openvpn -TLS Error

This is the error log

–--

Thu May 2 01:05:14 2013 218.86.195.206:28387 TLS: Initial packet from [AF_INET]218.86.195.206:28387, sid=86eac8aa 05140769

Thu May 2 01:06:14 2013 218.86.195.206:28280 TLS: Initial packet from [AF_INET]218.86.195.206:28280, sid=aa44605d 2b4edba3

Thu May 2 01:06:14 2013 218.86.195.206:28387 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Thu May 2 01:06:14 2013 218.86.195.206:28387 TLS Error: TLS handshake failed

Thu May 2 01:06:14 2013 218.86.195.206:28387 SIGUSR1[soft,tls-error] received, client-instance restarting

–--

and this is my openvpn config


port 11994

proto udp

dev tun

SSL/TLS

ca /etc/openvpn/ca.crt

cert /etc/openvpn/zfish.crt

key /etc/openvpn/zfish.key

tls-auth /etc/openvpn/ta.key 0

Diffie hellman parameters

dh /etc/openvpn/dh2048.pem

script-security 2

keepalive 10 120

comp-lzo

VPN subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist /etc/openvpn/ipp.txt

persist-key

persist-tun

status /var/log/openvpn-status.log

verb 3

push "redirect-gateway def1"

push "dhcp-option DNS 10.8.0.1"

push "dhcp-option DNS 8.8.8.8"

push "dhcp-option DNS 4.4.4.4"

push "dhcp-option DNS 208.67.222.222"


and this is my andriod client config


!/bin/sh

client

dev tun

proto udp

remote 106.187.49.162 11994

nobind

persist-key

persist-tun

ca ca.crt

cert MX2.crt

key MX2.key

tls-auth ta.key 1

auth-user-pass

verb 3


Please help me, Thanks very much!

4 Replies

I think I know what that is and you are not going to like it. It's not a technical problem.

There is something between you (in China) and Linode preventing OpenVPN from connecting. I'm sure it's technically possible to get around it but I'm wondering how much you want to provoke the Chinese government.

@sednet:

I think I know what that is and you are not going to like it. It's not a technical problem.

There is something between you (in China) and Linode preventing OpenVPN from connecting. I'm sure it's technically possible to get around it but I'm wondering how much you want to provoke the Chinese government.

Sometimes I can connect my vpn for useing my phone or my computer. Because I want to use some sevice which provided by foreigner, So I am eager to use vpn on my VPS. Who can help me?

zfish,

It looks like the "auth-user-pass" line in the client config might be part of the problem. You are telling the client to connect with user/pass; but are missing the "auth-user-pass-verify" line on the server config. Are you trying to use user/pass authentication, or certificate authentication?

Try removing "auth-user-pass" from the client config, and add "tls-server" to the server config. That would give you certificate authentication, which is generally perceived to be more secure than user/pass authentication.

@fuzzman442:

zfish,

It looks like the "auth-user-pass" line in the client config might be part of the problem. You are telling the client to connect with user/pass; but are missing the "auth-user-pass-verify" line on the server config. Are you trying to use user/pass authentication, or certificate authentication?

Try removing "auth-user-pass" from the client config, and add "tls-server" to the server config. That would give you certificate authentication, which is generally perceived to be more secure than user/pass authentication.

thanks very much! I just change the openvpn port and the problem is solved! Maybe I am in china and the GFW stop my internet connection!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct