TLS key negotiation failed - Windows fails but Mac works

Got a problem with Viscosity or need help? Ask here!

rjensen

Posts: 7
Joined: Sat Oct 08, 2016 1:30 am

Post by rjensen » Sat Oct 08, 2016 3:28 am
Hi,

I'm getting a TLS key negotiation failed when trying to connect to my OpenVPN server using the Windows version of Viscosity. It was configured by importing a .opvn.

Importing this same file in Viscosity on a Mac allows me to connect successfully; no errors. Any idea why using the same configuration file would work for Mac but not in Windows?

Thanks

Eric

User avatar
Posts: 866
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Wed Oct 12, 2016 10:03 am
Hi rjensen,

Could you please post a complete copy of the log and we can take a look - http://sparklabs.com/support/kb/article ... envpn-log/

Also, what version of Viscosity are you using on both Mac and Windows?

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

rjensen

Posts: 7
Joined: Sat Oct 08, 2016 1:30 am

Post by rjensen » Fri Oct 14, 2016 3:12 am
Windows is running 1.6.6 (1461). Mac is running 1.6.2 (1342).

Oct 13 11:09:28 AM: State changed to Connecting
Oct 13 11:09:28 AM: Viscosity Windows 1.6.6 (1461)
Oct 13 11:09:28 AM: Running on Microsoft Windows 10 Pro
Oct 13 11:09:28 AM: Bringing up interface...
Oct 13 11:09:29 AM: Checking reachability status of connection...
Oct 13 11:09:29 AM: Connection is reachable. Starting connection attempt.
Oct 13 11:09:29 AM: OpenVPN 2.3.12 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 24 2016
Oct 13 11:09:29 AM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Oct 13 11:09:30 AM: UDPv4 link local: [undef]
Oct 13 11:09:30 AM: UDPv4 link remote: [AF_INET]64.124.231.35:1195
Oct 13 11:10:30 AM: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 13 11:10:30 AM: TLS Error: TLS handshake failed
Oct 13 11:10:30 AM: SIGUSR1[soft,tls-error] received, process restarting

Eric

User avatar
Posts: 866
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Fri Oct 14, 2016 10:51 am
Hi rjensen,

Please see the following - http://sparklabs.com/support/kb/article ... 0-seconds/

We recommend you contact your VPN Provider for assistance with this one.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

rjensen

Posts: 7
Joined: Sat Oct 08, 2016 1:30 am

Post by rjensen » Sat Oct 15, 2016 12:18 am
Thanks for the information. We run our own custom OpenVPN server so I have access to any configuration changes that need to be made. The question I have is, why does the same .opvn configuration file work on a Mac but not on Windows. I'd like to add that I've tried this same configuration file on a OpenVPN Desktop GUI which worked fine.

Eric

User avatar
Posts: 866
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Mon Oct 17, 2016 12:51 pm
Hi rjensen,

Is that OpenVPN GUI on the same PC? Is it using the same version of OpenVPN and OpenSSL? Is the Windows PC having issues running any AV or Firewall software? Is Viscosity running on a domain PC? Have any permissions (like the network token permission) been removed from the SYSTEM user which Viscosity Service is running as? As per the support article, there could be issues with connectivity to the server or something could be intercepting the connection.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

rjensen

Posts: 7
Joined: Sat Oct 08, 2016 1:30 am

Post by rjensen » Tue Oct 18, 2016 3:47 am
Is that OpenVPN GUI on the same PC? No
Is it using the same version of OpenVPN and OpenSSL? I'm not sure. The install used was from the official OpenVPN site.
Is the Windows PC having issues running any AV or Firewall software? No, only Windows Defender and default Microsoft Firewall is installed.
Is Viscosity running on a domain PC? No, workgroup.
Have any permissions (like the network token permission) been removed from the SYSTEM user which Viscosity Service is running as? No, this is a fresh install. No configuration changes have been made to Viscosity other than the import of the .opvn file

I will check out the logs on the OpenVPN server to see if there is any additional information.

Thanks again for your help.

Eric

User avatar
Posts: 866
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Oct 18, 2016 11:26 am
Hi rjensen,

Everything here points to the PC being unable to communicate with the server rather than this being a configuration issue or anything like that. Even Windows firewall could unintentionally have a block on Viscosity or OpenVPN.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

rjensen

Posts: 7
Joined: Sat Oct 08, 2016 1:30 am

Post by rjensen » Thu Oct 20, 2016 7:46 am
For testing purposes, on the same machine, I installed the latest OpenVPN client 2.3.12 and copied the .opvn file to the config folder. Running OpenVPN GUI as Administrator I was able to connect.

This is a clean install of Windows 10 with all the latest patches, including the Anniversary Update.

Eric

User avatar
Posts: 866
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Oct 20, 2016 1:34 pm
Hi rjensen,

I'm afraid there's not much we can suggest here. As I've mentioned before, this error means one of two things. Either OpenVPN can't communicate with the server, or the server is ignoring the communication attempt. When you connect with Viscosity, can the server see the connection attempt?

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
14 posts Page 1 of 2