OpenVPN TLS handshake fails, no log messages

user8472

4/14/24, 7:36 AM

I have set up an OpenVPN server (version 2.5.9) on CentOS (Stream 9) and several clients. Unfortunately, clients always log this error message:

2023-04-14 09:24:21 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-04-14 09:24:21 TLS Error: TLS handshake failed

On the server I have set the logging verbosity to 9 and verified with tcpdump that UDP packets for negotiation are properly received by the clients. I have verified, that the SE Linux status on the server is set to permissive. However, the problem persists and there is no useful error message in the server logs.

How can I identify the source of the error?

Update: The tcpdump on the server indeed shows that packets are NOT sent from the server, only received by the server. However, I don't know why that is the case. SELinux mode is set to "permissive", and iptables -L does not show any blocking rules. traceroute (which, according to my understanding uses UDP packets) works fine from the clients.

Update 2: Ok, I figured it out. The firewall-cmd did not have the service enabled. Everything works fine after adding that one!

215

0 + 2

openvpn

centos

user1686

4/14/24, 2:39 PM

Did you verify both that packets sent by server are received by tcpdump on client, and that packets sent by client are shown in tcpdump on server? Do the clients have any firewall rules (iptables or nftables) that would drop the packets before the usual "established accept"?

user8472

4/14/24, 4:10 PM

@user1686 Good catch! I have, in fact, only verified one way (client -> server). I'll check the other direction and then report back.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: OpenVPN TLS handshake fails, no log messages

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.