openvpn TSL unsupported protocol

From thelinuxwiki
Revision as of 20:08, 5 January 2026 by Nighthawk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

environment

OpenWrt 24.10.4


errors 

Mon Jan  5 13:44:54 2026 daemon.notice openvpn(junkervpn)[17226]: TLS: Initial packet from [AF_INET]10.0.0.117:11194, sid=a48ff4a0 b182fbd1
Mon Jan  5 13:44:54 2026 daemon.err openvpn(junkervpn)[17226]: TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
Mon Jan  5 13:44:54 2026 daemon.err openvpn(junkervpn)[17226]: OpenSSL: error:0A000102:SSL routines::unsupported protocol:
Mon Jan  5 13:44:54 2026 daemon.err openvpn(junkervpn)[17226]: TLS_ERROR: BIO read tls_read_plaintext error
Mon Jan  5 13:44:54 2026 daemon.err openvpn(junkervpn)[17226]: TLS Error: TLS object -> incoming plaintext read error
Mon Jan  5 13:44:54 2026 daemon.err openvpn(junkervpn)[17226]: TLS Error: TLS handshake failed


root cause

tls version mismatch. need to enable 1.0 on the connecting client device.

solution

add the following line to the appropriate conf file in /etc/openvpn/ directory 

tls-version-min 1.0
Retrieved from "http://www.thelinuxwiki.com/index.php?title=openvpn_TSL_unsupported_protocol&oldid=1585"