0

I am trying to establish a tunnel with a remote server using openVPN, at the beginning everything went just fine, while a few days later the establishing process often failed (now it has a 100 percent failed rate). The log of the establishment said that:

2023-03-13 11:02:12 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-03-13 11:02:12 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-03-13 11:02:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-03-13 11:02:13 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
2023-03-13 11:02:13 UDPv4 link local: (not bound)
2023-03-13 11:02:13 UDPv4 link remote: [AF_INET]*.*.*.*:1194
2023-03-13 11:03:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-03-13 11:03:13 TLS Error: TLS handshake failed

Firstly my client is behind a NAT. To avoid the effect of NAT I used a machine that has public IP to be the client, but the issus remains.

Edited: Below are the client configs:

# This file is automatically generated, do NOT edit it manually

client
pull # accept configs pushed from server
explicit-exit-notify # notify server on exit

daemon mux01
nobind

proto udp4
remote *.*.*.* #server address
dev tap16
cipher AES-256-CBC
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC

ca certs/ca.crt
cert certs/client.crt
key certs/client.key

setenv daemon_name mux01
script-security 2
up scripts/openvpn/up.sh
down scripts/openvpn/down.sh

management var/mux01.sock unix
log var/mux01.log
writepid var/mux01.pid

# security
remote-cert-tls server
tls-client
tls-exit # prevent zombie clients

I don't have the remote server's configs. The server has been provided openVPN access for a long time, so I think it is my misconfiguration that caused the failure.

Anyone can give me some advice? Thank you.

Charriesun
  • 1
  • 1
  • OpenVPN has absolutely no problems working from behind NAT, both server and client. It looks like the packets don't reach the other side, probably some firewall in the middle is in effect. Please, [add](https://serverfault.com/posts/1126122/edit) relevant logs from the server, and attach configs both from the server and client (with keys removed and public addresses masked, however you already shown a server address in the log above). – Nikita Kipriyanov Mar 14 '23 at 05:58
  • And the server? Tell us all about the data you have collected. – Greg Askew Mar 14 '23 at 06:47
  • Sorry I don't have the server's logs and configuration files. I added the client's configs as above. – Charriesun Mar 14 '23 at 06:51
  • To help you with the VPN, we need you to be able to control the VPN server. Are you the owner of the VPN service? If not, you have to ask the service operator for help. In this case you're the end user, and this site is not for end user (and we aren't able to help anyway). – Nikita Kipriyanov Mar 14 '23 at 07:09

0 Answers0