VPN funktioniert nach Routerwechsel nicht mehr

[Paulchengb]

Hallo zusammen,
ich habe einen alten TP-Link gegen einen neuen TP-Link AX3000 ausgetauscht und seitdem kann ich mich auf einen VPN-Server, der auf einem Server mit der IP 192.168.10.101 läuft, nicht mehr verbinden. UDP Port 1194 ist weitergeleitet.

Server-Cfg:

# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d

# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one.  You will need to
# open up this port on your firewall.
port 1194


# TCP or UDP server?
;proto tcp
proto udp4

Server-Log

Fri Feb 11 21:58:51 2022 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Fri Feb 11 21:58:51 2022 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 11 21:58:51 2022 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Fri Feb 11 21:58:51 2022 Diffie-Hellman initialized with 2048 bit key
Fri Feb 11 21:58:51 2022 interactive service msg_channel=0
Fri Feb 11 21:58:51 2022 ROUTE_GATEWAY 192.168.10.1/255.255.255.0 I=14 HWADDR=xxxxx
Fri Feb 11 21:58:51 2022 open_tun
Fri Feb 11 21:58:51 2022 TAP-WIN32 device [LAN-Verbindung] opened: \\.\Global\{BA7785B0-7558-455E-ADA1-7154C4222265}.tap
Fri Feb 11 21:58:51 2022 TAP-Windows Driver Version 9.24
Fri Feb 11 21:58:51 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {BA7785B0-7558-455E-ADA1-7154C4222265} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Fri Feb 11 21:58:51 2022 Sleeping for 10 seconds...
Fri Feb 11 21:59:01 2022 Successful ARP Flush on interface [12] {BA7785B0-7558-455E-ADA1-7154C4222265}
Fri Feb 11 21:59:01 2022 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Fri Feb 11 21:59:01 2022 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Fri Feb 11 21:59:01 2022 Route addition via IPAPI succeeded [adaptive]
Fri Feb 11 21:59:01 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 11 21:59:01 2022 UDPv4 link local (bound): [AF_INET][undef]:55556
Fri Feb 11 21:59:01 2022 UDPv4 link remote: [AF_UNSPEC]
Fri Feb 11 21:59:01 2022 MULTI: multi_init called, r=256 v=256
Fri Feb 11 21:59:01 2022 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Fri Feb 11 21:59:01 2022 ifconfig_pool_read(), in='....,10.8.0.4', TODO: IPv6
Fri Feb 11 21:59:01 2022 succeeded -> ifconfig_pool_set()
Fri Feb 11 21:59:01 2022 ifconfig_pool_read(), in='...,10.8.0.8', TODO: IPv6
Fri Feb 11 21:59:01 2022 succeeded -> ifconfig_pool_set()
Fri Feb 11 21:59:01 2022 ifconfig_pool_read(), in='.....,10.8.0.12', TODO: IPv6
Fri Feb 11 21:59:01 2022 succeeded -> ifconfig_pool_set()
Fri Feb 11 21:59:01 2022 ifconfig_pool_read(), in='....,10.8.0.16', TODO: IPv6
Fri Feb 11 21:59:01 2022 succeeded -> ifconfig_pool_set()
Fri Feb 11 21:59:01 2022 IFCONFIG POOL LIST
Fri Feb 11 21:59:01 2022 ....,10.8.0.4
Fri Feb 11 21:59:01 2022 ....,10.8.0.8
Fri Feb 11 21:59:01 2022 ....,10.8.0.12
Fri Feb 11 21:59:01 2022 ....,10.8.0.16
Fri Feb 11 21:59:01 2022 Initialization Sequence Completed

Client-Cfg

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one.  On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server?  Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.

