I'm writing a simple OpenVPN client (with Python & Scapy & [scapy-ssl_tls] ) which should connect to OpenVPN server.
I open UDP socket in Python and with Scapy I define my own OpenVPN layer on top of UDP (according to OpenVPN specs) and send packets on it (just like original client would).
I am able to successfully send initial P_CONTROL_HARD_RESET_CLIENT_V2 message and receive response from server, which is P_CONTROL_HARD_RESET_SERVER_V2, then I send P_ACK_V1 message.
Keep in mind I generate all session ids correctly.
Now when I send first P_CONTROL_V1 message, which is essentially TLS ClientHello on top of OpenVPN layer, I get a P_ACK_V1 acknowledgement from server but that's it. Note that this ACK does only mean that server received OpenVPN message, not necessarily TLS data. I'm supposed to get ServerHello and all the remaining stuff but server does not send anything after ACK.
I compared the packet format and all network layers of my sent packet with communication of real client (image below) and pretty much all the fields are identical.
Wireshark combines and assembles packets automatically when it has the full handshake, so little tricky to compare it.
I also tried replaying complete ClientHello message from previous real client communication (I generated my own local time though) but results were the same - ACK and then nothing.
I also checked server logs and didn't find any errors or anything what could help me.
I create my TLS packet like this (with more options):
pack = openvpn(opcode=0x20, session_id=ses, message_packet_id_array_length=0, message_packet_id=0000)/TLSRecord()/TLSHandshake()/TLSClientHello()
openvpn is a layer I defined myself in Scapy.
Any ideas why I don't get ServerHello?
EDIT: considering that I don't get any alerts from server I'm pretty sure server does not even see my ClientHello for some reason.
