openvpn -TLS Error
–--
Thu May 2 01:05:14 2013 218.86.195.206:28387 TLS: Initial packet from [AF_INET]218.86.195.206:28387, sid=86eac8aa 05140769
Thu May 2 01:06:14 2013 218.86.195.206:28280 TLS: Initial packet from [AF_INET]218.86.195.206:28280, sid=aa44605d 2b4edba3
Thu May 2 01:06:14 2013 218.86.195.206:28387 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu May 2 01:06:14 2013 218.86.195.206:28387 TLS Error: TLS handshake failed
Thu May 2 01:06:14 2013 218.86.195.206:28387 SIGUSR1[soft,tls-error] received, client-instance restarting
–--
and this is my openvpn config
port 11994
proto udp
dev tun
SSL/TLS
ca /etc/openvpn/ca.crt
cert /etc/openvpn/zfish.crt
key /etc/openvpn/zfish.key
tls-auth /etc/openvpn/ta.key 0
Diffie hellman parameters
dh /etc/openvpn/dh2048.pem
script-security 2
keepalive 10 120
comp-lzo
VPN subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 4.4.4.4"
push "dhcp-option DNS 208.67.222.222"
and this is my andriod client config
!/bin/sh
client
dev tun
proto udp
remote 106.187.49.162 11994
nobind
persist-key
persist-tun
ca ca.crt
cert MX2.crt
key MX2.key
tls-auth ta.key 1
auth-user-pass
verb 3
Please help me, Thanks very much!
4 Replies
There is something between you (in China) and Linode preventing OpenVPN from connecting. I'm sure it's technically possible to get around it but I'm wondering how much you want to provoke the Chinese government.
@sednet:
I think I know what that is and you are not going to like it. It's not a technical problem.
There is something between you (in China) and Linode preventing OpenVPN from connecting. I'm sure it's technically possible to get around it but I'm wondering how much you want to provoke the Chinese government.
Sometimes I can connect my vpn for useing my phone or my computer. Because I want to use some sevice which provided by foreigner, So I am eager to use vpn on my VPS. Who can help me?
It looks like the "auth-user-pass" line in the client config might be part of the problem. You are telling the client to connect with user/pass; but are missing the "auth-user-pass-verify" line on the server config. Are you trying to use user/pass authentication, or certificate authentication?
Try removing "auth-user-pass" from the client config, and add "tls-server" to the server config. That would give you certificate authentication, which is generally perceived to be more secure than user/pass authentication.
@fuzzman442:
zfish,
It looks like the "auth-user-pass" line in the client config might be part of the problem. You are telling the client to connect with user/pass; but are missing the "auth-user-pass-verify" line on the server config. Are you trying to use user/pass authentication, or certificate authentication?
Try removing "auth-user-pass" from the client config, and add "tls-server" to the server config. That would give you certificate authentication, which is generally perceived to be more secure than user/pass authentication.
thanks very much! I just change the openvpn port and the problem is solved! Maybe I am in china and the GFW stop my internet connection!