port 1194
remote meinedomain.de

Client-Log

Fri Feb 11 20:43:33 2022 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Fri Feb 11 20:43:33 2022 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 11 20:43:33 2022 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Fri Feb 11 20:43:33 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Fri Feb 11 20:43:33 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 11 20:43:33 2022 UDP link local: (not bound)
Fri Feb 11 20:43:33 2022 UDP link remote: [AF_INET]xxx.xxxx.xxxx.xxxx:1194
Fri Feb 11 20:44:33 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Feb 11 20:44:33 2022 TLS Error: TLS handshake failed
Fri Feb 11 20:44:33 2022 SIGUSR1[soft,tls-error] received, process restarting

Ich vermutete, dass es doch irgendetwas mit der Port-Weiterleitung oder so zu tun hatte, aber es geht auch nicht, wenn ich von einem PC in meinem Netzwerk mit der IP 192.168.10.50 eine Verbindung aufbauen möchte
Client-Log im gleichen LAN. In der Client-CFG habe ich bei remote 192.168.10.101 geschrieben...

Fri Feb 11 21:37:03 2022 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Fri Feb 11 21:37:03 2022 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 11 21:37:03 2022 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Fri Feb 11 21:37:03 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Feb 11 21:37:03 2022 Need hold release from management interface, waiting...
Fri Feb 11 21:37:03 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Feb 11 21:37:03 2022 MANAGEMENT: CMD 'state on'
Fri Feb 11 21:37:03 2022 MANAGEMENT: CMD 'log all on'
Fri Feb 11 21:37:03 2022 MANAGEMENT: CMD 'echo all on'
Fri Feb 11 21:37:03 2022 MANAGEMENT: CMD 'bytecount 5'
Fri Feb 11 21:37:03 2022 MANAGEMENT: CMD 'hold off'
Fri Feb 11 21:37:03 2022 MANAGEMENT: CMD 'hold release'
Fri Feb 11 21:37:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.10.101:1194
Fri Feb 11 21:37:03 2022 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 11 21:37:03 2022 UDP link local: (not bound)
Fri Feb 11 21:37:03 2022 UDP link remote: [AF_INET]192.168.10.101:55556
Fri Feb 11 21:37:03 2022 MANAGEMENT: >STATE:1644611823,WAIT,,,,,,
Fri Feb 11 21:38:03 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Feb 11 21:38:03 2022 TLS Error: TLS handshake failed
Fri Feb 11 21:38:03 2022 SIGUSR1[soft,tls-error] received, process restarting
Fri Feb 11 21:38:03 2022 MANAGEMENT: >STATE:1644611883,RECONNECTING,tls-error,,,,,
Fri Feb 11 21:38:03 2022 Restart pause, 5 second(s)
Fri Feb 11 21:38:08 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.10.101:1194

An den Zertifikaten habe ich sicher nichts geändert...

Hat jemand eine Idee, was hier das Problem sein könnte?
Ich habe auch einen anderen Port, z.B. 55000 versucht, aber auch ohne Erfolg. OpenVPN ist im AX3000 deaktiviert.

 

[dirk11]

Die Fehlermeldungen

Fri Feb 11 21:38:03 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Feb 11 21:38:03 2022 TLS Error: TLS handshake failed
Fri Feb 11 21:38:03 2022 SIGUSR1[soft,tls-error] received, process restarting
Fri Feb 11 21:38:03 2022 MANAGEMENT: >STATE:1644611883,RECONNECTING,tls-error,,,,,

sind aber eindeutig.

 

[Paulchengb]

Ich habe wieder alles zurück gebaut und mit dem alten läuft alles einwandfrei...
Kann es sein, dass der "deaktivierte" OpenVPN-Server trotzdem irgendwie Probleme macht?

Ich habe es auch mit deaktivierte SPI-Firewall versucht - ohne Erfolg.

Nachtrag: Kann es sein, dass es am NAT liegt? Ich muss NAT aber aktivieren, da der TL-Link in "2. Reihe" hängt, davor ist noch eine FritzBox, die natürlich 1194 korrekt weiterleitet.