Thu Nov 19 19:34:33 2009 TLS Error: TLS key negotiation failed to
occur
within 60 seconds (check your network connectivity)
Thu Nov 19 19:34:33 2009 TLS Error: TLS handshake failed
It is a networking problem somewhere along the line. Is the OpenVPN
server recognising the clients attempt to connect?
Could you show the config files for bth client and server??
server.conf:
port 1194
proto udp
dev tun
ca "/etc/openvpn/ca.crt"
cert "/etc/openvpn/jupiter.crt"
key "/etc/openvpn/jupiter.key" # This file should be kept secret
dh "/etc/openvpn/dh1024.pem"
server 10.20.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 9
client.conf:
client
dev tun
proto udp
remote 203.109.x.y 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "/home/roger/openvpn/ca.crt"
cert "/home/roger/openvpn/roger.crt"
key "/home/roger/openvpn/roger.key"
ns-cert-type server
comp-lzo
verb 9
from the server log:
Fri Nov 20 22:42:14 2009 us=778322 Current Parameter Settings:
Fri Nov 20 22:42:14 2009 us=783479 config = '/etc/openvpn/server.conf'
Fri Nov 20 22:42:14 2009 us=783532 mode = 1
Fri Nov 20 22:42:14 2009 us=783544 persist_config = DISABLED
Fri Nov 20 22:42:14 2009 us=783555 persist_mode = 1
Fri Nov 20 22:42:14 2009 us=783566 show_ciphers = DISABLED
Fri Nov 20 22:42:14 2009 us=783577 show_digests = DISABLED
Fri Nov 20 22:42:14 2009 us=783587 show_engines = DISABLED
Fri Nov 20 22:42:14 2009 us=783598 genkey = DISABLED
Fri Nov 20 22:42:14 2009 us=783608 key_pass_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=783619 show_tls_ciphers = DISABLED
Fri Nov 20 22:42:14 2009 us=783630 proto = 0
Fri Nov 20 22:42:14 2009 us=783641 local = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=783652 remote_list = NULL
Fri Nov 20 22:42:14 2009 us=783663 remote_random = DISABLED
Fri Nov 20 22:42:14 2009 us=783674 local_port = 1194
Fri Nov 20 22:42:14 2009 us=783684 remote_port = 1194
Fri Nov 20 22:42:14 2009 us=783694 remote_float = DISABLED
Fri Nov 20 22:42:14 2009 us=783705 ipchange = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=783716 bind_defined = DISABLED
Fri Nov 20 22:42:14 2009 us=783726 bind_local = ENABLED
Fri Nov 20 22:42:14 2009 us=783737 dev = 'tun'
Fri Nov 20 22:42:14 2009 us=783748 dev_type = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=783762 dev_node = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=783773 lladdr = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=783784 topology = 1
Fri Nov 20 22:42:14 2009 us=783795 tun_ipv6 = DISABLED
Fri Nov 20 22:42:14 2009 us=783805 ifconfig_local = '10.20.0.1'
Fri Nov 20 22:42:14 2009 us=783819 ifconfig_remote_netmask = '10.20.0.2'
Fri Nov 20 22:42:14 2009 us=783831 ifconfig_noexec = DISABLED
Fri Nov 20 22:42:14 2009 us=783842 ifconfig_nowarn = DISABLED
Fri Nov 20 22:42:14 2009 us=783853 shaper = 0
Fri Nov 20 22:42:14 2009 us=783864 tun_mtu = 1500
Fri Nov 20 22:42:14 2009 us=783874 tun_mtu_defined = ENABLED
Fri Nov 20 22:42:14 2009 us=783885 link_mtu = 1500
Fri Nov 20 22:42:14 2009 us=783895 link_mtu_defined = DISABLED
Fri Nov 20 22:42:14 2009 us=783906 tun_mtu_extra = 0
Fri Nov 20 22:42:14 2009 us=783917 tun_mtu_extra_defined = DISABLED
Fri Nov 20 22:42:14 2009 us=783927 fragment = 0
Fri Nov 20 22:42:14 2009 us=783938 mtu_discover_type = -1
Fri Nov 20 22:42:14 2009 us=783949 mtu_test = 0
Fri Nov 20 22:42:14 2009 us=783959 mlock = DISABLED
