SparkLabs Forum.

Community Help.


TLS key negotiation failed - Windows fails but Mac works

Hi,

I'm getting a TLS key negotiation failed when trying to connect to my OpenVPN server using the Windows version of Viscosity. It was configured by importing a .opvn.

Importing this same file in Viscosity on a Mac allows me to connect successfully; no errors. Any idea why using the same configuration file would work for Mac but not in Windows?

Thanks
Hi rjensen,

Could you please post a complete copy of the log and we can take a look - http://sparklabs.com/support/kb/article ... envpn-log/

Also, what version of Viscosity are you using on both Mac and Windows?

Regards,
Eric
Windows is running 1.6.6 (1461). Mac is running 1.6.2 (1342).

Oct 13 11:09:28 AM: State changed to Connecting
Oct 13 11:09:28 AM: Viscosity Windows 1.6.6 (1461)
Oct 13 11:09:28 AM: Running on Microsoft Windows 10 Pro
Oct 13 11:09:28 AM: Bringing up interface...
Oct 13 11:09:29 AM: Checking reachability status of connection...
Oct 13 11:09:29 AM: Connection is reachable. Starting connection attempt.
Oct 13 11:09:29 AM: OpenVPN 2.3.12 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 24 2016
Oct 13 11:09:29 AM: library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Oct 13 11:09:30 AM: UDPv4 link local: [undef]
Oct 13 11:09:30 AM: UDPv4 link remote: [AF_INET]64.124.231.35:1195
Oct 13 11:10:30 AM: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 13 11:10:30 AM: TLS Error: TLS handshake failed
Oct 13 11:10:30 AM: SIGUSR1[soft,tls-error] received, process restarting
Hi rjensen,

Please see the following - http://sparklabs.com/support/kb/article ... 0-seconds/

We recommend you contact your VPN Provider for assistance with this one.

Regards,
Eric
Thanks for the information. We run our own custom OpenVPN server so I have access to any configuration changes that need to be made. The question I have is, why does the same .opvn configuration file work on a Mac but not on Windows. I'd like to add that I've tried this same configuration file on a OpenVPN Desktop GUI which worked fine.
Hi rjensen,

Is that OpenVPN GUI on the same PC? Is it using the same version of OpenVPN and OpenSSL? Is the Windows PC having issues running any AV or Firewall software? Is Viscosity running on a domain PC? Have any permissions (like the network token permission) been removed from the SYSTEM user which Viscosity Service is running as? As per the support article, there could be issues with connectivity to the server or something could be intercepting the connection.

Regards,
Eric
Is that OpenVPN GUI on the same PC? No
Is it using the same version of OpenVPN and OpenSSL? I'm not sure. The install used was from the official OpenVPN site.
Is the Windows PC having issues running any AV or Firewall software? No, only Windows Defender and default Microsoft Firewall is installed.
Is Viscosity running on a domain PC? No, workgroup.
Have any permissions (like the network token permission) been removed from the SYSTEM user which Viscosity Service is running as? No, this is a fresh install. No configuration changes have been made to Viscosity other than the import of the .opvn file

I will check out the logs on the OpenVPN server to see if there is any additional information.

Thanks again for your help.
Hi rjensen,

Everything here points to the PC being unable to communicate with the server rather than this being a configuration issue or anything like that. Even Windows firewall could unintentionally have a block on Viscosity or OpenVPN.

Regards,
Eric
For testing purposes, on the same machine, I installed the latest OpenVPN client 2.3.12 and copied the .opvn file to the config folder. Running OpenVPN GUI as Administrator I was able to connect.

This is a clean install of Windows 10 with all the latest patches, including the Anniversary Update.
Hi rjensen,

I'm afraid there's not much we can suggest here. As I've mentioned before, this error means one of two things. Either OpenVPN can't communicate with the server, or the server is ignoring the communication attempt. When you connect with Viscosity, can the server see the connection attempt?

Regards,
Eric
14 posts Page 1 of 2

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy