What's new

"TLS handshake failed" setting up NordVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

lreyes

New Around Here
I've been running Asus-Merlin firmware for a while but I haven't tried to set up OpenVPN on it before. I've got my OVPN file from NordVPN and setting it up per their tutorial here but so far I haven't had any luck getting it to connect successfully. My settings are set like this:
upload_2017-4-24_19-6-58.png


upload_2017-4-24_19-7-20.png

Code:
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
pull
fast-io

This gets me the error shown, no matter what server I use on UDP.
Code:
Apr 24 17:52:05 openvpn[10123]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 17:52:05 openvpn[10123]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 17:52:06 openvpn[10124]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 17:52:06 openvpn[10124]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 17:52:06 openvpn[10124]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:1194
Apr 24 17:52:06 openvpn[10124]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Apr 24 17:52:06 openvpn[10124]: UDP link local: (not bound)
Apr 24 17:52:06 openvpn[10124]: UDP link remote: [AF_INET]173.234.12.85:1194
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS handshake failed
Apr 24 17:53:06 openvpn[10124]: SIGUSR1[soft,tls-error] received, process restarting
Apr 24 17:53:06 openvpn[10124]: Restart pause, 5 second(s)

I tried TCP instead and got a different failure (this error is from a previous attempt on a different server):
Code:
Apr 24 00:51:58 openvpn[9018]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 00:51:58 openvpn[9018]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 00:51:58 openvpn[9019]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 00:51:58 openvpn[9019]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 00:51:58 openvpn[9019]: NOTE: --fast-io is disabled since we are not using UDP
Apr 24 00:51:58 openvpn[9019]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:443
Apr 24 00:51:58 openvpn[9019]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Apr 24 00:51:58 openvpn[9019]: Attempting to establish TCP connection with [AF_INET]173.234.12.85:443 [nonblock]
Apr 24 00:51:59 openvpn[9019]: TCP connection established with [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link local: (not bound)
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link remote: [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: Connection reset, restarting [0]
Apr 24 00:51:59 openvpn[9019]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 24 00:51:59 openvpn[9019]: Restart pause, 5 second(s)

I'm not sure what's going on here, but any insight that could help me out would be appreciated!
 
One of two possible things:
1. Not sure the router clock is set correctly.
2. The OpenVPN configuration you imported might not of imported correctly. Could try importing a different server configuration file.
 
I've been running Asus-Merlin firmware for a while but I haven't tried to set up OpenVPN on it before. I've got my OVPN file from NordVPN and setting it up per their tutorial here but so far I haven't had any luck getting it to connect successfully. My settings are set like this:
View attachment 9109

View attachment 9110
Code:
remote-random
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
pull
fast-io

This gets me the error shown, no matter what server I use on UDP.
Code:
Apr 24 17:52:05 openvpn[10123]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 17:52:05 openvpn[10123]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 17:52:06 openvpn[10124]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 17:52:06 openvpn[10124]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 17:52:06 openvpn[10124]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 17:52:06 openvpn[10124]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:1194
Apr 24 17:52:06 openvpn[10124]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Apr 24 17:52:06 openvpn[10124]: UDP link local: (not bound)
Apr 24 17:52:06 openvpn[10124]: UDP link remote: [AF_INET]173.234.12.85:1194
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 24 17:53:06 openvpn[10124]: TLS Error: TLS handshake failed
Apr 24 17:53:06 openvpn[10124]: SIGUSR1[soft,tls-error] received, process restarting
Apr 24 17:53:06 openvpn[10124]: Restart pause, 5 second(s)

I tried TCP instead and got a different failure (this error is from a previous attempt on a different server):
Code:
Apr 24 00:51:58 openvpn[9018]: OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 29 2017
Apr 24 00:51:58 openvpn[9018]: library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.08
Apr 24 00:51:58 openvpn[9019]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 24 00:51:58 openvpn[9019]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 24 00:51:58 openvpn[9019]: NOTE: --fast-io is disabled since we are not using UDP
Apr 24 00:51:58 openvpn[9019]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 24 00:51:58 openvpn[9019]: TCP/UDP: Preserving recently used remote address: [AF_INET]173.234.12.85:443
Apr 24 00:51:58 openvpn[9019]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Apr 24 00:51:58 openvpn[9019]: Attempting to establish TCP connection with [AF_INET]173.234.12.85:443 [nonblock]
Apr 24 00:51:59 openvpn[9019]: TCP connection established with [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link local: (not bound)
Apr 24 00:51:59 openvpn[9019]: TCP_CLIENT link remote: [AF_INET]173.234.12.85:443
Apr 24 00:51:59 openvpn[9019]: Connection reset, restarting [0]
Apr 24 00:51:59 openvpn[9019]: SIGUSR1[soft,connection-reset] received, process restarting
Apr 24 00:51:59 openvpn[9019]: Restart pause, 5 second(s)

I'm not sure what's going on here, but any insight that could help me out would be appreciated!
Try setting Auth Digest to SHA1 and setting Cipher Negotiation to Disable.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top