TLS key negotiation failed to occur within 60 seconds

[FlyByWire]

Hi there,

I'm having a problem to establish an openVPN connection to PureVPN.

My setup:

I have a Sphairon AR-780 Modem that is connected to Router 1 (FritzBox 7390 on LAN1) which is responsible for setting up Internet connection and supplying VoIP. Connected to LAN2 of the FritzBox is a Asus RT-AC68U (here WAN adapter) running Merlin 378.56_2. Asus is configured to have a static IP out of the subnet from the FritzBox.

Baseline:

For 2 weeks I'm running openVPN client on ExpressVPN servers without any problem. I've setup 5 different servers in the Asus setup. All working.

Problem:

Yesterday I tried to setup a openVPN connection to PureVPN using the config provided by them.
Neither UPD nor TCP is working. The VPN Status (on the Asus) says "connecting..." but thats all. The log shows (on UDP connection):

Nov 15 01:32:18 openvpn[26761]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 15 01:32:18 openvpn[26761]: TLS Error: TLS handshake failed

I did contact the online support of PureVPN and they assumed that my ISP is blocking the needed ports (UDP 53, TCP 80). I really can't believe that TCP Port 80 is blocked by my ISP as this is used for web traffic?!

Anybody an idea what the problem could be?

Thanks

FlyByWire

 

[cosmoxl]

TLS settings are wrong is most likely the problem as I'm sure those ports aren't blocked.

does Pure VPN have 2 certs and 2 keys in the ovpn file? do they use username/password?

 

[FlyByWire]

does Pure VPN have 2 certs and 2 keys in the ovpn file? do they use username/password?

1 cert and 1 key and yes they do require username and password. Suprising to me was that after importing the ovpn config I had to change some setting to make it trying to connect at all (Must define certificate authority, Verify Server Certificate was not "yes" and tls-auth was not disabled as that all should be according to their guide?!

 

[cosmoxl]

1 cert and 1 key and yes they do require username and password. Suprising to me was that after importing the ovpn config I had to change some setting to make it trying to connect at all (Must define certificate authority, Verify Server Certificate was not "yes" and tls-auth was not disabled as that all should be according to their guide?!

verify server certificate should probably be set to "no". username/pass auth only is also "no" because the ca.crt should have been uploaded as part of the ovpn. what is the setting for extra HMAC authorization? I'm thinking since you have been given a key that that should be set to outgoing (1).

 

[FlyByWire]

http://support.purevpn.com/an-easy-guide-for-setting-up-openvpn-on-asus-rt-n66u-2
This is what theire guide looks like?! I'll give it a try with the settings you suggest...

 

[cosmoxl]

http://support.purevpn.com/an-easy-guide-for-setting-up-openvpn-on-asus-rt-n66u-2
This is what theire guide looks like?! I'll give it a try with the settings you suggest...

ah, OK, I didn't know you were following a guide. then disregard what I said.

 

[FlyByWire]

wow, worked with the settings suggested by you! Thanks a lot.
meaning two things:
1.) Theire guide is wrong!
2.) The support is incapable!

Not the best precondition to start a long term relationship with them...