I'm having difficulty with OpenVPN on a Raspberry Pi 3 Model B that's running WTware 5.6.16 (OS and config file stored locally on card).
I'm using the exact same openvpn.cfg file that I use on another client (a PC, not an RPi) and that connects just fine from there.
When that config file is used on the RPi, however, the RPi sits at a black screen for about 5 minutes, until showing the following error:
Code: Select all
An error occurred while terminal boot
ERROR: OpenVPN failed.
If I look at the logs on the OpenVPN server, I see the following set of lines repeated for the five minutes:
Code: Select all
Oct 17 21:35:47 openvpn 14590 <ip address>:50721 TLS Error: TLS handshake failed
Oct 17 21:35:47 openvpn 14590 <ip address>:50721 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:34:27 openvpn 14590 <ip address>:50623 TLS Error: TLS handshake failed
Oct 17 21:34:27 openvpn 14590 <ip address>:50623 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:33:46 openvpn 14590 <ip address>:50201 TLS Error: TLS handshake failed
Oct 17 21:33:46 openvpn 14590 <ip address>:50201 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:33:25 openvpn 14590 <ip address>:50876 TLS Error: TLS handshake failed
Oct 17 21:33:25 openvpn 14590 <ip address>:50876 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 17 21:33:18 openvpn 14590 terminaltest/<ip address>:50252 send_push_reply(): safe_cap=940
Oct 17 21:33:15 openvpn 14590 terminaltest/<ip address>:50252 MULTI_sva: pool returned IPv4=192.168.20.3, IPv6=(Not enabled)
Oct 17 21:33:15 openvpn 14590 <ip address>:50252 [terminaltest] Peer Connection Initiated with [AF_INET]<ip address>:50252
Oct 17 21:33:15 openvpn 14590 <ip address>:50252 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Oct 17 21:33:15 openvpn 14590 <ip address>:50252 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Oct 17 21:33:15 openvpn 14590 <ip address>:50252 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Could you give me any ideas about why this is happening, or tell me if there is more information you would like?
Thanks very much for your time.