I have OpenVPN 2.5.1 on Debian 11 VPS, and OpenVPN 2.4.4 on my Linux PC client. I cannot connect to VPN server from my Linux PC by using this client.ovpn file.
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)
The same client.ovpn config on Windows with Open VPN 2.6.2 works perfectly. Obviously reason is because OpenVPN 2.4.4 doesn't support something that is needed and included in config files.
I tried to upgrade OpenVPN on my Linux PC, but it's old and ended with full system reinstall twice because when I update just plain OpenVPN it ruins my Gnome and network manager, and other things. That is not an option for me.
Is there any way I can still use this? If possible I don't want downgrade OpenVPN version on Debian server too. I spent a long time until I configured it successfully and finally it really works.
I already read many articles. Can someone can advise what to do?
The following are client.ovpn
client
proto udp
remote **.**.**.** 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_GOrbpjYhITYUxs7D name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
here certs follow so I cut it here
and this is server.conf from Debian 11 VPS
port 1194
proto udp
dev tun0
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
push "route 10.8.0.0 255.255.255.0"
dh dh.pem
tls-auth tls-auth.key 0
crl-verify crl.pem
ca ca.crt
cert server_GOrbpjYhITYUxs7D.crt
key server_GOrbpjYhITYUxs7D.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
#status /var/log/openvpn/status.log
#verb 3
duplicate-cn
log /dev/null
log-append /dev/null
status /dev/null
verb 0
cipher
,auth
and s on. Also remove thatduplicate-cn
and pretend OpenVPN has no such option and never had and will never have (unless you're a world's network security superstar); each client should have it's own dedicated personal certificate for good.