FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
855 views 3 comments
by

Hello,

I cannot get this to work using TRB 140 as OpenVPN client.

OpenVPN configuration file:

#OpenVPN Client conf

tls-client

client

nobind

dev tun

proto udp

tun-mtu 1400

remote x.ns.net 1194

cipher AES-256-CBC

auth SHA512

tls-auth ta.key

verb 3

ns-cert-type server

verify-x509-name x.ns.net name

System Log on TRB 140:

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: library versions: OpenSSL 1.0.2u  20 Dec 2019, LZO 2.10

Sun Sep  6 09:57:37 2020 daemon.warn openvpn(SWU)[6141]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: TCP/UDP: Preserving recently used remote address: [AF_INET]84.177.x.y:1194

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: Socket Buffers: R=[163840->163840] S=[163840->163840]

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: UDP link local: (not bound)

Sun Sep  6 09:57:37 2020 daemon.notice openvpn(SWU)[6141]: UDP link remote: [AF_INET]84.177.x.y:1194

Sun Sep  6 09:58:37 2020 daemon.err openvpn(SWU)[6141]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Sun Sep  6 09:58:37 2020 daemon.err openvpn(SWU)[6141]: TLS Error: TLS handshake failed

Sun Sep  6 09:58:37 2020 daemon.notice openvpn(SWU)[6141]: TCP/UDP: Closing socket

Sun Sep  6 09:58:37 2020 daemon.notice openvpn(SWU)[6141]: SIGUSR1[soft,tls-error] received, process restarting

Certificates:

Downloaded from OpenVPN server as PKCS12 and generated ca, client certificate and client key with OpenSSL.

Any ideas how to configure to get it working?

by

TRB140 configuration as client

3 Answers

0 votes
by anonymous

Hi,

From your logs I can identify two issues that might be stopping you from connecting with OpenVPN:

Sun Sep  6 09:57:37 2020 daemon.warn openvpn(SWU)[6141]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

This is a warning, it should not be the issue, but you should still check it.

Sun Sep  6 09:58:37 2020 daemon.err openvpn(SWU)[6141]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Sun Sep  6 09:58:37 2020 daemon.err openvpn(SWU)[6141]: TLS Error: TLS handshake failed

And this is why you can't connect. Something with your authentication that is not correct.

https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/

Make sure your encryptions, authentication algorithms are identical on both sides. Check your certificates if they're also generated right.

EB.

0 votes
by

This is my configuration at OpenVPN Server side. Any hints whar's going wrong with server settings vs. client settings?

by anonymous
Is there any possibility that you could use other authentication instead of TLS/Password?

Try using static key: https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples#Creating_a_Static_key

As for now, that's not enough information to detect a problem, but I still believe it's an information parse mismatch.

EB.
0 votes
by
What information do you need to check the configuration? Maybe I can contact you directly?
by anonymous
You can send a troubleshoot file to me via private message.

First register on the forum and then click on my profile name to access the page, where you'll see the private message button.

EB.