Some users cannot login to Openvpn

Hello everyone, our nethserver is working normally without giving errors. But yesterday one of the users has move to the another apartment where he use Telecom italia internet (TIM). But he cannot login to Openvpn.
his error on Openvpn Gui log is followed;
TLS key negotioation failed.
TLS handshake failed.

I checked on server logs how to identify the error, but nothing is found on the server about his login.
Then I copied his config and cert files on my computer to try login and I succeeded.
Problem is his TIM internet line or our server?

Can it be an issue like “the same public IPs were assigned to different users”…copied from a TIM user experience ???

Dear all, this morning I’ve heard that even throught the wifi hotspot that is generated by an iPhone is not helping to connect VPN. I reset flushdns and winsock but no chance. any ideas please ?

If you have installed fail2ban, check that the ip where you connect from has not been banned.

1 Like

I have not installed fail2ban. Thanks very much for your effort

Have you tried to uninstall and reinstall the openvpn client from the user’s pc?
In some cases I had to do it in order to reset a broken connection.

Yes i did it but no chance.

Maybe the client firewall or the firewall of the apartment blocks the traffic?

Dear mrmarkuz, your suggession are great but I tried all these settings but had no chance.
I also allowed the Openvpn Daemon on Win10 firewall to jump to the connection but nothing. This user was able to connect from his computer from his home, but now he traveled with his computer West italy. yesterday he tried this connection for the first time.

Does the client get a local or a public IP?

There seem to be issues regarding openvpn and tim:

https://forums.openvpn.net/viewtopic.php?p=88389

mrmarkuz, you have got the right review from the Tim user, I have read this discussion. But I cannot understand what’s you question and don’t know how to respond - where can I find those IP?
At the end of this Tim conversation the user commented that he solved the problem but to analys the way he has done is little bit difficult to me.

The user can ping the nethserver or see the nethserver landing page if he/she digit http://ip.of.your.nethserver in a browser?

1 Like

Dear Saitobenkei, the user cannot ping nethserver because he has no possible to connect openvpn.

I mean the public ip of the nethserver or the router of the lan where the nethserver is installed.

1 Like

That’s a real point, user cannot ping the public ip address where the nethserver is located.
I tried also tracert publicipaddress but sometimes gives me timeout error.

Dear friends, any idea about the matter that we’ve been talking about?

if you’re already having trouble connecting to your server before you even run the VPN client, I’d say we know why…

:worried: :worried: :worried: :slightly_frowning_face:
May be I have to search for another solution.

All right, then,

First of all, you need to understand why the public IP on your server isn’t reachable from that line.

Is it reachable from another internet connection? Does it answer the ping? Is the Nethserver landing page (if ports 80 and 443 are turned to the private ip of your server from your router/firewall) reachable from the outside?

https://your.public.ip.address

Is there any wrong blocking/configuration on YOUR firewall/router that could block the IP from where your colleague is trying to connect?

Is the Nethserver also used as a firewall (so with two network cards)?

Public IP on your server isn’t reachable from that line - no
Is it reachable from another internet connection? - Yes (from my home i can, but from the home of my boss cannot). We also tried through iphone hotspot to connect but couldn’t.
Does it answer the ping? No

Is the Nethserver landing page (if ports 80 and 443 are turned to the private ip of your server from your router/firewall) reachable from the outside? - do you mean that I must allow port forwarding on the routher allowing the ports 80 and 443?

Is there any wrong blocking/configuration on YOUR firewall/router that could block the IP from where your colleague is trying to connect? as i know no blocks

Is the Nethserver also used as a firewall (so with two network cards)? with two network cards

sorry for bother b’cos i want to break down the issue where the problem is arrised.

What does your network look like?

LAN -------- (first NIC)[ Nethserver ](second NIC) -------- [ Router ] ---------- (Internet)