TLS Error: client->client or server->server connection attempted from

davidvp

Junior Member

Join Date: Feb 2025
Posts: 2

TLS Error: client->client or server->server connection attempted from

2025-02-11, 06:45 AM

Hi guys,
I was trying to config my openvpn during weeks and it is almost impossible.
My current topology:
- I have my IPS Router exposing a port
- After this, I have an Ubiquity EdgeRouter with OpenVPN

Scenaries:
- Mac connect to WIFI and Openvpn client pointing to EdgeRouter port👌
- Mac connect to 5G and Openvpn client pointing to ISP port👌 (it was difficult but it is working)
- Iphone connect to WIFI and Openvpn client pointing to EdgeRouter port 👌
- Iphone connect to 5G and Openvpn client pointing to ISP port🙅 My feeling is IOS is not able to put the info coming from push-route

I would like to solve my last case. I am using the same ovpn file like Mac. The log in the server are showing this lines:

Code:

Feb 10 19:35:10 ubnt openvpn[26434]: MULTI: multi_create_instance called
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Re-using SSL/TLS context
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Local Options hash (VER=V4): '239669a8'
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 Expected Remote Options hash (VER=V4): '3514370b'
Feb 10 19:35:10 ubnt openvpn[26434]: 80.103.136.3:4539 TLS: Initial packet from [AF_INET]80.103.136.3:4539, sid=4816f0dc a98c51e9
Feb 10 19:35:11 ubnt openvpn[26434]: 80.103.136.3:4539 VERIFY OK: depth=1, C=ES, ST=MA, O=NA, OU=NA, CN=NA
Feb 10 19:35:11 ubnt openvpn[26434]: 80.103.136.3:4539 VERIFY OK: depth=0, C=es, ST=MA, L=Madrid, O=na, OU=na, CN=client
Feb 10 19:35:12 ubnt openvpn[26434]: 80.103.136.3:4539 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 10 19:35:12 ubnt openvpn[26434]: 80.103.136.3:4539 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 10 19:35:12 ubnt openvpn[26434]: 80.103.136.3:4539 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Feb 10 19:35:12 ubnt openvpn[26434]: 80.103.136.3:4539 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Feb 10 19:35:12 ubnt openvpn[26434]: 80.103.136.3:4539 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Feb 10 19:35:12 ubnt openvpn[26434]: 80.103.136.3:4539 [client] Peer Connection Initiated with [AF_INET]80.103.136.3:4539
Feb 10 19:35:12 ubnt openvpn[26434]: client/80.103.136.3:4539 MULTI_sva: pool returned IPv4=172.16.1.2, IPv6=(Not enabled)
Feb 10 19:35:12 ubnt openvpn[26434]: client/80.103.136.3:4539 MULTI: Learn: 172.16.1.2 -> client/80.103.136.3:4539
Feb 10 19:35:12 ubnt openvpn[26434]: client/80.103.136.3:4539 MULTI: primary virtual IP for client/80.103.136.3:4539: 172.16.1.2
Feb 10 19:35:12 ubnt openvpn[26434]: client/80.103.136.3:4539 PUSH: Received control message: 'PUSH_REQUEST'
Feb 10 19:35:12 ubnt openvpn[26434]: client/80.103.136.3:4539 send_push_reply(): safe_cap=940
Feb 10 19:35:12 ubnt openvpn[26434]: client/80.103.136.3:4539 SENT CONTROL [client]: 'PUSH_REPLY,dhcp-option DNS 192.168.2.1,route 192.168.1.0 255.255.255.0,route 192.168.2.0 255.255.255.0,route-gateway 172.16.1.1,topology subnet,ping 10,ping-restart 60,ifconfig 172.16.1.2 255.255.255.0' (status=1)
Feb 10 19:35:19 ubnt openvpn[26434]: client/80.103.136.3:4539 TLS Error: client->client or server->server connection attempted from [AF_INET]80.103.136.3:4539

Tags: None