https://wiki.amahi.org/index.php?action=history&feed=atom&title=Prevent_SSL_Handshake_Timeouts_In_OpenVPNPrevent SSL Handshake Timeouts In OpenVPN - Revision history2026-05-05T08:53:04ZRevision history for this page on the wikiMediaWiki 1.34.2https://wiki.amahi.org/index.php?title=Prevent_SSL_Handshake_Timeouts_In_OpenVPN&diff=19225&oldid=prevAlireza2n: Created page with 'Some users may experience "SSL\TLS handshake" timeouts, this may happen when somehow these packets get corrupt, regardless of their protocol (TCP/UDP) or port.<br> Now we're goin…'2010-10-21T19:58:46Z<p>Created page with 'Some users may experience "SSL\TLS handshake" timeouts, this may happen when somehow these packets get corrupt, regardless of their protocol (TCP/UDP) or port.<br> Now we're goin…'</p>
<p><b>New page</b></p><div>Some users may experience "SSL\TLS handshake" timeouts, this may happen when somehow these packets get corrupt, regardless of their protocol (TCP/UDP) or port.<br><br />
Now we're going to add "HMAC signature" to packets, so that every packet not bearing the signature can be dropped, after adding this your connection will be more secure & those timeouts will dissapear!<br><br />
Here is how:<br />
<br />
'''Things to do on server :'''<br><br />
Open "Terminal" or use SSH to login into server as root, run these commands:<br />
<br />
:''cd /etc/openvpn/amahi''<br />
:''openvpn -–genkey -–secret ta.key''<br />
<br />
*If using Terminal:<br />
::''gedit /etc/openvpn/amahi.conf''<br />
<br />
*If using SSH: <br />
::''nano /etc/openvpn/amahi.conf<br />
<br />
Now add these lines to the end of file:<br />
:''tls-auth /etc/openvpn/amahi/ta.key 0''<br />
:''cipher AES-256-CBC''<br />
<br />
Save the config file:<br />
:*If using Terminal : Save the file (Ctrl+s)''<br />
:*If using SSH: press Ctrl+x , then y ,then press Enter<br />
<br />
Let's restart openvpn service:<br />
:''service openvpn restart''<br />
<br />
You'll get something like this after this command :<br />
:''Shutting down openvpn.... [OK]<br />
:''Starting openvpn... [OK]<br />
<br />
<br />
OK, there is one more thing left to do on server, you need to copy "ta.key" to a shared folder, because you have to use it on VPN client. a simple way to do this is to enter the following command, it will copy "ta.key" to "Docs" share folder which is accessible via Windows Share:<br />
<br />
:''cp /etc/openvpn/amahi/ta.key /var/hda/files/docs''<br />
<br />
<br />
'''Things to do on Client:'''<br />
:*If using windows: Run HDAConnect GUI, right-click on the red "A" icon in tray & choose "Edit Config".<br />
:* If using other OS, you need to edit OpenVpn client config file via a text editor.<br><br />
Now add these lines to end of the file:<br />
<br />
:''tls-auth ta.key 1''<br />
:''cipher AES-256-CBC''<br />
<br />
Then save it, now we need to copy "ta.key" to the folder where the config file exists.<br />
:*On 32-bit Windows it should be copied to "C:\Program files\HDAConnect\config".<br />
:*On 64-bit Windows copy it to "C:\Program Files (x86)\HDAConnect\config".<br />
:*On other OS, it should be placed where the config file exists.<br />
<br />
='''Done!'''=<br />
Everything is set, fire up Openvpn client and use your username/password to connect.<br>(As you know you cannot make a vpn tunnel from yourself to yourself! so you have to test it from another network.)</div>Alireza2n