Fri Nov 20 22:42:14 2009 us=783970 keepalive_ping = 10
Fri Nov 20 22:42:14 2009 us=783981 keepalive_timeout = 120
Fri Nov 20 22:42:14 2009 us=783992 inactivity_timeout = 0
Fri Nov 20 22:42:14 2009 us=784002 ping_send_timeout = 10
Fri Nov 20 22:42:14 2009 us=784013 ping_rec_timeout = 240
Fri Nov 20 22:42:14 2009 us=784023 ping_rec_timeout_action = 2
Fri Nov 20 22:42:14 2009 us=784034 ping_timer_remote = DISABLED
Fri Nov 20 22:42:14 2009 us=784045 remap_sigusr1 = 0
Fri Nov 20 22:42:14 2009 us=784057 explicit_exit_notification = 0
Fri Nov 20 22:42:14 2009 us=784068 persist_tun = ENABLED
Fri Nov 20 22:42:14 2009 us=784078 persist_local_ip = DISABLED
Fri Nov 20 22:42:14 2009 us=784088 persist_remote_ip = DISABLED
Fri Nov 20 22:42:14 2009 us=784099 persist_key = ENABLED
Fri Nov 20 22:42:14 2009 us=784109 mssfix = 1450
Fri Nov 20 22:42:14 2009 us=784120 passtos = DISABLED
Fri Nov 20 22:42:14 2009 us=784131 resolve_retry_seconds = 1000000000
Fri Nov 20 22:42:14 2009 us=784141 connect_retry_seconds = 5
Fri Nov 20 22:42:14 2009 us=784152 connect_timeout = 10
Fri Nov 20 22:42:14 2009 us=784162 connect_retry_max = 0
Fri Nov 20 22:42:14 2009 us=784173 username = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784184 groupname = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784194 chroot_dir = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784204 cd_dir = '/etc/openvpn'
Fri Nov 20 22:42:14 2009 us=784215 writepid =
'/var/run/openvpn.server.pid'
Fri Nov 20 22:42:14 2009 us=784226 up_script = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784237 down_script = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784247 down_pre = DISABLED
Fri Nov 20 22:42:14 2009 us=784257 up_restart = DISABLED
Fri Nov 20 22:42:14 2009 us=784268 up_delay = DISABLED
Fri Nov 20 22:42:14 2009 us=784278 daemon = ENABLED
Fri Nov 20 22:42:14 2009 us=784300 inetd = 0
Fri Nov 20 22:42:14 2009 us=784311 log = ENABLED
Fri Nov 20 22:42:14 2009 us=784322 suppress_timestamps = DISABLED
Fri Nov 20 22:42:14 2009 us=784333 nice = 0
Fri Nov 20 22:42:14 2009 us=784343 verbosity = 9
Fri Nov 20 22:42:14 2009 us=784354 mute = 0
Fri Nov 20 22:42:14 2009 us=784365 gremlin = 0
Fri Nov 20 22:42:14 2009 us=784375 status_file = 'openvpn-status.log'
Fri Nov 20 22:42:14 2009 us=784386 status_file_version = 1
Fri Nov 20 22:42:14 2009 us=784396 status_file_update_freq = 60
Fri Nov 20 22:42:14 2009 us=784406 occ = ENABLED
Fri Nov 20 22:42:14 2009 us=784417 rcvbuf = 65536
Fri Nov 20 22:42:14 2009 us=784427 sndbuf = 65536
Fri Nov 20 22:42:14 2009 us=784438 sockflags = 0
Fri Nov 20 22:42:14 2009 us=784450 socks_proxy_server = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784461 socks_proxy_port = 0
Fri Nov 20 22:42:14 2009 us=784472 socks_proxy_retry = DISABLED
Fri Nov 20 22:42:14 2009 us=784482 fast_io = DISABLED
Fri Nov 20 22:42:14 2009 us=784493 lzo = 7
Fri Nov 20 22:42:14 2009 us=784503 route_script = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784514 route_default_gateway = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784524 route_default_metric = 0
Fri Nov 20 22:42:14 2009 us=784535 route_noexec = DISABLED
Fri Nov 20 22:42:14 2009 us=784545 route_delay = 0
Fri Nov 20 22:42:14 2009 us=784556 route_delay_window = 30
Fri Nov 20 22:42:14 2009 us=784567 route_delay_defined = DISABLED
Fri Nov 20 22:42:14 2009 us=784577 route_nopull = DISABLED
Fri Nov 20 22:42:14 2009 us=784590 route 10.20.0.0/255.255.255.0/nil/nil
Fri Nov 20 22:42:14 2009 us=784602 management_addr = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784613 management_port = 0
Fri Nov 20 22:42:14 2009 us=784624 management_user_pass = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784635 management_log_history_cache = 250
Fri Nov 20 22:42:14 2009 us=784645 management_echo_buffer_size = 100
Fri Nov 20 22:42:14 2009 us=784656 management_query_passwords = DISABLED
Fri Nov 20 22:42:14 2009 us=784666 management_hold = DISABLED
Fri Nov 20 22:42:14 2009 us=784677 management_client = DISABLED
Fri Nov 20 22:42:14 2009 us=784687 management_signal = DISABLED
Fri Nov 20 22:42:14 2009 us=784698 management_forget_disconnect = DISABLED
Fri Nov 20 22:42:14 2009 us=784709 management_write_peer_info_file =
'[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784719 shared_secret_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784730 key_direction = 0
Fri Nov 20 22:42:14 2009 us=784740 ciphername_defined = ENABLED
Fri Nov 20 22:42:14 2009 us=784751 ciphername = 'BF-CBC'
Fri Nov 20 22:42:14 2009 us=784762 authname_defined = ENABLED
Fri Nov 20 22:42:14 2009 us=784772 authname = 'SHA1'
Fri Nov 20 22:42:14 2009 us=784783 keysize = 0
Fri Nov 20 22:42:14 2009 us=784794 engine = DISABLED
Fri Nov 20 22:42:14 2009 us=784804 replay = ENABLED
Fri Nov 20 22:42:14 2009 us=784815 mute_replay_warnings = DISABLED
Fri Nov 20 22:42:14 2009 us=784826 replay_window = 64
Fri Nov 20 22:42:14 2009 us=784836 replay_time = 15
Fri Nov 20 22:42:14 2009 us=784847 packet_id_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784858 use_iv = ENABLED
Fri Nov 20 22:42:14 2009 us=784869 test_crypto = DISABLED
Fri Nov 20 22:42:14 2009 us=784879 tls_server = ENABLED
Fri Nov 20 22:42:14 2009 us=784889 tls_client = DISABLED
Fri Nov 20 22:42:14 2009 us=784900 key_method = 2
Fri Nov 20 22:42:14 2009 us=784911 ca_file = '/etc/openvpn/ca.crt'
Fri Nov 20 22:42:14 2009 us=784921 ca_path = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784932 dh_file = '/etc/openvpn/dh1024.pem'
Fri Nov 20 22:42:14 2009 us=784943 cert_file = '/etc/openvpn/jupiter.crt'
Fri Nov 20 22:42:14 2009 us=784954 priv_key_file =
'/etc/openvpn/jupiter.key'
Fri Nov 20 22:42:14 2009 us=784965 pkcs12_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784975 cipher_list = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784986 tls_verify = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=784996 tls_remote = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785006 crl_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785028 ns_cert_type = 0
Fri Nov 20 22:42:14 2009 us=785040 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785050 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785060 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785070 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785081 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785091 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785101 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785111 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785122 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785132 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785142 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785152 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785163 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785173 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785183 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785193 remote_cert_ku[i] = 0
