TLS Handshake error

[pjcrux]

Never had this Happen can someone tell me what a TLS key negotiation and handshake error are?

Mon Apr 27 08:17:19 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Apr 27 08:17:19 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Apr 27 08:17:19 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 27 08:17:20 2009 LZO compression initialized
Mon Apr 27 08:17:20 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Apr 27 08:17:20 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 27 08:17:20 2009 Local Options hash (VER=V4): '41690919'
Mon Apr 27 08:17:20 2009 Expected Remote Options hash (VER=V4): '530fdded'
Mon Apr 27 08:17:20 2009 UDPv4 link local: [undef]
Mon Apr 27 08:17:20 2009 UDPv4 link remote: 67.10.255.53:1194
Mon Apr 27 08:18:20 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 27 08:18:20 2009 TLS Error: TLS handshake failed
Mon Apr 27 08:18:20 2009 TCP/UDP: Closing socket
Mon Apr 27 08:18:20 2009 SIGUSR1[soft,tls-error] received, process restarting
Mon Apr 27 08:18:20 2009 Restart pause, 2 second(s)
Mon Apr 27 08:18:22 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Apr 27 08:18:22 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 27 08:18:22 2009 Re-using SSL/TLS context
Mon Apr 27 08:18:22 2009 LZO compression initialized
Mon Apr 27 08:18:22 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Apr 27 08:18:22 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 27 08:18:22 2009 Local Options hash (VER=V4): '41690919'
Mon Apr 27 08:18:22 2009 Expected Remote Options hash (VER=V4): '530fdded'
Mon Apr 27 08:18:22 2009 UDPv4 link local: [undef]
Mon Apr 27 08:18:22 2009 UDPv4 link remote: 67.10.255.53:1194
Mon Apr 27 08:19:22 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 27 08:19:22 2009 TLS Error: TLS handshake failed
Mon Apr 27 08:19:22 2009 TCP/UDP: Closing socket
Mon Apr 27 08:19:22 2009 SIGUSR1[soft,tls-error] received, process restarting
Mon Apr 27 08:19:22 2009 Restart pause, 2 second(s)
Mon Apr 27 08:19:24 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Apr 27 08:19:24 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Apr 27 08:19:24 2009 Re-using SSL/TLS context

[gmw]

I assume that you are not using a Windows client with the HDAconnect VPN client.

Refer to this page for links to setting up the VPN client.
http://wiki.amahi.org/index.php/VPN

I think the WARNING message indicates where your problem is - but need more info to be sure

[cpg]

TLS key negotiation failed to occur within 60 seconds

the vpn cannot seem to connect to your home server.

we experienced some issues with dyndns yesterday, which theoretically could be making the dyndns name of your server not resolve and time out.

more likely, your home server is not vpn-reachable for some other reasons, like networking issues, or if you changed any of your network settings?

in the mean time you can try again ...

[ptruax]

I have the same exact error. I have my ports forwarded properly and I am using the Windows HDA Client. Output is exactly the same.

Code: Select all

Tue Aug 11 08:51:28 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Tue Aug 11 08:51:29 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Aug 11 08:51:29 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 11 08:51:29 2009 LZO compression initialized Tue Aug 11 08:51:29 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Aug 11 08:51:29 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 11 08:51:29 2009 Local Options hash (VER=V4): '41690919' Tue Aug 11 08:51:29 2009 Expected Remote Options hash (VER=V4): '530fdded' Tue Aug 11 08:51:29 2009 UDPv4 link local: [undef] Tue Aug 11 08:51:29 2009 UDPv4 link remote: 66.65.241.46:1194 Tue Aug 11 08:52:27 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Aug 11 08:52:27 2009 TLS Error: TLS handshake failed Tue Aug 11 08:52:27 2009 TCP/UDP: Closing socket Tue Aug 11 08:52:27 2009 SIGUSR1[soft,tls-error] received, process restarting Tue Aug 11 08:52:27 2009 Restart pause, 2 second(s) Tue Aug 11 08:52:29 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Aug 11 08:52:29 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 11 08:52:29 2009 Re-using SSL/TLS context Tue Aug 11 08:52:29 2009 LZO compression initialized Tue Aug 11 08:52:29 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Aug 11 08:52:29 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 11 08:52:29 2009 Local Options hash (VER=V4): '41690919' Tue Aug 11 08:52:29 2009 Expected Remote Options hash (VER=V4): '530fdded' Tue Aug 11 08:52:29 2009 UDPv4 link local: [undef] Tue Aug 11 08:52:29 2009 UDPv4 link remote: 66.65.241.46:1194 Tue Aug 11 08:53:28 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue Aug 11 08:53:28 2009 TLS Error: TLS handshake failed Tue Aug 11 08:53:28 2009 TCP/UDP: Closing socket Tue Aug 11 08:53:28 2009 SIGUSR1[soft,tls-error] received, process restarting Tue Aug 11 08:53:28 2009 Restart pause, 2 second(s) Tue Aug 11 08:53:30 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Tue Aug 11 08:53:30 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Tue Aug 11 08:53:30 2009 Re-using SSL/TLS context Tue Aug 11 08:53:30 2009 LZO compression initialized Tue Aug 11 08:53:30 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Aug 11 08:53:30 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Tue Aug 11 08:53:30 2009 Local Options hash (VER=V4): '41690919' Tue Aug 11 08:53:30 2009 Expected Remote Options hash (VER=V4): '530fdded' Tue Aug 11 08:53:30 2009 UDPv4 link local: [undef] Tue Aug 11 08:53:30 2009 UDPv4 link remote: 66.65.241.46:1194

A router firewall shouldn't disallow this if I am going through the forwarded port right? What other issues could there be? I ran a ping from this computer and can ping anywhere but my HDA. Is it possible that maybe my ISP is blocking me? Or is it more likely a configuration error?

[cpg]

I have the same exact error. I have my ports forwarded properly and I am using the Windows HDA Client. Output is exactly the same.

Code: Select all

... Tue Aug 11 08:53:28 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) ...

A router firewall shouldn't disallow this if I am going through the forwarded port right? What other issues could there be? I ran a ping from this computer and can ping anywhere but my HDA. Is it possible that maybe my ISP is blocking me? Or is it more likely a configuration error?

what is "this computer"?

if it's on your own network and you cannot ping your HDA, it's a problem.

we can help test run your vpn from a working client configuration in the IRC channel.

it does look like either the hda has the vpn server not running (rare), or the port forwarding has a problem.

some people do not realize it's UDP they have to forward. make sure it's that. and it
port 1194 to 1194 in the HDA's ip address.

[carol]

Hi Guys

I figured out the problem. Connect your system to your modem and

1) Select "None" under the FireWall settings

2) Enable Remote Access option under Admin section

You can even set a custom Firewall setting to allow the inbound connections .

This worked for me.
Hope this helps you

Cheers
Carol

[cpg]

whoa carol. you are putting your system out to the whole wide world to access with no firewall???