• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Server refusing connection:TLS Error: TLS handshake failed

Scheduled Pinned Locked Moved OpenVPN
2 Posts 2 Posters 37.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mboncalo
    last edited by Jul 8, 2013, 8:58 PM

    Hi,
    I installed Openvpn on a Debian 5.0 VPS using apt-get.
    At the beginning. everything was working fine until they changed my OS from Debian 6.0 to Debian 5.0 because they had problems with tun interface. After that , after i installed openvpn server, first time everything was going well until the server began to refuse connections. I deleted all certificates and keys and started over with new ones but the story repeats over and over again.

    Enter Management Password:
    Sun Jul 07 21:48:59 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Sun Jul 07 21:48:59 2013 Need hold release from management interface, waiting…
    Sun Jul 07 21:48:59 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'state on'
    Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'log all on'
    Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'hold off'
    Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'hold release'
    Sun Jul 07 21:48:59 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sun Jul 07 21:48:59 2013 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
    Sun Jul 07 21:49:00 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sun Jul 07 21:49:00 2013 Attempting to establish TCP connection with [AF_INET]188.241.154.65:443
    Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,TCP_CONNECT,,,
    Sun Jul 07 21:49:00 2013 TCP connection established with [AF_INET]188.241.154.65:443
    Sun Jul 07 21:49:00 2013 TCPv4_CLIENT link local: [undef]
    Sun Jul 07 21:49:00 2013 TCPv4_CLIENT link remote: [AF_INET]188.241.154.65:443
    Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,WAIT,,,
    Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,AUTH,,,
    Sun Jul 07 21:49:00 2013 TLS: Initial packet from [AF_INET]188.241.154.65:443, sid=cbe7a8c8 9b9238cb
    Sun Jul 07 21:49:01 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
    Sun Jul 07 21:49:01 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Sun Jul 07 21:49:01 2013 TLS Error: TLS object -> incoming plaintext read error
    Sun Jul 07 21:49:01 2013 TLS Error: TLS handshake failed
    Sun Jul 07 21:49:01 2013 Fatal TLS error (check_tls_errors_co), restarting
    Sun Jul 07 21:49:01 2013 SIGUSR1[soft,tls-error] received, process restarting
    Sun Jul 07 21:49:01 2013 MANAGEMENT: >STATE:1373226541,RECONNECTING,tls-error,,
    Sun Jul 07 21:49:01 2013 Restart pause, 5 second(s)
    Sun Jul 07 21:49:06 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Sun Jul 07 21:49:06 2013 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
    Sun Jul 07 21:49:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Sun Jul 07 21:49:06 2013 Attempting to establish TCP connection with [AF_INET]188.241.154.65:443
    Sun Jul 07 21:49:06 2013 MANAGEMENT: >STATE:1373226546,TCP_CONNECT,,,
    Sun Jul 07 21:49:06 2013 TCP connection established with [AF_INET]188.241.154.65:443
    Sun Jul 07 21:49:06 2013 TCPv4_CLIENT link local: [undef]
    Sun Jul 07 21:49:06 2013 TCPv4_CLIENT link remote: [AF_INET]188.241.154.65:443
    Sun Jul 07 21:49:06 2013 MANAGEMENT: >STATE:1373226546,WAIT,,,
    Sun Jul 07 21:49:07 2013 MANAGEMENT: >STATE:1373226547,AUTH,,,
    Sun Jul 07 21:49:07 2013 TLS: Initial packet from [AF_INET]188.241.154.65:443, sid=8a0ce5f7 d4246d15
    Sun Jul 07 21:49:07 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
    Sun Jul 07 21:49:07 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Sun Jul 07 21:49:07 2013 TLS Error: TLS object -> incoming plaintext read error
    Sun Jul 07 21:49:07 2013 TLS Error: TLS handshake failed
    Sun Jul 07 21:49:07 2013 Fatal TLS error (check_tls_errors_co), restarting
    Sun Jul 07 21:49:07 2013 SIGUSR1[soft,tls-error] received, process restarting
    Sun Jul 07 21:49:07 2013 MANAGEMENT: >STATE:1373226547,RECONNECTING,tls-error,,
    Sun Jul 07 21:49:07 2013 Restart pause, 5 second(s)

    Can anyone help me ? What is the problem ?
    Thanks.

    1 Reply Last reply Reply Quote 0
    • K
      kejianshi
      last edited by Jul 8, 2013, 9:08 PM Jul 8, 2013, 9:04 PM

      Check this out.  Read down to "This indeed was the issue! I have had my old certs from a previous attempt (that also failed) on my laptop. I've regenerated this clients certs, and ta da"

      This thread might help you.

      https://forums.openvpn.net/topic12623.html

      Basically, he ended up regenerating his server CA and certs as well as client certs.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received