LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-03-2009, 11:24 PM   #1
njozwiak
LQ Newbie
 
Registered: Jul 2008
Location: Manchester, NH
Distribution: Fedora Core
Posts: 22

Rep: Reputation: 1
OpenVPN Setup: TLS Handshake Error


Hey guys,

I posted this error on the sourceforge list first but have not gotten any productive responses so I figured I'd see if anyone that read these forums has run into this error before.

I am trying to setup openvpn using routing and having some issues. (I removed all comments and spacing in the config files for the sake of space.)

I followed the HOWTO installation notes on the openvpn website and have openvpn installed on two systems. Right now I'm just trying to setup a test environment with clients authenticating to the server where I can see routes being setup.

According to the server config file at the bottom the VPN subnet should be 192.168.3.x and the vpn server should be 3.1.

When I run the openvpn server...

Code:
> ...
> Tue Mar 3 ... IFCONFIG POOL: base=192.168.3.4 size=62 Tue Mar 3 ... 
> IFCONFIG POOL LIST Tue Mar 3 ... Initialization Sequence Complete
and it waits there until I connect a client. After I attempt to connect a client

Code:
> Tue Mar 3 ... MULTI: multi_create_instance called Tue Mar 3 ... 
> 192.168.2.2:49550 Re-using SSL/TLS context Tue Mar 3 ... 
> 192.168.2.2:49550 LZO compression initialized Tue Mar 3 ... 
> 192.168.2.2:49550 Control Channel MTU parms [ L:1558 D:166
EF:66 EB:0 ET:0 EL:0 ]
> Tue Mar 3 ... 192.168.2.2:49550 Local Options hash (VER=V4): 'a2e63101'
> Tue Mar 3 ... 192.168.2.2:49550 Expected Remote Options hash (VER=V4):
'272f1b58'
> Tue Mar 3 ... 192.168.2.2:49550 TLS: Initial packet from 
> 192.168.2.2:49550 Tue Mar 3 ... read UDPv4
[ECONNREFUSED|ECONNREFUSED|ECONNREFUSED|ECONNREFUSED]: Connection Refused (code 111)
and the client posts a continuous

Code:
> Tue Mar 3 ... TLS Error: TLS handshake failed
Then I interrupt and it closes socket and fails.

I have triple checked that all of my keys/crts are created properly and in the correct place according to the HOWTO on the OpenVPN website as well as all paths are pointing to the correct places... My config files are below.

Any help would be much appreciated.

Thanks,
Nate

server.conf
On a box with IP: 192.168.2.1
Code:
port 1194
proto udp
dev tun0

server 192.168.3.0 255.255.255.0

# certificate paths are here

cipher AES-128-CBC	# AES

tls-auth /etc/openvpn/2.0/keys/ta.key 0

comp-lzo
client.conf
On a box with IP: 192.168.2.2
Code:
client
dev tun
proto udp

remote 192.168.2.1 1194
resolv-retry infinite
nobind
persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key

tls-auth ta.key 1

cipher AES-128-CBC

comp-lzo
auth-user-pass
 
Old 03-05-2009, 11:02 AM   #2
njozwiak
LQ Newbie
 
Registered: Jul 2008
Location: Manchester, NH
Distribution: Fedora Core
Posts: 22

Original Poster
Rep: Reputation: 1
Issue resolved.
 
Old 07-10-2009, 09:29 AM   #3
behzadfu
LQ Newbie
 
Registered: Jun 2009
Posts: 22

Rep: Reputation: 15
I have same problem, How you resolved this problem?
 
Old 07-10-2009, 12:59 PM   #4
njozwiak
LQ Newbie
 
Registered: Jul 2008
Location: Manchester, NH
Distribution: Fedora Core
Posts: 22

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by behzadfu View Post
I have same problem, How you resolved this problem?
post your server and client files
 
Old 07-10-2009, 11:50 PM   #5
behzadfu
LQ Newbie
 
Registered: Jun 2009
Posts: 22

Rep: Reputation: 15
I can telnet to port 1194 from client,but cannot connect
thanks
client error messages
Quote:
Sat Jul 11 09:13:19 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Jul 11 09:13:19 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Jul 11 09:13:19 2009 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jul 11 09:13:19 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 11 09:13:19 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 11 09:13:19 2009 LZO compression initialized
Sat Jul 11 09:13:19 2009 Control Channel MTU parms [ L:1544 D:168 EF:68 EB:0 ET:0 EL:0 ]
Sat Jul 11 09:13:19 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 11 09:13:19 2009 Local Options hash (VER=V4): 'ee93268d'
Sat Jul 11 09:13:19 2009 Expected Remote Options hash (VER=V4): 'bd577cd1'
Sat Jul 11 09:13:19 2009 Attempting to establish TCP connection with 78.110.170.243:1194
Sat Jul 11 09:13:19 2009 TCP connection established with 78.110.170.243:1194
Sat Jul 11 09:13:19 2009 TCPv4_CLIENT link local: [undef]
Sat Jul 11 09:13:19 2009 TCPv4_CLIENT link remote: 78.xx.xx.xx:1194
Sat Jul 11 09:13:20 2009 Connection reset, restarting [0]
Sat Jul 11 09:13:20 2009 TCP/UDP: Closing socket
Sat Jul 11 09:13:20 2009 SIGUSR1[soft,connection-reset] received, process restarting
Sat Jul 11 09:13:20 2009 Restart pause, 5 second(s)


client.ovpn
Quote:
client
dev tun
proto tcp
remote 78.xx.xx.xx 1194
float
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh2048.pem
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
mute 20
server.conf
Quote:
port 1194
proto tcp
dev tun
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh2048.pem
server 192.168.2.0 255.255.255.0
client-to-client
client-config-dir ccd
#########
######### Put your Public DNS Servers here
#########
push "dhcp-option DNS 192.168.2.1"
push "dhcp-option DNS 78.xx.xx.xx"
group nogroup
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Complex OpenVPN setup and routing joadoor Linux - Networking 2 08-05-2008 08:28 PM
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Carpo Slackware 1 07-10-2007 08:46 AM
Document for setup Apache2 with SSL/TLS satimis Linux - Server 2 11-24-2006 07:46 PM
postfix gives me tls handshake failure kryptonite0110 Linux - Software 0 01-02-2006 10:05 PM
qpopper TLS/SSL Handshake failed: -1 frerotjs Linux - Software 0 07-15-2003 07:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration