Tweet
Hello
I am new to OpenVPN and not very knowledgeable in network settings...
My config :
- W10 64 Pro
-OpenVPN 2.6.12 (GUI 11.50.0.0)
- Nas Synology DS218 - DSM 7.2.1 - VPN Server 1.4.9-2971
Connection chain : internet box - routeur - NAS
My OpenVPN :
- works locally
- works remotely when tested by Synology support team
- DOES NOT work remotely from my PC
Therefore, the general setup shoud and the network port forwarding rules are more or less OK (since Synology support team can connect) but there is flaw somewhere in my config whch I failed to identify.
My VPN config and connection log are below.
Could someone help ?
Thanks
############################################
My config is the following :
===========
dev tun
tls-client
remote 192.168.31.180 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
remote-cert-tls server
# Clients running OpenVPN 2.4 and higher will automatically upgrade from AES-256-CBC to AES-256-GCM without any configuration changes.
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
===========
My connection log is as follows :
===========
2024-08-06 12:10:25 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-08-06 12:10:25 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2024-08-06 12:10:25 OpenVPN 2.6.12 [git:v2.6.12/038a94bae57a446c] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jul 18 2024
2024-08-06 12:10:25 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-08-06 12:10:25 library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-06 12:10:25 DCO version: 1.2.1
2024-08-06 12:10:45 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.31.180:1194
2024-08-06 12:10:45 UDPv4 link local: (not bound)
2024-08-06 12:10:45 UDPv4 link remote: [AF_INET]192.168.31.180:1194
2024-08-06 12:11:46 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-08-06 12:11:46 TLS Error: TLS handshake failed
2024-08-06 12:11:46 SIGUSR1[soft,tls-error] received, process restarting
===========
I am new to OpenVPN and not very knowledgeable in network settings...
My config :
- W10 64 Pro
-OpenVPN 2.6.12 (GUI 11.50.0.0)
- Nas Synology DS218 - DSM 7.2.1 - VPN Server 1.4.9-2971
Connection chain : internet box - routeur - NAS
My OpenVPN :
- works locally
- works remotely when tested by Synology support team
- DOES NOT work remotely from my PC
Therefore, the general setup shoud and the network port forwarding rules are more or less OK (since Synology support team can connect) but there is flaw somewhere in my config whch I failed to identify.
My VPN config and connection log are below.
Could someone help ?
Thanks
############################################
My config is the following :
===========
dev tun
tls-client
remote 192.168.31.180 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
remote-cert-tls server
# Clients running OpenVPN 2.4 and higher will automatically upgrade from AES-256-CBC to AES-256-GCM without any configuration changes.
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
===========
My connection log is as follows :
===========
2024-08-06 12:10:25 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2024-08-06 12:10:25 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2024-08-06 12:10:25 OpenVPN 2.6.12 [git:v2.6.12/038a94bae57a446c] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jul 18 2024
2024-08-06 12:10:25 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-08-06 12:10:25 library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-06 12:10:25 DCO version: 1.2.1
2024-08-06 12:10:45 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.31.180:1194
2024-08-06 12:10:45 UDPv4 link local: (not bound)
2024-08-06 12:10:45 UDPv4 link remote: [AF_INET]192.168.31.180:1194
2024-08-06 12:11:46 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-08-06 12:11:46 TLS Error: TLS handshake failed
2024-08-06 12:11:46 SIGUSR1[soft,tls-error] received, process restarting
===========