OpenVPN not establishing a connection on Raspberry Pi 3 Model B running 5.6.16

All about WTware on Raspberry. WTware works with Raspberry Pi 4, Raspberry Pi 3B+, Pi 3 and Pi 2 devices
http://www.winterminal.com
Post Reply
Bitey
Posts: 2
Joined: Tue Oct 17, 2017 3:45 pm

OpenVPN not establishing a connection on Raspberry Pi 3 Model B running 5.6.16

Post by Bitey »

Hi WTware team,

I'm having difficulty with OpenVPN on a Raspberry Pi 3 Model B that's running WTware 5.6.16 (OS and config file stored locally on card).

I'm using the exact same openvpn.cfg file that I use on another client (a PC, not an RPi) and that connects just fine from there.
When that config file is used on the RPi, however, the RPi sits at a black screen for about 5 minutes, until showing the following error:

Code: Select all

An error occurred while terminal boot

ERROR: OpenVPN failed.
It then dumps me at a terminal.

If I look at the logs on the OpenVPN server, I see the following set of lines repeated for the five minutes:

Code: Select all

Oct 17 21:35:47	openvpn	14590	<ip address>:50721 TLS Error: TLS handshake failed
Oct 17 21:35:47	openvpn	14590	<ip address>:50721 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:34:27	openvpn	14590	<ip address>:50623 TLS Error: TLS handshake failed
Oct 17 21:34:27	openvpn	14590	<ip address>:50623 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:33:46	openvpn	14590	<ip address>:50201 TLS Error: TLS handshake failed
Oct 17 21:33:46	openvpn	14590	<ip address>:50201 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:33:25	openvpn	14590	<ip address>:50876 TLS Error: TLS handshake failed
Oct 17 21:33:25	openvpn	14590	<ip address>:50876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:33:18	openvpn	14590	terminaltest/<ip address>:50252 send_push_reply(): safe_cap=940
Oct 17 21:33:15	openvpn	14590	terminaltest/<ip address>:50252 MULTI_sva: pool returned IPv4=192.168.20.3, IPv6=(Not enabled)
Oct 17 21:33:15	openvpn	14590	<ip address>:50252 [terminaltest] Peer Connection Initiated with [AF_INET]<ip address>:50252
Oct 17 21:33:15	openvpn	14590	<ip address>:50252 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Oct 17 21:33:15	openvpn	14590	<ip address>:50252 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Oct 17 21:33:15	openvpn	14590	<ip address>:50252 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
TLS authentication is enabled on the server, and ta.key is included in openvpn.cfg (along with the key-direction directive). As I mentioned, though, the exact same file works fine on an x64 client also running 5.6.16.

Could you give me any ideas about why this is happening, or tell me if there is more information you would like?

Thanks very much for your time.
Post Reply