Ubuntu
openvpn package

Official OpenVPN Client app fails to connect: TLS handshake error

Bug #2039777 reported by Vasya Pupkin on 2023-10-19

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	openvpn (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Official OpenVPN client for Android and Mac stopped working with OpenVPN server running under Ubuntu 22.04. I see this in server logs:

UDP connection attempt:

Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:40717, sid=454cf4a4 14fe3429
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 VERIFY OK: depth=1, C=RU, L=X, O=Private Person, OU=X, CN=X, name=X, <email address hidden>
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 VERIFY OK: depth=0, C=RU, L=X, O=Private Person, OU=X, CN=defaultgw, name=X, <email address hidden>
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_VER=3.git::081bfebe:RelWithDebInfo
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_PLAT=android
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_NCP=2
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_TCPNL=1
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_PROTO=30
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_GUI_VER=net.openvpn.connect.android_3.3.4-9290
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 peer info: IV_SSO=webauth,openurl,crtext
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 TLS Error: Auth Username/Password was not provided by peer
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 TLS Error: TLS handshake failed
Oct 19 15:31:35 vpsocsg ovpn-server-udp[49394]: XXX.XXX.XXX.XXX:40717 SIGUSR1[soft,tls-error] received, client-instance restarting

TCP connection attempt:

Oct 19 15:38:21 vpsocsg ovpn-server[818]: TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:57822
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:57822, sid=143ac889 37220896
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 VERIFY OK: depth=1, C=RU, L=X, O=Private Person, OU=X, CN=X, name=X, <email address hidden>
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 VERIFY OK: depth=0, C=RU, L=X, O=Private Person, OU=X, CN=defaultgw, name=X, <email address hidden>
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_VER=3.git::081bfebe:RelWithDebInfo
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_PLAT=android
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_NCP=2
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_TCPNL=1
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_PROTO=30
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_GUI_VER=net.openvpn.connect.android_3.3.4-9290
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 peer info: IV_SSO=webauth,openurl,crtext
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 TLS Error: Auth Username/Password was not provided by peer
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 TLS Error: TLS handshake failed
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 Fatal TLS error (check_tls_errors_co), restarting
Oct 19 15:38:21 vpsocsg ovpn-server[818]: XXX.XXX.XXX.XXX:57822 SIGUSR1[soft,tls-error] received, client-instance restarting

Please note that older clients are connecting without any issue, the problem is only with recent official OpenVPN Client app.

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: openvpn 2.5.5-1ubuntu3.1
ProcVersionSignature: Ubuntu 5.15.0-1045.51-oracle 5.15.122
Uname: Linux 5.15.0-1045-oracle x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
CloudArchitecture: x86_64
CloudID: oracle
CloudName: oracle
CloudPlatform: oracle
CloudSubPlatform: metadata (http://169.254.169.254/opc/v2/)
Date: Thu Oct 19 15:29:04 2023
ProcEnviron:
TERM=screen.xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Vasya Pupkin (shadowlmd) wrote on 2023-10-19:

Dependencies.txt Edit (2.2 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.2 KiB, text/plain; charset="utf-8")

Revision history for this message

Vasya Pupkin (shadowlmd) wrote on 2023-10-19:

Actually, it seems like newer version doesn't support the cipher that was configured in server.conf.

Changed in openvpn (Ubuntu):
status:	New → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenvpn package