I am trying to establish a tunnel with a remote server using openVPN, at the beginning everything went just fine, while a few days later the establishing process often failed (now it has a 100 percent failed rate). The log of the establishment said that:
2023-03-13 11:02:12 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-03-13 11:02:12 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-03-13 11:02:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-03-13 11:02:13 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
2023-03-13 11:02:13 UDPv4 link local: (not bound)
2023-03-13 11:02:13 UDPv4 link remote: [AF_INET]*.*.*.*:1194
2023-03-13 11:03:13 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-03-13 11:03:13 TLS Error: TLS handshake failed
Firstly my client is behind a NAT. To avoid the effect of NAT I used a machine that has public IP to be the client, but the issus remains.
Edited:
Below are the client configs:
# This file is automatically generated, do NOT edit it manually
client
pull # accept configs pushed from server
explicit-exit-notify # notify server on exit
daemon mux01
nobind
proto udp4
remote *.*.*.* #server address
dev tap16
cipher AES-256-CBC
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
ca certs/ca.crt
cert certs/client.crt
key certs/client.key
setenv daemon_name mux01
script-security 2
up scripts/openvpn/up.sh
down scripts/openvpn/down.sh
management var/mux01.sock unix
log var/mux01.log
writepid var/mux01.pid
# security
remote-cert-tls server
tls-client
tls-exit # prevent zombie clients
I don't have the remote server's configs. The server has been provided openVPN access for a long time, so I think it is my misconfiguration that caused the failure.
Anyone can give me some advice? Thank you.
