Server refusing connection:TLS Error: TLS handshake failed
-
Hi,
I installed Openvpn on a Debian 5.0 VPS using apt-get.
At the beginning. everything was working fine until they changed my OS from Debian 6.0 to Debian 5.0 because they had problems with tun interface. After that , after i installed openvpn server, first time everything was going well until the server began to refuse connections. I deleted all certificates and keys and started over with new ones but the story repeats over and over again.Enter Management Password:
Sun Jul 07 21:48:59 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jul 07 21:48:59 2013 Need hold release from management interface, waiting…
Sun Jul 07 21:48:59 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'state on'
Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'log all on'
Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'hold off'
Sun Jul 07 21:48:59 2013 MANAGEMENT: CMD 'hold release'
Sun Jul 07 21:48:59 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 07 21:48:59 2013 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Sun Jul 07 21:49:00 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 07 21:49:00 2013 Attempting to establish TCP connection with [AF_INET]188.241.154.65:443
Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,TCP_CONNECT,,,
Sun Jul 07 21:49:00 2013 TCP connection established with [AF_INET]188.241.154.65:443
Sun Jul 07 21:49:00 2013 TCPv4_CLIENT link local: [undef]
Sun Jul 07 21:49:00 2013 TCPv4_CLIENT link remote: [AF_INET]188.241.154.65:443
Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,WAIT,,,
Sun Jul 07 21:49:00 2013 MANAGEMENT: >STATE:1373226540,AUTH,,,
Sun Jul 07 21:49:00 2013 TLS: Initial packet from [AF_INET]188.241.154.65:443, sid=cbe7a8c8 9b9238cb
Sun Jul 07 21:49:01 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
Sun Jul 07 21:49:01 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jul 07 21:49:01 2013 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 07 21:49:01 2013 TLS Error: TLS handshake failed
Sun Jul 07 21:49:01 2013 Fatal TLS error (check_tls_errors_co), restarting
Sun Jul 07 21:49:01 2013 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 07 21:49:01 2013 MANAGEMENT: >STATE:1373226541,RECONNECTING,tls-error,,
Sun Jul 07 21:49:01 2013 Restart pause, 5 second(s)
Sun Jul 07 21:49:06 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 07 21:49:06 2013 NOTE: OpenVPN 2.1 requires '–script-security 2' or higher to call user-defined scripts or executables
Sun Jul 07 21:49:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jul 07 21:49:06 2013 Attempting to establish TCP connection with [AF_INET]188.241.154.65:443
Sun Jul 07 21:49:06 2013 MANAGEMENT: >STATE:1373226546,TCP_CONNECT,,,
Sun Jul 07 21:49:06 2013 TCP connection established with [AF_INET]188.241.154.65:443
Sun Jul 07 21:49:06 2013 TCPv4_CLIENT link local: [undef]
Sun Jul 07 21:49:06 2013 TCPv4_CLIENT link remote: [AF_INET]188.241.154.65:443
Sun Jul 07 21:49:06 2013 MANAGEMENT: >STATE:1373226546,WAIT,,,
Sun Jul 07 21:49:07 2013 MANAGEMENT: >STATE:1373226547,AUTH,,,
Sun Jul 07 21:49:07 2013 TLS: Initial packet from [AF_INET]188.241.154.65:443, sid=8a0ce5f7 d4246d15
Sun Jul 07 21:49:07 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, emailAddress=me@myhost.mydomain
Sun Jul 07 21:49:07 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jul 07 21:49:07 2013 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 07 21:49:07 2013 TLS Error: TLS handshake failed
Sun Jul 07 21:49:07 2013 Fatal TLS error (check_tls_errors_co), restarting
Sun Jul 07 21:49:07 2013 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 07 21:49:07 2013 MANAGEMENT: >STATE:1373226547,RECONNECTING,tls-error,,
Sun Jul 07 21:49:07 2013 Restart pause, 5 second(s)Can anyone help me ? What is the problem ?
Thanks. -
Check this out. Read down to "This indeed was the issue! I have had my old certs from a previous attempt (that also failed) on my laptop. I've regenerated this clients certs, and ta da"
This thread might help you.
https://forums.openvpn.net/topic12623.html
Basically, he ended up regenerating his server CA and certs as well as client certs.