TLS Handshake fail

iue770
Posts: 1
Joined: Wed Aug 10, 2022 5:11 pm

TLS Handshake fail

Postby iue770 » Mon Aug 15, 2022 3:31 pm

Hello all,
I am not new to computers but am new to networking and definitely Amahi and Fedora. It took 3 tries to get up and running and I am able to access the HDA locally and remotely with the mylink.yourhda.com.

I installed Fedora 27 with Amahi 11. As stated everything locally and somewhat remotely are working fine until I decided to try and get OpenVPN with HDA connect 3 up and running so I may access my shares remotely.

Anyway, after running through the WIKI many times, uninstalling and reinstalling I was about to give up. I am working from a Win10 Dell Laptop. I can not for the life of me get the "A" to turn green! Like I said I was about to give up. But I decided to copy the entire HDA Connect config files to a thumb drive. I took those and the .exe and installed them on my Desktop which currently is running Win11.

I hit the Connect and it connected the first try. I can open my file explorer on it and \\hda straight to my shares as it should work. So, I took another Laptop again with Win10 and installed HDA connect 3, copied the config files over but it produces the exact same handshake error I get with my laptop. We also have an HP Laptop I installed on and it won't connect either. Yes it also has Win10 loaded.

I went back to the WIKI and followed the advise with creating the ta.key, making the appropriate changes. One thing I noticed during that process is when it asked me to restart the vpn service, it told me I didn't have one running. Well if that is the case then how does my Win11 desktop connect??? It isn't making any sense. Also, after re configuring the server config the desk top with the original config files still connects. But my laptops still will not. Either with the new config post wiki or prior config prior to running through it.

Can anyone tell my why my desktop is connecting but none of my laptops are? I really do not want to upgrade all the laptops to Win11, and I am not even sure that is the smoking gun. The only thing I haven't tried is changing from UDP to TCP? Should I even consider trying that? From what I've read TCP isn't as secure?

Bottom line I really need all these Win10 Laptops to be able to connect via VPN. Suggestions and help pointing me in the right direction would greatly be appreciate.

Thanks,
IUE770

chayes874
Posts: 25
Joined: Tue Jan 03, 2017 9:14 pm

Re: TLS Handshake fail

Postby chayes874 » Tue Aug 16, 2022 8:58 pm

This might not be helpful, but I want to make sure of something. If you are using the standard certificates supplied on the wiki, then you can only connect a single client at a time. If your original Windows 11 client is still connected, you won't be able to connect from your other laptops.

https://wiki.amahi.org/index.php/OpenVP ... rtificates
The default OpenVPN install for Amahi will work with the certificates provided on the wiki, however there are a couple of reasons you may not want to use these. One, you can only have one client connected to the VPN at a time with these certificates and two, security best practices would advise against allowing the same certificate for all devices. Follow the instructions below to reconfigure your OpenVPN instance for use with multiple certificates. Keep in mind that when new certificates are made for your Amahi server the default profile created by the OpenVPN app will no longer work. This process will give you the files and profiles that you need in the future.

In order to get multiple clients to connect, you'll need to generate custom certificates and use separate client keys for each client. I've done this in the past, but that project ended 3 or 4 years ago. This topic might help - viewtopic.php?f=3&t=6844

If you just have one laptop connecting at a time and use the standard certificates provided on the wiki, I don't think you'll have a problem. I currently have it working with a Windows 10 laptop and my iPhone using this method, but I use OpenVPN Connect, not HDA Connect 3.

You can probably use some of the log analysis in the forum topic I link to above to help you troubleshoot.

Who is online

Users browsing this forum: Google [Bot] and 1 guest