Re: TLS Error: TLS key negotiation failed to occur within 60 seconds



  • Hi All,

    I'm having same issue. Clean install of pfsense 2.2.5 and I used wizard to create open vpn server and cert.

    open vpn client side error:

    Sat Nov 28 18:23:03 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Missouri, L=Saint Louis, O=AEM Business Solutions, emailAddress=myemail@mydomain.com, CN=almirm
    Sat Nov 28 18:23:03 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Sat Nov 28 18:23:03 2015 TLS Error: TLS object -> incoming plaintext read error
    Sat Nov 28 18:23:03 2015 TLS Error: TLS handshake failed
    Sat Nov 28 18:23:03 2015 SIGUSR1[soft,tls-error] received, process restarting
    Sat Nov 28 18:23:05 2015 UDPv4 link local (bound): [undef]
    Sat Nov 28 18:23:05 2015 UDPv4 link remote: [AF_INET]my.public.wan.ip.addr:1194
    Sat Nov 28 18:23:05 2015 SIGTERM[hard,] received, process exiting

    OpenVpn client side config file:

    dev tun
    persist-tun
    persist-key
    cipher AES-256-CBC
    auth SHA1
    tls-client
    client
    resolv-retry infinite
    remote public.ip.addr 1194 udp
    lport 0
    verify-x509-name "almirm" name
    auth-user-pass
    pkcs12 pfs-fw2-udp-1194-almirm.p12
    tls-auth pfs-fw2-udp-1194-almirm-tls.key 1

    I see here i don't have user and server .cert but that should come included in client export openvpn client software ?

    see attached screenshots of my openvpn server and certs.

    Please let me know if you require more info.

    Thanks in advance.

    ![openvpn certs.PNG](/public/imported_attachments/1/openvpn certs.PNG)
    ![openvpn certs.PNG_thumb](/public/imported_attachments/1/openvpn certs.PNG_thumb)
    ![openvpn conf files.PNG](/public/imported_attachments/1/openvpn conf files.PNG)
    ![openvpn conf files.PNG_thumb](/public/imported_attachments/1/openvpn conf files.PNG_thumb)
    ![openvpn user settings.PNG](/public/imported_attachments/1/openvpn user settings.PNG)
    ![openvpn user settings.PNG_thumb](/public/imported_attachments/1/openvpn user settings.PNG_thumb)
    ![pfsence opnevpn capture.png](/public/imported_attachments/1/pfsence opnevpn capture.png)
    ![pfsence opnevpn capture.png_thumb](/public/imported_attachments/1/pfsence opnevpn capture.png_thumb)


  • LAYER 8 Global Moderator

    Not the same error at all, and how did you mess up the wizard that ASKS you to create a server cert.. Yet your trying to use a USER cert for the server..

    "ead tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"



  • try to remove checkbox from Block Private Networks in WAN inerface and see if it works


  • LAYER 8 Netgate

    @pajo99:

    try to remove checkbox from Block Private Networks in WAN inerface and see if it works

    What?



  • Quote from: pajo99 on 2015-12-02, 01:47:48

    try to remove checkbox from Block Private Networks in WAN inerface and see if it works

    What?

    Exactly, Block Private Networks has nothing to do with this issue, as johnpoz already pointed out, the OP is incorrectly trying to use a USER Certificate for an OpenVPN SERVER.


Log in to reply