Hello, I've got a FreeBSD 10.3 server running openvpn 2.4. To that I'm trying to connect an external to that network win10 x64 machine running openvpn gui latest 2.4.
I'm getting a tls negotiation error and although google has shown this as common apparently I'm thinking it's a tls issue in my configuration. I've included my server config and client config files below and would appreciate it if someone can spot my tls issue. Thanks. Dave. server configuration: tls-server local <External IP Address> port 1194 proto udp dev tun ca /usr/local/etc/openvpn/keys/ca.crt cert /usr/local/etc/openvpn/keys/openvpn-server.crt key /usr/local/etc/openvpn/keys/openvpn-server.key # This file should be kept secret dh /usr/local/etc/openvpn/keys/dh.pem topology subnet server 172.17.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 ;push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" ;client-to-client keepalive 10 120 tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret cipher AES-256-GCM ;compress lz4-v2 ;push "compress lz4-v2" max-clients 10 user nobody group nobody persist-key persist-tun status openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 3 mute 5 explicit-exit-notify 1 remote-cert-eku "TLS Web Client Authentication" tls-version-min 1.2 auth SHA512 tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 client configuration: tls-client client dev tun proto udp tun-mtu 1400 remote xxx.xxx.xxx.xxx 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ca ca.crt cert client.crt key client.key tls-auth ta.key 1 remote-cert-tls server cipher AES-256-GCM verb 3 mute 5 ns-cert-type server tls-version-min 1.2 tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 auth SHA512 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
