Menu
What's new
By:
Filters Better Search

"TLS handshake failed" setting up NordVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L

lreyes

New Around Here
I've been running Asus-Merlin firmware for a while but I haven't tried to set up OpenVPN on it before. I've got my OVPN file from NordVPN and setting it up per their tutorial here but so far I haven't had any luck getting it to connect successfully. My settings are set like this:
upload_2017-4-24_19-6-58.png


upload_2017-4-24_19-7-20.png

Code: 
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
pull
fast-io

This gets me the error shown, no matter what server I use on UDP.
Code: 
Apr 24 17:52:05 openvpn[10123]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 17:52:05 openvpn[10123]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 17:52:06 openvpn[10124]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 17:52:06 openvpn[10124]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 17:52:06 openvpn[10124]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:1194
Apr 24 17:52:06 openvpn[10124]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Apr 24 17:52:06 openvpn[10124]: UDP link local: (not bound)
Apr 24 17:52:06 openvpn[10124]: UDP link remote: [AF_INET]173.234.12.85:1194
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS handshake failed
Apr 24 17:53:06 openvpn[10124]: SIGUSR1[soft,tls-error] received, process restarting
Apr 24 17:53:06 openvpn[10124]: Restart pause, 5 second(s)

I tried TCP instead and got a different failure (this error is from a previous attempt on a different server):
Code: 
Apr 24 00:51:58 openvpn[9018]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 00:51:58 openvpn[9018]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 00:51:58 openvpn[9019]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 00:51:58 openvpn[9019]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 00:51:58 openvpn[9019]: NOTE: --fast-io is disabled since we are not using UDP
Apr 24 00:51:58 openvpn[9019]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:443
Apr 24 00:51:58 openvpn[9019]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Apr 24 00:51:58 openvpn[9019]: Attempting to establish TCP connection with [AF_INET]173.234.12.85:443 [nonblock]
Apr 24 00:51:59 openvpn[9019]: TCP connection established with [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link local: (not bound)
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link remote: [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: Connection reset, restarting [0]
Apr 24 00:51:59 openvpn[9019]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 24 00:51:59 openvpn[9019]: Restart pause, 5 second(s)

I'm not sure what's going on here, but any insight that could help me out would be appreciated!
 
One of two possible things:
1. Not sure the router clock is set correctly.
2. The OpenVPN configuration you imported might not of imported correctly. Could try importing a different server configuration file.
 
lreyes said:
I've been running Asus-Merlin firmware for a while but I haven't tried to set up OpenVPN on it before. I've got my OVPN file from NordVPN and setting it up per their tutorial here but so far I haven't had any luck getting it to connect successfully. My settings are set like this:
View attachment 9109

View attachment 9110
Code: 
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
pull
fast-io

This gets me the error shown, no matter what server I use on UDP.
Code: 
Apr 24 17:52:05 openvpn[10123]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 17:52:05 openvpn[10123]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 17:52:06 openvpn[10124]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 17:52:06 openvpn[10124]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 17:52:06 openvpn[10124]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:1194
Apr 24 17:52:06 openvpn[10124]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Apr 24 17:52:06 openvpn[10124]: UDP link local: (not bound)
Apr 24 17:52:06 openvpn[10124]: UDP link remote: [AF_INET]173.234.12.85:1194
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS handshake failed
Apr 24 17:53:06 openvpn[10124]: SIGUSR1[soft,tls-error] received, process restarting
Apr 24 17:53:06 openvpn[10124]: Restart pause, 5 second(s)

I tried TCP instead and got a different failure (this error is from a previous attempt on a different server):
Code: 
Apr 24 00:51:58 openvpn[9018]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 00:51:58 openvpn[9018]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 00:51:58 openvpn[9019]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 00:51:58 openvpn[9019]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 00:51:58 openvpn[9019]: NOTE: --fast-io is disabled since we are not using UDP
Apr 24 00:51:58 openvpn[9019]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:443
Apr 24 00:51:58 openvpn[9019]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Apr 24 00:51:58 openvpn[9019]: Attempting to establish TCP connection with [AF_INET]173.234.12.85:443 [nonblock]
Apr 24 00:51:59 openvpn[9019]: TCP connection established with [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link local: (not bound)
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link remote: [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: Connection reset, restarting [0]
Apr 24 00:51:59 openvpn[9019]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 24 00:51:59 openvpn[9019]: Restart pause, 5 second(s)

I'm not sure what's going on here, but any insight that could help me out would be appreciated!
Click to expand...
Try setting Auth Digest to SHA1 and setting Cipher Negotiation to Disable.
 
You must log in or register to reply here.

Similar threads

A
ASUS XT8 dropout - momentarily disconnection
Replies
1
Views
981
Armin6150
A
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
2K
Nick24
N
D
RT-AX88U losing WIFI
2 3
Replies
41
Views
3K
ciprian.trofin
C
T
[Help] Problems setting up OpenVPN
Replies
7
Views
305
Thookie
T
T
Having some problems with my home network. Please Help!
Replies
3
Views
1K
triggerh4ppy
T
Similar threads
Thread starter Title Forum Replies Date
C isp block dns over tls and poison any unencrypted dns resolution Asuswrt-Merlin 14
V Opera DNS-over tls Asuswrt-Merlin 0
V DNS server vs DNS-over TLS server list Asuswrt-Merlin 3
A DNS/TLS IPv6. Asuswrt-Merlin 18
B dnsmasq: failed to create listening socket for 192.168.1.1: Address already in use Asuswrt-Merlin 7
M Failed AX58U Merlin to Asus Asuswrt-Merlin 4
F Solved RT-AX58U flashing Merlin failed Asuswrt-Merlin 3
BeKozGaming [RT-AC88U][386.12_4] "backup_jffs.tar Failed - Virus detected" Error saving JFFS partition: Trojan:Script/Wacatac.B!ml Asuswrt-Merlin 11
I RT-AC3200 Merlin 384.13.10 - e2fsck abort with 'Memory Allocation failed' (10 GB swapfile!) Asuswrt-Merlin 14
A Access Restrictions no longer functional after failed 388.5 update Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 430 (members: 18, guests: 412)
Top