Common Causes of OpenVPN Connection Failure

1. Configuration File Structure Error

If you follow our OpenVPN guide to make the package file. It should be fine. But you might made some mistakes, please check this guide OpenVPN Package File Structure of Yeastar to make sure your files are correct. 

2. Configuration Option Error

Usually you can compare the configuration on the server side and the client side to prevent this type of error.

Incorrect Transport Protocol

The transport mode on server side and client side should be the same. If one side is UDP, the other side is TCP, then connection would failed.

 

Incorrect Device Mode

The transport mode on server side and client side should be the same. If one side is TAP, the other side is TUN, then connection would failed.

In the following example, the client side is using TUN mode. But the server side uses TAP mode. Then it got the error.

WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address.  
You are using something (255.255.255.0) that looks more like a netmask. 
(silence this warning with --ifconfig-nowarn)

 

* Note that iOS and Android only support TUN mode.

 

Incorrect Encryption Mode

The encryption mode on server side and client side should be the same.

Also sometimes you might write the incorrect name of the encryption. E.g, you might write BlowFish. Acutally the correct one should be BF-CBC in the configuration file.

 

Incorrect Remote Address

Basically you would use OpenVPN in the extranet. But sometimes you might forgot to change the remote address to a public IP address. 

Or sometime you might use a wrong port. As external port could be different than the default 1194.

 

Compression Option Mismatch

This option should be enabled or disabled at the same time on the server side and the client side.

 

3. Certificates and Keys Error

It's not easy to identify which option is wrong in the log. Usually, we test the certificate and keys in local network first. Then use it in public network if the test was good in local network. The easiest and effective way is to make new certificate and keys to verify if the old ones are not generated well.

The common error would like:

TLS Key negotiation failed... TLS handshake failed

4. OpenVPN Version Compatibility

Current OpenVPN version is 2.0.5 which doesn't support Subnet topology.

If you could find the following error log, then it should be using the Subnet topology.

Unfortunately, it doesn't print the straight forward log every log like above figure.

While upgrading often helps resolve some odd issues. Please refer this guide to upgrade the OpenVPN version: Upgrade the OpenVPN Version

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.