OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

DethB4DCaf
Posts: 14
Joined: Fri Dec 11, 2009 8:15 pm
Location: Somewhere between Denver and Boulder in beautiful Colorado, USA

OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby DethB4DCaf » Wed May 29, 2019 6:28 pm

Greetings --

My name is DethB4DCaf & I am having a VPN experience that I am hoping someone can help me with.

First: long, long time *nix user with next to no VPN experience so I'm probably missing something obvious (-;

I recently was upgrading my Amahi server when I noticed that the OpenVPN application was not supported for Fedora 29.

I promptly downgraded my server to Fedora 27/Amahi 11 -- with NO updates or other patches applied as of yet -- & simply reinstalled it from the HDA's application tab ...AND... the OpenVPN tester still says my VPN is still offline, despite the fact that I have opened port 1194 for UDP traffic on my firewall & forwarded the traffic to my HDA, a look at the /var/log/amahi-app=installer.log shows OpenVPN has been installed, [then uninstalled, reinstalled... ] & the openVPN binaries ARE running on the HDA, utilizing the Amahi configuration file. }-8

In an attempt to gather more data, I attempted to create a VPN connection utilizing my HDA & one of the boxen on the same network using the code from the Amahi VPNLinux Wiki page.
I am seeing the following messages after I am prompted for my [Amahi] credentials:

Wed May 29 17:51:20 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Wed May 29 17:51:20 2019 library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.10
Wed May 29 17:51:20 2019 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed May 29 17:51:20 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.212.63.166:1194
Wed May 29 17:51:20 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed May 29 17:51:20 2019 UDP link local: (not bound)
Wed May 29 17:51:20 2019 UDP link remote: [AF_INET]209.212.63.166:1194
Wed May 29 17:52:20 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 29 17:52:20 2019 TLS Error: TLS handshake failed

Wed May 29 17:52:20 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed May 29 17:52:20 2019 Restart pause, 5 second(s)


Where would I look for a reason that the Amahi OpenVPN tester would think that my VPN is still inactive? ESPECIALLY given that the openvpn binaries have been installed & ARE running on my HDA when I'm executing the test?


I already uploaded a sysinfo file: https://paste.fedoraproject.org/paste/CE4oR~oD4dG5nRKQ-F7b0g [I think the 2nd-to-last character is a zero...

I notice that, at least on MY control panel (-:, the OpenVPN application doesn't have an 'List in Dashboard' option -- how does one know that the OpenVPN application has been installed [successfully]?


I do indeed appreciate all of your help, & ADVthanksANCE! DethB4DCaf
--
DethB4DCaf: My current Amahi server is a possessed little Intel NUC featuring an Intel Core i3-6100U Processor / 4GB RAM / 2 TB remote storage (-:

DethB4DCaf
Posts: 14
Joined: Fri Dec 11, 2009 8:15 pm
Location: Somewhere between Denver and Boulder in beautiful Colorado, USA

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby DethB4DCaf » Wed May 29, 2019 6:40 pm

I hate replying to my own issue, but...

1) This week is the first time I have attempted to get the Amahi OpenVPN app to work. In fact, two weeks ago I had almost no OpenVPN knowledge or experience to speak of, but my Amahi boxen & a current project are certainly changing that quickly (-;

2) My current Amahi server is a NUC featuring 4GB of RAM & a 4-year old Intel chip that's good for approximately 3600 BogoMIPs, so I'm hoping it's not a resource issue.
--
DethB4DCaf: My current Amahi server is a possessed little Intel NUC featuring an Intel Core i3-6100U Processor / 4GB RAM / 2 TB remote storage (-:

User avatar
bigfoot65
Project Manager
Posts: 11397
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby bigfoot65 » Wed May 29, 2019 7:53 pm

I recently was upgrading my Amahi server when I noticed that the OpenVPN application was not supported for Fedora 29.
Fedora 29 is not supported currently by Amahi.

If you upgraded to Fedora 29 and did not do a new install for the downgrade, you have likely messed up your system.

The only real downgrade to Fedora 27 is a new install.

Not sure why you upgraded, but it's important to only utilize the latest supported version of Amahi as noted on http://docs.amahi.org.
ßîgƒσστ65
Applications Manager

DethB4DCaf
Posts: 14
Joined: Fri Dec 11, 2009 8:15 pm
Location: Somewhere between Denver and Boulder in beautiful Colorado, USA

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby DethB4DCaf » Thu May 30, 2019 7:22 am

I know that Fedora 29 is not supported -- that's literally why I downgraded to Fedora 27 -- with a completely clean install.

Not that it's relevant, but I was replacing an older system & the current Fedora "default" download at the time was 29.

When I noticed that Fedora 29 is not supported, I hunted down the Fedora 27 image for my install -- & like I said, I still have not run a "yum update" or applied any other patches to the machine because I'm not sure if any of the updates will break the install for OpenVPN, that is, I don't want to patch myself out of a viable system.


If I can figure out why the OpenVPN tester claims my connection is INACTIVE when I test my VPN from the control panel, then I can move forward.


Once I FINALLY figure out why OpenVPN is not working on my Fedora 27/Amahi 11 install, I can run a "yum update" command & if my VPN is borken as a result, I'll know NOT to apply the updates when I rebuild the system, but I cannot even determine if the updates are going to break my Fedora 27 install until I get the OpenVPN tester to work.
--
DethB4DCaf: My current Amahi server is a possessed little Intel NUC featuring an Intel Core i3-6100U Processor / 4GB RAM / 2 TB remote storage (-:

User avatar
bigfoot65
Project Manager
Posts: 11397
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby bigfoot65 » Thu May 30, 2019 2:22 pm

Ok good you did a clean install.

