Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Server refusing connection:TLS Error: TLS handshake failed

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 37.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mboncalo
      last edited by

      Hi,
      I installed Openvpn on a Debian 5.0 VPS using apt-get.
      At the beginning. everything was working fine until they changed my OS from Debian 6.0 to Debian 5.0 because they had problems with tun interface. After that , after i installed openvpn server, first time everything was going well until the server began to refuse connections. I deleted all certificates and keys and started over with new ones but the story repeats over and over again.

      Enter Management Password:
      Sun Jul 07 21:48:59 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
      Sun Jul 07 21:48:59 2013 Need hold release from management interface, waiting…
      Sun Jul 07 21:48:59 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
      Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'state on'
      Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'log all on'
      Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'hold off'
      Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'hold release'
      Sun Jul 07 21:48:59 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Sun Jul 07 21:48:59 2013 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
      Sun Jul 07 21:49:00 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
      Sun Jul 07 21:49:00 2013 Attempting to establish TCP connection with [AF_INET]188.241.154.65:443
      Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,TCP_CONNECT,,,
      Sun Jul 07 21:49:00 2013 TCP connection established with [AF_INET]188.241.154.65:443
      Sun Jul 07 21:49:00 2013 TCPv4_CLIENT link local: [undef]
      Sun Jul 07 21:49:00 2013 TCPv4_CLIENT link remote: [AF_INET]188.241.154.65:443
      Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,WAIT,,,
      Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,AUTH,,,
      Sun Jul 07 21:49:00 2013 TLS: Initial packet from [AF_INET]188.241.154.65:443, sid=cbe7a8c8 9b9238cb
      Sun Jul 07 21:49:01 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
      Sun Jul 07 21:49:01 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
      Sun Jul 07 21:49:01 2013 TLS Error: TLS object -> incoming plaintext read error
      Sun Jul 07 21:49:01 2013 TLS Error: TLS handshake failed
      Sun Jul 07 21:49:01 2013 Fatal TLS error (check_tls_errors_co), restarting
      Sun Jul 07 21:49:01 2013 SIGUSR1[soft,tls-error] received, process restarting
      Sun Jul 07 21:49:01 2013 MANAGEMENT: >STATE:1373226541,RECONNECTING,tls-error,,
      Sun Jul 07 21:49:01 2013 Restart pause, 5 second(s)
      Sun Jul 07 21:49:06 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Sun Jul 07 21:49:06 2013 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
      Sun Jul 07 21:49:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
      Sun Jul 07 21:49:06 2013 Attempting to establish TCP connection with [AF_INET]188.241.154.65:443
      Sun Jul 07 21:49:06 2013 MANAGEMENT: >STATE:1373226546,TCP_CONNECT,,,
      Sun Jul 07 21:49:06 2013 TCP connection established with [AF_INET]188.241.154.65:443
      Sun Jul 07 21:49:06 2013 TCPv4_CLIENT link local: [undef]
      Sun Jul 07 21:49:06 2013 TCPv4_CLIENT link remote: [AF_INET]188.241.154.65:443
      Sun Jul 07 21:49:06 2013 MANAGEMENT: >STATE:1373226546,WAIT,,,
      Sun Jul 07 21:49:07 2013 MANAGEMENT: >STATE:1373226547,AUTH,,,
      Sun Jul 07 21:49:07 2013 TLS: Initial packet from [AF_INET]188.241.154.65:443, sid=8a0ce5f7 d4246d15
      Sun Jul 07 21:49:07 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
      Sun Jul 07 21:49:07 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
      Sun Jul 07 21:49:07 2013 TLS Error: TLS object -> incoming plaintext read error
      Sun Jul 07 21:49:07 2013 TLS Error: TLS handshake failed
      Sun Jul 07 21:49:07 2013 Fatal TLS error (check_tls_errors_co), restarting
      Sun Jul 07 21:49:07 2013 SIGUSR1[soft,tls-error] received, process restarting
      Sun Jul 07 21:49:07 2013 MANAGEMENT: >STATE:1373226547,RECONNECTING,tls-error,,
      Sun Jul 07 21:49:07 2013 Restart pause, 5 second(s)

      Can anyone help me ? What is the problem ?
      Thanks.

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Check this out.  Read down to "This indeed was the issue! I have had my old certs from a previous attempt (that also failed) on my laptop. I've regenerated this clients certs, and ta da"

        This thread might help you.

        https://forums.openvpn.net/topic12623.html

        Basically, he ended up regenerating his server CA and certs as well as client certs.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.