-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
------- Original Message ------- On Tuesday, August 15th, 2023 at 10:57, Jason Long <hack3r...@yahoo.com> wrote: <snip> > Hello, > My OpenVPN server internal network IP is "192.168.1.20" and the IP address of > client is "192.168.1.21". Both VMs can ping each other. > > According to "https://community.openvpn.net/openvpn/wiki/HOWTO";, I did the > following stpes: > > # mkdir /etc/openvpn/ccd > # nano /etc/openvpn/server.conf > > client-config-dir ccd > ccd-exclusive > route 192.168.1.0 255.255.255.0 > > Then: > > # touch /etc/openvpn/ccd/Test-PC > # nano /etc/openvpn/ccd/Test-PC > > iroute 192.168.1.0 255.255.255.0 > > > After it, I started the OpenVPN service and it worked. On client, when I want > to connect to my OpenVPN server, then it showed me: > > Tue Aug 15 14:10:22 2023 TLS Error: TLS key negotiation failed to occur > within 60 seconds (check your network connectivity) > Tue Aug 15 14:10:22 2023 TLS Error: TLS handshake failed > > > I take a look at > "https://openvpn.net/faq/tls-error-tls-key-negotiation-failed-to-occur-within-60-seconds-check-your-network-connectivity/"; > too. > > When I removed the following lines from my server.conf, then my client can > connect to the server: > > client-config-dir ccd > ccd-exclusive > route 192.168.1.0 255.255.255.0 > > > How can I solve it? >As I have already explained: If your client can only connect when you remove >'ccd-exclusive' from your server config, this means that there is not a CCD >file for the client that is trying to connect. > I changed protocol from UDP to TCP, but problem was not solved. >If you were a pilot, I would go by train. >HTH >tct Hello, You said "this means that there is not a CCD file for the client that is trying to connect", then what does this mean: # touch /etc/openvpn/ccd/Test-PC # nano /etc/openvpn/ccd/Test-PC iroute 192.168.1.0 255.255.255.0 And about change from UDP to TCP: https://serverfault.com/questions/765521/openvpn-issue-tls-key-negotiation-failed-to-occur-within-60-seconds https://support.nordvpn.com/Connectivity/1061816172/Issue-TLS-key-negotiation-failed-to-occur.htm I did a tcpdump: # tcpdump --interface any udp port 2000 -n -v tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 08:50:47.761991 IP (tos 0x0, ttl 128, id 892, offset 0, flags [DF], proto UDP (17), length 82) 192.168.1.21.60461 > 192.168.1.20.2000: UDP, length 54 08:50:47.762524 IP (tos 0x0, ttl 64, id 24726, offset 0, flags [DF], proto UDP (17), length 94) 10.10.0.1.2000 > 192.168.1.21.60461: UDP, length 66 08:51:03.573953 IP (tos 0x0, ttl 128, id 893, offset 0, flags [DF], proto UDP (17), length 82) 192.168.1.21.60461 > 192.168.1.20.2000: UDP, length 54 08:51:03.574449 IP (tos 0x0, ttl 64, id 26863, offset 0, flags [DF], proto UDP (17), length 94) 10.10.0.1.2000 > 192.168.1.21.60461: UDP, length 66 -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAnBYJk22k6CZBPl5z2a5C4nRYhBAm8PURno41yecVVVU+XnPZr kLidAACcaAf+PasGH6O2qUqt7caze8p31vl23LgjwLoL7dKgYDQpxClPxIWc K+vA+e6sRyfvkY+OTK3Rfwv/06OCmj7XOsJIvuvK9gQSvqj7dN7x0f45xoUz 0WTo7E+focRcu1Rw1xk5oOpl601O9j9ac+NHa4P07rMe6yiVdr+BQjiZKad7 5455ZBM1vaRa5L7Fb66QhXcLsqxSS1mtYjyrmGzUVmTwESkV7avPGsBcjY6T vpO1rXicIqfdqGi7Rv/txWcCRf0D2YjLSIl0BMYPQc0LlQxiGN9KFD+pf9xg 9fBp1D1aCzyRyOGtn4CMk4+r9s+rEgd9hzkOTDDHk+PHJMnWz5fyNw== =GYK8 -----END PGP SIGNATURE----- _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