Running in terminal:

Code: Select all

sudo dnf update
Will not break the system.

The VPN tester on Amahi.org is not a reliable test of the app working.

You need to test it from outside you network with another device.

Also ensure you have forwarded the appropriate portion you router.
ßîgƒσστ65
Applications Manager

DethB4DCaf
Posts: 14
Joined: Fri Dec 11, 2009 8:15 pm
Location: Somewhere between Denver and Boulder in beautiful Colorado, USA

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby DethB4DCaf » Thu May 30, 2019 5:18 pm

Greetin's once again....

So I've still got a question, maybe three (-: ...

I'm still learning the OpenVPN curve, so please bear with me (-:

From my original email ---
I notice that, at least on MY control panel (-:, the OpenVPN application doesn't have an 'List in Dashboard' option -- how does one know that the OpenVPN application has been installed [successfully]?
....Debugging client config files & the like isn't that painful since I have access to all of the boxen in question, but I'm having trouble visualizing the final product, if that makes sense.

*Assuming* that my current experiences are not bugs in my environment but instead a feature of the OpenVPN tester (-: I have a customized test boxen [a Linux laptop] that I am going to send outside of my home network. As soon as it boots, it will start the openvpn service & attach as a client to my Amahi server's OpenVPN service &... &... Ummmm...... then what? How will I know that Amahi's OpenVPN service is working correctly? (-;

My fear is that whichever boxen I'm working with won't be the problem child so I'm just looking for ways to eliminate pieces-n-parts when the inevitable goes wrong, maybe glean some ideas as to what parts of the OpenVPN documentation I should be reading...

Thanks again for the insight & the time --- DethB4DCaf
--
DethB4DCaf: My current Amahi server is a possessed little Intel NUC featuring an Intel Core i3-6100U Processor / 4GB RAM / 2 TB remote storage (-:

User avatar
bigfoot65
Project Manager
Posts: 11397
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby bigfoot65 » Thu May 30, 2019 5:34 pm

No worries.

The point of openvpn App is to remotely access your HDA.

So if it’s working correctly, you should be able to access the dashboard and shares.

That includes apps installed on your HDA. There is guidance in the Amahi wikifor setting up client access.

Does that make sense?
ßîgƒσστ65
Applications Manager

User avatar
bigfoot65
Project Manager
Posts: 11397
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby bigfoot65 » Thu May 30, 2019 5:35 pm

No worries.

The point of openvpn App is to remotely access your HDA.

So if it’s working correctly, you should be able to access the dashboard and shares.

That includes apps installed on your HDA. There is guidance in the Amahi wiki for setting up client access.

Does that make sense?
ßîgƒσστ65
Applications Manager

DethB4DCaf
Posts: 14
Joined: Fri Dec 11, 2009 8:15 pm
Location: Somewhere between Denver and Boulder in beautiful Colorado, USA

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby DethB4DCaf » Fri May 31, 2019 8:09 am

The point of openvpn App is to remotely access your HDA.
I got that part (-:

So if it’s working correctly, you should be able to access the dashboard and shares.
Okay, that makes sense -- I think. Or more specifically, the shares part I get --it's pretty straightforward -- I'm just still trying to visualize accessing the dashboard part (-; but that's because of my setup more than anything.

That includes apps installed on your HDA.

This is where it's gonna get tricky, but that's more a part of the configuration component on my end.

Without boring you with the specifics, I'm stuck at a bit of a crossroads since I can't migrate ALL of my devices to my HDA -- my wireless devices have their own router as part of Uncle Sam's "Cable Across America" program -- this is why I hadn't invested time in learning more about the OpenVPN application until I was asked a really technical "hypothetical" (-: question that somewhat hinges around the use of an OpenVPN component. Now I think I have everything configured such that my HDA is going to serve three hardwired boxen when I flip the bits on my router; now I'm just still trying to understand what I can & cannot accomplish over an OpenVPN connection [both for my Amahi boxen & for my "hypothetical" question].

There is guidance in the Amahi wiki for setting up client access.
And I found one or two notes that cleared some of the fog before I posted my first question. In fact, the VPNLinux & the VPN Bridging pages were probably the two most helpful pages in terms of understanding why I have apparently been poking an angry bear with a really short stick (-;


Thanks again for the insights -- I just wish the OpenVPN tester was a bit more reliable because when it's NOT working I can't shake this feeling that I have one setting.... somewhere... wrong. Somehow I grabbed the wrong key or missed a file or a setting or...


........Deth..........
--
DethB4DCaf: My current Amahi server is a possessed little Intel NUC featuring an Intel Core i3-6100U Processor / 4GB RAM / 2 TB remote storage (-:

User avatar
bigfoot65
Project Manager
Posts: 11397
Joined: Mon May 25, 2009 4:31 pm

Re: OpenVPN problems highlighted by "TLS Error: TLS key negotiation failed to occur within 60 seconds"

Postby bigfoot65 » Fri May 31, 2019 3:23 pm

Don’t worry much about the tester. Not worth losing sleep over.

BTW it has nothing to do with your clients being properly setup. It’s supposed to test connection with your HDA. However sometimes it just doesn’t work as designed.
ßîgƒσστ65
Applications Manager

Who is online

Users browsing this forum: No registered users and 1 guest