OpenVPN Unable to Connect due to TLS Handshake Failure

OpenVPN is a third-party VPN solution that the NG Firewall leverages. However, a common issue that arises is that users are unable to connect with their log output indicating an issue with TLS handshake. This is caused by an out-of-date certificate created by the OpenVPN server. Although we do not recommend reinstalling applications as a solution to a problem, it is required in this case: this will pull the most recent OpenVPN certificate available and resolve the TLS handshake issue. Below is the common output from the OpenVPN client when there is a TLS/Certificate error that will require a reinstallation.

Note: After uninstalling and reinstalling the OpenVPN Service Application, you will be required to reconfigure the application, include: recreating clients, settings groups, and creating exported networks.


NOTE: This second option is a temporary solution until you are able to run the first solution of uninstalling and reinstalling the application.

The second option is to uninstall the OpenVPN client on each host with the certificate issue, and download the OpenVPN client version "2.4.3" on said host. From there, you will download the client from the NG Firewall and choose the inline file, rather than the .exe file. Finally, you will open your installed OpenVPN client of 2.4.3 on the host machine, right click the icon for options, and choose Import File... > The downloaded client file. I have attached the site below for client downloads, where you can download version 2.4.3:

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk