[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] TLS Error: TLS handshake failed between 2 linux machines

Subject: [Openvpn-users] TLS Error: TLS handshake failed between 2 linux machines
From: "Clemson, Chris" <Chris.Clemson@xxxxxxxxxxxxxxxx>
Date: Wed, 1 Oct 2003 16:25:54 +0100

After having no success of using openvpn between windows 2000 and linux, i
thought i'd have a go at using openvpn between 2 SuSE Linux 8 machines.

i seem to be able to get further than on windows 2000 - my linux client
machine actually connects to the linux server, which is a good start!
However, i get the error TLS handshake failed.

On the server, the following is displayed on startup and after an attempted
connection:

Wed Oct  1 16:04:17 2003 0: OpenVPN 1.5-beta8 i686-pc-linux-gnu [SSL] [LZO]
[MTU-DYNAMIC] built on Oct  1 2003
Wed Oct  1 16:04:17 2003 1: Diffie-Hellman initialized with 1024 bit key
Wed Oct  1 16:04:17 2003 2: WARNING: file
'/usr/share/ssl/openvpn/private/office.key' is group or others accessible
Wed Oct  1 16:04:17 2003 3: LZO compression initialized
Wed Oct  1 16:04:17 2003 4: Control Channel MTU parms [ link_mtu=1300
extra_fram
e=38 extra_buffer=0 extra_tun=0 dynamic = [
mtu_min_initial=MTU_INITIAL_UNDEF mt
u_max_initial=MTU_INITIAL_UNDEF mtu_initial=MTU_SET_TO_MIN mtu_min=138
mtu_max=1300 mtu=138 ] ]
Wed Oct  1 16:04:17 2003 5: TUN/TAP device tun0 opened
Wed Oct  1 16:04:17 2003 6: /sbin/ifconfig tun0 192.168.3.2 pointopoint
192.168.3.3 mtu 1258
Wed Oct  1 16:04:17 2003 7: /etc/openvpn/office.up tun0 1258 1300
192.168.3.2 192.168.3.3 init
Wed Oct  1 16:04:17 2003 8: Data Channel MTU parms [ link_mtu=1300
extra_frame=4
2 extra_buffer=19 extra_tun=0 dynamic = [ mtu_min_initial=MTU_INITIAL_UNDEF
mtu_
max_initial=MTU_INITIAL_UNDEF mtu_initial=MTU_SET_TO_MAX mtu_min=142
mtu_max=1300 mtu=1300 ] ]
Wed Oct  1 16:04:17 2003 9: Local Options hash (VER=V3): 'd161c7e8'
Wed Oct  1 16:04:17 2003 10: Expected Remote Options hash (VER=V3):
'27b9cea8'
Wed Oct  1 16:04:17 2003 11: UDPv4 link local (bound): [undef]:5000
Wed Oct  1 16:04:17 2003 12: UDPv4 link remote: [undef]
Wed Oct  1 16:05:40 2003 13: TLS: tls_pre_decrypt: first response to initial
packet from 217.79.99.107:5000, sid=acd67ec2 807b4c20
Wed Oct  1 16:06:33 2003 14: TLS: tls_pre_decrypt: new session incoming
connection from 217.79.99.107:5000
Wed Oct  1 16:06:40 2003 15: TLS Error: TLS key negotiation failed to occur
within 60 seconds
Wed Oct  1 16:06:40 2003 16: TLS Error: TLS handshake failed

on the client machine:

Wed Oct  1 16:06:31 2003 0: OpenVPN 1.5-beta8 i586-pc-linux-gnu [SSL] [LZO]
[MTU-DYNAMIC] built on Oct  1 2003
Wed Oct  1 16:06:31 2003 1: LZO compression initialized
Wed Oct  1 16:06:31 2003 2: Control Channel MTU parms [ link_mtu=1300
extra_frame=38 extra_buffer=0 extra_tun=0 dynamic = [
mtu_min_initial=MTU_INITIAL_UNDEF mtu_max_initial=MTU_INITIAL_UNDEF
mtu_initial=MTU_SET_TO_MIN mtu_min=138 mtu_max=1300 mtu=138 ] ]
Wed Oct  1 16:06:31 2003 3: TUN/TAP device tun0 opened
Wed Oct  1 16:06:31 2003 4: /sbin/ifconfig tun0 192.168.3.3 pointopoint
192.168.3.2 mtu 1258
Wed Oct  1 16:06:32 2003 5: ./home.up tun0 1258 1300 192.168.3.3 192.168.3.2
init
Wed Oct  1 16:06:32 2003 6: Data Channel MTU parms [ link_mtu=1300
extra_frame=42 extra_buffer=19 extra_tun=0 dynamic = [
mtu_min_initial=MTU_INITIAL_UNDEF mtu_max_initial=MTU_INITIAL_UNDEF
mtu_initial=MTU_SET_TO_MAX mtu_min=142 mtu_max=1300 mtu=1300 ] ]
Wed Oct  1 16:06:32 2003 7: Local Options hash (VER=V3): '27b9cea8'
Wed Oct  1 16:06:32 2003 8: Expected Remote Options hash (VER=V3):
'd161c7e8'
Wed Oct  1 16:06:32 2003 9: UDPv4 link local (bound): [undef]:5000
Wed Oct  1 16:06:32 2003 10: UDPv4 link remote: 217.79.98.202:5000
Wed Oct  1 16:06:45 2003 11: select : Interrupted system call (code=4)
Wed Oct  1 16:06:45 2003 12: SIGINT received, exiting
Wed Oct  1 16:06:45 2003 13: Closing TCP/UDP socket
Wed Oct  1 16:06:45 2003 14: Closing TUN/TAP device

both versions of openssl are OpenSSL 0.9.6c [engine] 21 dec 2001
the local and remote options hashes on the client are the opposite of the
server, which i guess is a good thing.
we have a firewall in between the 2 machines, but i have checked the rules
on it and they seem fine.
after the first "tls_pre_decrypt" on the server, it just sits there for a
minute and them times out.
Does this mean that the client never receives the response?
what should i be checking?

thank you!


chris

-- 
The content of this e-mail is confidential, may contain privileged material
and is intended solely for the recipient(s) named above. If you receive this
in error, please notify Software AG immediately and delete this e-mail.

Software AG (UK) Limited
Registered in England & Wales 1310740
Registered Office: Hudson House, Hudson Way,
Pride Park, Derby DE24 8HS

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: [Openvpn-users] OpenVPN 1.5-beta9 released
Next by Date: Re: [Openvpn-users] Bridging: Which device
Previous by thread: [Openvpn-users] OpenVPN 1.5-beta9 released
Next by thread: Re: [Openvpn-users] Bridging: Which device
Index(es):
- Date
- Thread