Trouble installing VPN server on OpenWrt. Initial handshake fails. Any help please?

Installing and Using OpenWrt
1

OpenVPN server:

Followed all the steps here (verbatim): https://openwrt.org/docs/guide-user/services/vpn/openvpn/basic

Generated client.ovpn file, moved it to my client, and used OpenVPN Client to establish connection.

On the server, I get the following error:

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: UDPv4 link local (bound): [AF_INET][undef]:1194

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: UDPv4 link remote: [AF_UNSPEC]

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: GID set to nogroup

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: UID set to nobody

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: MULTI: multi_init called, r=256 v=256

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: IFCONFIG POOL: base=
[192.168.8.2](https://192.168.8.2/) size=252, ipv6=0

Feb 23 23:17:56 OpenWrt openvpn(server)[26496]: Initialization Sequence Completed

Feb 23 23:21:02 OpenWrt openvpn(server)[26496]:
[192.168.1.166:55415](https://192.168.1.166:55415/) TLS: Initial packet from [AF_I NET]
[192.168.1.166:55415](https://192.168.1.166:55415/), sid=c7da26f9 cea9b1ba

Feb 23 23:22:02 OpenWrt openvpn(server)[26496]:
[192.168.1.166:55415](https://192.168.1.166:55415/) TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Feb 23 23:22:02 OpenWrt openvpn(server)[26496]:
[192.168.1.166:55415](https://192.168.1.166:55415/) TLS Error: TLS handshake failed

Feb 23 23:22:02 OpenWrt openvpn(server)[26496]:
[192.168.1.166:55415](https://192.168.1.166:55415/) SIGUSR1[soft,tls-error] received, client-instance restarting

On the Client:


Sun Feb 23 18:21:01 2020 MANAGEMENT: >STATE:1582500061,RESOLVE,,,,,,

Sun Feb 23 18:21:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]
<My_Public_IP_here>:1194

Sun Feb 23 18:21:01 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]

Sun Feb 23 18:21:01 2020 UDP link local: (not bound)

Sun Feb 23 18:21:01 2020 UDP link remote: [AF_INET]``<``#My Client public IP here>

Sun Feb 23 18:21:01 2020 MANAGEMENT: >STATE:1582500061,WAIT,,,,,,

Sun Feb 23 18:22:01 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Sun Feb 23 18:22:01 2020 TLS Error: TLS handshake failed

Sun Feb 23 18:22:01 2020 SIGUSR1[soft,tls-error] received, process restarting

Sun Feb 23 18:22:01 2020 MANAGEMENT: >STATE:1582500121,RECONNECTING,tls-error,,,,,

Sun Feb 23 18:22:01 2020 Restart pause, 5 second(s)

How do I fix this TLS error?

2

Here it should be the server public IP address, because it is the remote on the client side.
In any case post here the configs from both server and client, as well as the network and firewall from the server.
uci export network; uci export firewall

3

Hi, the client has the same public IP as the server, that's why I mentioned it as "My client public IP".
I also tested it from an external (not on the same network) network, trying to connect from a client on the Internet, and there too, the same handshake issue happens. All network and firewall are default settings, nothing has been modified. Do you still need that to troubleshoot?

4

They cannot be defaults, in the guide you are supposed to make some changes in the firewall at least.

5

Oh man, I meant, the settings were all copy-pasted verbatim till section 4 of the guide here: https://openwrt.org/docs/guide-user/services/vpn/openvpn/basic
The section "Automated script on PC" wasn't attempted.
Do you still need the current config?

6

Well, yes. And since you mentioned it, run the troubleshooting commands at the bottom of the page as well. You can skip the ip -6 commands if you are not using ipv6.