Reputation: 2770
Connect to an OpenVPN server from an Azure Cloud Service client
I have a few machines on my office that can connect to a server that uses OpenVPN (UDP), given its .ovpn file. I'm also able to connect to that same server from my personal computer, which is in another network. I'm also able to connect to that server from a clean Azure VM running Windows Server 2012, that I just created to test this. But I haven't been able to connect to that same server (same .ovpn file) from a machine that is hosting an Azure Cloud Service.
The Azure Cloud Service was created with the default network configurations, InputEndpoints on ports 443(TCP) and 1194(UDP), and I added firewall exceptions that allowed any connections to UDP and TCP ports.
Yet, when I try to connect to the OpenVPN server from the Azure VM I get the message:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Is there any configuration other than the firewall exceptions that I should add to the cloud service so that it will enable me to connect to an OpenVPN server that uses UDP?
Below is the full log:
PS C:\config\config> openvpn .\client.ovpn
Fri Jul 22 15:32:55 2016 Option 'nobind' in .\client.ovpn:46 is ignored by previous <connection> blocks
Fri Jul 22 15:32:55 2016 us=764333 Current Parameter Settings:
Fri Jul 22 15:32:55 2016 us=764333 config = '.\client.ovpn'
Fri Jul 22 15:32:55 2016 us=764333 mode = 0
Fri Jul 22 15:32:55 2016 us=764333 show_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 show_digests = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 show_engines = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 genkey = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 key_pass_file = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 show_tls_ciphers = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 Connection profiles [default]:
Fri Jul 22 15:32:55 2016 us=764333 proto = udp
Fri Jul 22 15:32:55 2016 us=764333 local = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 local_port = 1194
Fri Jul 22 15:32:55 2016 us=764333 remote = '[UNDEF]'
Fri Jul 22 15:32:55 2016 us=764333 remote_port = 1194
Fri Jul 22 15:32:55 2016 us=764333 remote_float = DISABLED
Fri Jul 22 15:32:55 2016 us=764333 bind_defined = DISABLED
Fri Jul 22 15:32:55 2016 us=795589 bind_local = DISABLED
Fri Jul 22 15:32:55 2016 us=795589 connect_retry_seconds = 5
Fri Jul 22 15:32:55 2016 us=795589 connect_timeout = 10
Fri Jul 22 15:32:55 2016 us=795589 NOTE: --mute triggered...
Fri Jul 22 15:32:55 2016 us=795589 618 variation(s) on previous 20 message(s) suppressed by --mute
Fri Jul 22 15:32:55 2016 us=795589 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan
4 2016
Fri Jul 22 15:32:55 2016 us=795589 Windows version 6.2 (Windows 8 or greater)
Fri Jul 22 15:32:55 2016 us=795589 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Fri Jul 22 15:32:55 2016 us=983250 Control Channel Authentication: using 'engSimaTef.key' as a OpenVPN static key file
Fri Jul 22 15:32:56 2016 us=3179 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=3179 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC a
uthentication
Fri Jul 22 15:32:56 2016 us=14347 LZO compression initialized
Fri Jul 22 15:32:56 2016 us=14347 Control Channel MTU parms [ L:1602 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Fri Jul 22 15:32:56 2016 us=14347 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jul 22 15:32:56 2016 us=168985 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:143 ET:0 EL:3 AF:3/1 ]
Fri Jul 22 15:32:56 2016 us=168985 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lz
o,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDP
v4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jul 22 15:32:56 2016 us=168985 Local Options hash (VER=V4): 'a5d50645'
Fri Jul 22 15:32:56 2016 us=168985 Expected Remote Options hash (VER=V4): '14d315e7'
Fri Jul 22 15:32:56 2016 us=168985 UDPv4 link local: [undef]
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 link remote: [AF_INET][[SOME_HIDDEN_IP]]:10055
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:32:56 2016 us=184587 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Fri Jul 22 15:32:58 2016 us=558842 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #2 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:02 2016 us=785774 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #3 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:11 2016 us=85405 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 kid
=0 pid=[ #4 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:27 2016 us=873602 UDPv4 WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki
d=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network
connectivity)
Fri Jul 22 15:33:57 2016 us=129612 TLS Error: TLS handshake failed
Fri Jul 22 15:33:57 2016 us=129612 TCP/UDP: Closing socket
Fri Jul 22 15:33:57 2016 us=129612 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 22 15:33:57 2016 us=129612 Restart pause, 2 second(s)
Fri Jul 22 15:33:59 2016 us=148186 Re-using SSL/TLS context
Fri Jul 22 15:33:59 2016 us=148186 LZO compression initialized
...
Upvotes: 2
Views: 1430
Answers (1)
Reputation: 4715
The error is telling that OpenVPN tried to connect to the host
WRITE [86] to [AF_INET][[SOME_HIDDEN_IP]]:10055: P_CONTROL_HARD_RESET_CLIENT_V2 ki d=0 pid=[ #1 ] [ ] pid=0 DATA len=0
but has not recieved any answer:
UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
After the trial of 5 times the client stops to try to connect:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
The process stops in the first activity waiting for the reply:
(source: staticworld.net)
In those cases it is likely to have a connectivity problem. In the past I had the same problem once the problem was not enabled the required ports. (Take a look at both outgoing and incoming firevall rules.) An another problem could be that the server is not running or is not reachable.
TLDR: check out (VPN) service availability and firewall rules. In extreme cases there could be routing problems at the ISP (happend to a friend of mine) in this case you should report the problem to them and they will fix it.
Upvotes: 2
Related Questions
- Connecting to an Azure Virtual Network from PC
- Azure VPN Client "Status = VPN Platform did not trigger connection"
- Azure VPN client azure active directory authentication
- Create OpenVPN connection from docker container
- Azure OpenVPN appliance not traversing virtual network gateway
- Connect through openvpn client container from another container
- VPN connection from enterprise to windows azure
- Connecting an Azure virtual network to an external VPN gateway
- Connect to azure services (blob storage/servicebus) via a VPN
- Connect to a VPN from a .NET app on Windows Azure?