aug 05 11:24:35 2010 us=324000 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Aug 05 11:24:35 2010 us=324000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Aug 05 11:24:35 2010 us=324000 Local Options hash (VER=V4): '41690919'
Thu Aug 05 11:24:35 2010 us=324000 Expected Remote Options hash (VER=V4): '530fdded'
Thu Aug 05 11:24:35 2010 us=324000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 05 11:24:35 2010 us=324000 UDPv4 link local: [undef]
Thu Aug 05 11:24:35 2010 us=324000 UDPv4 link remote: 1.2.3.4:1194

I am out of things to try at this point!

Any help would be greatly appreciated.

---Edit---
In my desperation I was playing with various settings and I ended up changing the proto type of the server from UDP to TCP and could connect flawlessly. Weird.
[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]