Openvpn TLS handshake failed

Dear Team,
i can not connect anymore an OpenVPN Client (offical / community version) to my server.
I get follow error message:
image

I know i dont use the standard port, is there anything related to the firewall?

Thank you!

Is your dyndns.org IP correctly up to date. You can check on the IPFire Dynamic DNS WUI page that your hostname is up to date, it should be showing in green.

There is mo firewall rule that would block you.
In fact when you set up the OpenVPN page the required firewall rules are automatically put in place to ensure the connection can be made.

Yes, everything is correct and i can see the IP adress in the log of openvpn (external IP)

Important to mention, my IPFire is behind a FritzBox because i am a guest user of the internet service.
But the Port is open for the open VPN service.
And it worked in the past without having issues.

Any ideas?

I think i found the problem.
I had IP Location Filter on and i am sitting right now in Mexico.

But i got another Problem

Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Tue Nov 12 10:54:13 2024 OPTIONS ERROR: failed to import crypto options

Tue Nov 12 10:54:12 2024 VERIFY EKU OK
Tue Nov 12 10:54:12 2024 VERIFY X509NAME OK: C=DE, O=XXX, CN=XXX.dyndns.org
Tue Nov 12 10:54:12 2024 VERIFY OK: depth=0, C=DE, O=Wunet, CN=XXX.dyndns.org
Tue Nov 12 10:54:12 2024 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Tue Nov 12 10:54:12 2024 [XXXX.dyndns.org] Peer Connection Initiated with [AF_INET]XXXXXXXX.210:6619
Tue Nov 12 10:54:12 2024 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Tue Nov 12 10:54:12 2024 TLS: tls_multi_process: initial untrusted session promoted to trusted
Tue Nov 12 10:54:13 2024 MANAGEMENT: >STATE:1731426853,GET_CONFIG,
Tue Nov 12 10:54:13 2024 SENT CONTROL [XXX.dyndns.org]: ‘PUSH_REQUEST’ (status=1)
Tue Nov 12 10:54:13 2024 PUSH: Received control message: ‘PUSH_REPLY,route 10.107.121.1,topology net30,ping 10,ping-restart 60,route 192.168.1.0 255.255.255.0,ifconfig 10.107.121.6 10.107.121.5,peer-id 1,cipher AES-256-CBC’
Tue Nov 12 10:54:13 2024 OPTIONS IMPORT: --ifconfig/up options modified
Tue Nov 12 10:54:13 2024 OPTIONS IMPORT: route options modified
Tue Nov 12 10:54:13 2024 interactive service msg_channel=792
Tue Nov 12 10:54:13 2024 ROUTE_GATEWAY 192.168.1.254/255.255.255.0 I=16 HWADDR=c8:94:02:4f:2e:25
Tue Nov 12 10:54:13 2024 MANAGEMENT: >STATE:1731426853,ASSIGN_IP,10.107.121.6,
Tue Nov 12 10:54:13 2024 INET address service: add 10.107.121.6/30
Tue Nov 12 10:54:13 2024 IPv4 MTU set to 1492 on interface 46 using service
Tue Nov 12 10:54:13 2024 MANAGEMENT: >STATE:1731426853,ADD_ROUTES,
Tue Nov 12 10:54:13 2024 C:\Windows\system32\route.exe ADD 10.107.121.1 MASK 255.255.255.255 10.107.121.5 METRIC 200
Tue Nov 12 10:54:13 2024 Route addition via service succeeded
Tue Nov 12 10:54:13 2024 C:\Windows\system32\route.exe ADD 192.168.1.0 MASK 255.255.255.0 10.107.121.5 METRIC 200
Tue Nov 12 10:54:13 2024 Route addition via service succeeded
Tue Nov 12 10:54:13 2024 Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Tue Nov 12 10:54:13 2024 OPTIONS ERROR: failed to import crypto options
Tue Nov 12 10:54:13 2024 Failed to open tun/tap interface
Tue Nov 12 10:54:13 2024 C:\Windows\system32\route.exe DELETE 10.107.121.1 MASK 255.255.255.255 10.107.121.5
Tue Nov 12 10:54:13 2024 Route deletion via service succeeded
Tue Nov 12 10:54:13 2024 C:\Windows\system32\route.exe DELETE 192.168.1.0 MASK 255.255.255.0 10.107.121.5
Tue Nov 12 10:54:13 2024 Route deletion via service succeeded
Tue Nov 12 10:54:13 2024 Closing DCO interface
Tue Nov 12 10:54:13 2024 INET address service: remove 10.107.121.6/30
Tue Nov 12 10:54:13 2024 SIGUSR1[soft,process-push-msg-failed] received, process restarting
Tue Nov 12 10:54:13 2024 MANAGEMENT: >STATE:1731426853,RECONNECTING,process-push-msg-failed,
Tue Nov 12 10:54:13 2024 Restart pause, 32 second(s)

Problem solved

2 Likes