Fri Nov 20 22:42:14 2009 us=785204 remote_cert_eku = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785215 tls_timeout = 2
Fri Nov 20 22:42:14 2009 us=785225 renegotiate_bytes = 0
Fri Nov 20 22:42:14 2009 us=785236 renegotiate_packets = 0
Fri Nov 20 22:42:14 2009 us=785246 renegotiate_seconds = 3600
Fri Nov 20 22:42:14 2009 us=785256 handshake_window = 60
Fri Nov 20 22:42:14 2009 us=785267 transition_window = 3600
Fri Nov 20 22:42:14 2009 us=785278 single_session = DISABLED
Fri Nov 20 22:42:14 2009 us=785288 tls_exit = DISABLED
Fri Nov 20 22:42:14 2009 us=785299 tls_auth_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785311 server_network = 10.20.0.0
Fri Nov 20 22:42:14 2009 us=785323 server_netmask = 255.255.255.0
Fri Nov 20 22:42:14 2009 us=785335 server_bridge_ip = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785346 server_bridge_netmask = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785358 server_bridge_pool_start = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785369 server_bridge_pool_end = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785380 push_list = 'route
10.20.0.1,topology net30,ping 10,ping-restart 120'
Fri Nov 20 22:42:14 2009 us=785391 ifconfig_pool_defined = ENABLED
Fri Nov 20 22:42:14 2009 us=785403 ifconfig_pool_start = 10.20.0.4
Fri Nov 20 22:42:14 2009 us=785414 ifconfig_pool_end = 10.20.0.251
Fri Nov 20 22:42:14 2009 us=785429 ifconfig_pool_netmask = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785440 ifconfig_pool_persist_filename =
'ipp.txt'
Fri Nov 20 22:42:14 2009 us=785451 ifconfig_pool_persist_refresh_freq
= 600
Fri Nov 20 22:42:14 2009 us=785462 n_bcast_buf = 256
Fri Nov 20 22:42:14 2009 us=785472 tcp_queue_limit = 64
Fri Nov 20 22:42:14 2009 us=785483 real_hash_size = 256
Fri Nov 20 22:42:14 2009 us=785494 virtual_hash_size = 256
Fri Nov 20 22:42:14 2009 us=785505 client_connect_script = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785516 learn_address_script = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785527 client_disconnect_script = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785537 client_config_dir = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785548 ccd_exclusive = DISABLED
Fri Nov 20 22:42:14 2009 us=785559 tmp_dir = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785569 push_ifconfig_defined = DISABLED
Fri Nov 20 22:42:14 2009 us=785581 push_ifconfig_local = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785592 push_ifconfig_remote_netmask = 0.0.0.0
Fri Nov 20 22:42:14 2009 us=785603 enable_c2c = DISABLED
Fri Nov 20 22:42:14 2009 us=785614 duplicate_cn = DISABLED
Fri Nov 20 22:42:14 2009 us=785624 cf_max = 0
Fri Nov 20 22:42:14 2009 us=785635 cf_per = 0
Fri Nov 20 22:42:14 2009 us=785645 max_clients = 1024
Fri Nov 20 22:42:14 2009 us=785656 max_routes_per_client = 256
Fri Nov 20 22:42:14 2009 us=785667 client_cert_not_required = DISABLED
Fri Nov 20 22:42:14 2009 us=785677 username_as_common_name = DISABLED
Fri Nov 20 22:42:14 2009 us=785688 auth_user_pass_verify_script =
'[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785699
auth_user_pass_verify_script_via_file = DISABLED
Fri Nov 20 22:42:14 2009 us=785720 port_share_host = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785731 port_share_port = 0
Fri Nov 20 22:42:14 2009 us=785742 client = DISABLED
Fri Nov 20 22:42:14 2009 us=785753 pull = DISABLED
Fri Nov 20 22:42:14 2009 us=785763 auth_user_pass_file = '[UNDEF]'
Fri Nov 20 22:42:14 2009 us=785777 OpenVPN 2.1_rc7 x86_64-pc-linux-gnu
[SSL] [LZO2] [EPOLL] built on May 8 2009
Fri Nov 20 22:42:14 2009 us=807960 Diffie-Hellman initialized with 1024
bit key
Fri Nov 20 22:42:14 2009 us=816355 /usr/bin/openssl-vulnkey -q -b 1024
-m <modulus omitted>
Fri Nov 20 22:42:14 2009 us=816391 SYSTEM[2] '/usr/bin/openssl-vulnkey
-q -b 1024 -m C64FA9777891873AE183427ECE4F27B (deleted the rest)
Fri Nov 20 22:42:15 2009 us=77356 SYSTEM return=0
Fri Nov 20 22:42:15 2009 us=77483 MTU DYNAMIC mtu=0, flags=1, 0 -> 138
Fri Nov 20 22:42:15 2009 us=77499 TLS-Auth MTU parms [ L:1542 D:138
EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 20 22:42:15 2009 us=77510 MTU DYNAMIC mtu=1450, flags=2, 1542 ->
1450
Fri Nov 20 22:42:15 2009 us=77635 GDG: route[1]
10.2.1.0/255.255.255.0/0.0.0.0 m=0
Fri Nov 20 22:42:15 2009 us=77653 GDG: route[2]
169.254.0.0/255.255.0.0/0.0.0.0 m=1000
Fri Nov 20 22:42:15 2009 us=77668 GDG: route[3] 0.0.0.0/0.0.0.0/10.2.1.1
m=100
Fri Nov 20 22:42:15 2009 us=77694 GDG: best=10.2.1.1[3] lm=100
Fri Nov 20 22:42:15 2009 us=77709 ROUTE DEBUG: default_gateway=10.2.1.1
Fri Nov 20 22:42:15 2009 us=78171 TUN/TAP device tun0 opened
Fri Nov 20 22:42:15 2009 us=78198 TUN/TAP TX queue length set to 100
Fri Nov 20 22:42:15 2009 us=78229 ifconfig tun0 10.20.0.1 pointopoint
10.20.0.2 mtu 1500
Fri Nov 20 22:42:15 2009 us=78241 SYSTEM[2] 'ifconfig tun0 10.20.0.1
pointopoint 10.20.0.2 mtu 1500'
Fri Nov 20 22:42:15 2009 us=103160 SYSTEM return=0
Fri Nov 20 22:42:15 2009 us=103248 route add -net 10.20.0.0 netmask
255.255.255.0 gw 10.20.0.2
Fri Nov 20 22:42:15 2009 us=103260 SYSTEM[0] 'route add -net 10.20.0.0
netmask 255.255.255.0 gw 10.20.0.2'
Fri Nov 20 22:42:15 2009 us=105783 SYSTEM return=0
Fri Nov 20 22:42:15 2009 us=105820 Data Channel MTU parms [ L:1542
D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Nov 20 22:42:15 2009 us=106159 Socket Buffers: R=[124928->131072]
S=[124928->131072]
Fri Nov 20 22:42:15 2009 us=106219 UDPv4 link local (bound): [undef]:1194
Fri Nov 20 22:42:15 2009 us=106235 UDPv4 link remote: [undef]
Fri Nov 20 22:42:15 2009 us=106252 MULTI: multi_init called, r=256 v=256
Fri Nov 20 22:42:15 2009 us=106349 IFCONFIG POOL: base=10.20.0.4 size=62
Fri Nov 20 22:42:15 2009 us=106390 IFCONFIG POOL LIST
Fri Nov 20 22:42:15 2009 us=106414 PO_INIT maxevents=4 flags=0x00000002
Fri Nov 20 22:42:15 2009 us=106433 Initialization Sequence Completed
Fri Nov 20 22:42:15 2009 us=106443 SCHEDULE: schedule_find_least NULL
Fri Nov 20 22:42:15 2009 us=106457 PO_CTL rwflags=0x0001 ev=5 arg=0x0044e0d8
Fri Nov 20 22:42:15 2009 us=106472 PO_CTL rwflags=0x0001 ev=6 arg=0x0044e0d4
Fri Nov 20 22:42:15 2009 us=106490 I/O WAIT TR|Tw|SR|Sw [10/0]
Fri Nov 20 22:42:25 2009 us=104856 event_wait returned 0
Fri Nov 20 22:42:25 2009 us=104911 I/O WAIT status=0x0020
Fri Nov 20 22:42:25 2009 us=104929 MULTI: REAP range 0 -> 16
Fri Nov 20 22:42:25 2009 us=105036 SCHEDULE: schedule_find_least NULL
(and a repeat of the last 6 lines for ever....)
