[Openvpn-users] How to solve the TLS key negotiation failed error?

[Peter Davis via Openvpn-users]

Hello,
I installed the OpenVPN on Debian 12 and configured it as below:

port 1194
proto udp
dev tun0
server 10.11.0.0 255.255.255.0
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
topology subnet
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/MyServer.crt
key /etc/openvpn/server/MyServer.key
dh /etc/openvpn/server/dh.pem
data-ciphers AES-256-CBC
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3explicit-exit-notify 1

OpenVPN firewall rules are:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -i enX1 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.11.0.0/16 -o enX1 -j ACCEPT

Client configuration is:

client
dev tun1
proto udp
remote 192.168.1.2 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\MyClient.crt"
key "C:\\Program Files\\OpenVPN\\config\\MyClient.key"
remote-cert-tls server
tls-crypt "C:\\Program Files\\OpenVPN\\config\\ta.key" 1
data-ciphers AES-256-CBC
cipher AES-256-CBCverb 3

When I tried to connect to the OpenVPN server, then it showed me:

Mon Oct 23 15:00:45 2023 TLS Error: TLS key negotiation failed to occur within 
60 seconds (check your network connectivity)
Mon Oct 23 15:00:45 2023 TLS Error: TLS handshake failed

I read 
https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/,
 but everything seems OK.

How to solve it?

Thank you.

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users