Thanks!
It has been like this for a while.
So, the issue should be from the client side? I have checked the profile and it is as indicated in the guide. In fact from both server and client, both are as indicated by the guide.
So, I am puzzled.
Thanks
Thanks!
It has been like this for a while.
So, the issue should be from the client side? I have checked the profile and it is as indicated in the guide. In fact from both server and client, both are as indicated by the guide.
So, I am puzzled.
Thanks
Joined: 18 Mar 2014 Posts: 12923 Location: Netherlands
Posted: Thu Dec 07, 2023 21:56 Post subject:
Your client log shows that your client cannot connect to your server:
Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
So maybe the port forward on the main router is wrong, maybe the main router does not have a Public IP address, maybe your isp is blocking , maybe the address is wrong etc.
Edit: of course you have read the OpenVPN Troubleshooting guide but in case you have missed it:
Quote:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Server is not reachable i.e. you have a network connection error (unless you are using TLS-crypt which is not setup
correctly):
• Check server address/DDNS
• Check DDNS,
• Check if your WAN has an IPv4 CGNAT address (IP address starting with 100) or Dual stack Lite
• Check port,
• Check Port Forward if server is not on the primary router.
• Check /disable firewall
• Sometimes an ISP blocks often used ports, Check with your ISP and/or use TCP port 443, this is not blocked.
• Older DDWRT version block UDP ports when SFE is enabled, so when in doubt disable SFE or CTF.
To check if you can reach the server from the client you can use the ping utility.
Beware not all servers answer to ping.
From the Windows cmd, the Fing app on your phone or ping from the CLI (telnet/Putty) if your client is a DDWRT or
other router use:
ping <ip-server-address>
If your server is a DDWRT router then by default it does not answer to ping so for this test you should
disable/uncheck "Block Anonymous WAN Requests (ping)" on the Security tab of the DDWRT OpenVPN server.