TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) (Powershell)

# Path to the log file $logPath = "C:\Users\Administrator\OpenVPN\log\client1.log" # Read the log file and get the last 100 lines $logLines = Get-Content -Path $logPath -Tail 100 # Initialize flags to check for TLS errors and a list to store error lines $tlsHandshakeFailed = $false $tlsKeyNegotiationFailed = $false $errorLines = @() # Search for TLS errors in the last 100 lines and collect error lines foreach ($line in $logLines) { if ($line -match "TLS handshake failed") { $tlsHandshakeFailed = $true $errorLines += $line } if ($line -match "TLS key negotiation failed to occur within 60 seconds") { $tlsKeyNegotiationFailed = $true $errorLines += $line } } # Print error lines and troubleshooting steps if errors are found if ($tlsHandshakeFailed -and $tlsKeyNegotiationFailed) { $context.ctxprint("Detected TLS errors in the last 100 lines of logs.`n") $context.ctxprint("Error Details:") foreach ($errorLine in $errorLines) { $context.ctxprint($errorLine) } $context.ctxprint("`nProbable causes and solutions:") $context.ctxprint("- Ensure the client is using TLS 1.2 or higher. An outdated client may be using TLS 1.0.") $context.ctxprint("- Update to the latest OpenVPN Connect client version if the error is due to an older client.") $context.ctxprint("- Check if TLS version settings between the server and client match. Mismatched TLS settings can cause this error.") $context.ctxprint("- Re-download and reapply the client configuration profile if TLS settings were recently changed.") $context.ctxprint("- Ensure no firewall or ISP restrictions are interfering with the connection.") } else { $context.ctxprint("No relevant TLS errors detected in the last 100 lines.") $context.setproceed($false) #$context.skip_sub_tasks = $true }

# Define the firewall rule name and port $ruleName = "Allow OpenVPN UDP 1194" $port = 1194 $protocol = "UDP" $context.ctxprint("Checking for existing firewall rule for UDP traffic on port $port...") # Check if a rule already exists for UDP traffic on port 1194 $existingRule = netsh advfirewall firewall show rule name=all | Select-String -Pattern "LocalPort.*$port", "RemotePort.*$port" if ($existingRule) { $context.ctxprint("Firewall rule for UDP traffic on port $port already exists. No action needed.") } else { $context.ctxprint("No existing firewall rule for UDP traffic on port $port. Adding a new rule...") # Add the firewall rule to allow inbound UDP traffic on port 1194 $addRuleCommand = "netsh advfirewall firewall add rule name=`"$ruleName`" protocol=$protocol dir=in localport=$port action=allow" Invoke-Expression $addRuleCommand | Out-Null $context.ctxprint("Firewall rule successfully added to allow UDP traffic on port $port.") $context.ctxprint("Verifying the newly added rule...") # Verify the status of the newly added rule $verifyRule = netsh advfirewall firewall show rule name="$ruleName" $context.ctxprint("Verification complete. Details of the firewall rule for VPN Port ($port):") $context.ctxprint($verifyRule) } $context.ctxprint("Script completed.")

# PowerShell script to rollout upgrade for the latest version of OpenVPN Connect on a Windows client # Define the URL for the latest OpenVPN Connect Client for Windows (x64) $openVPNUrl = "https://openvpn.net/downloads/openvpn-connect-v3-windows.msi" $installerPath = "$env:TEMP\openvpn-connect-latest.msi" $openVPNInstallPath = "C:\Program Files\OpenVPN" $openVPNGUIPath = "$openVPNInstallPath\bin\openvpn-gui.exe" $uninstallerPath = "$openVPNInstallPath\Uninstall.exe" # Function to uninstall a program by name function Uninstall-Program($programName) { $programs = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -match $programName } if ($programs) { foreach ($program in $programs) { $context.ctxprint("Uninstalling $($program.Name)...") $program.Uninstall() | Out-Null $context.ctxprint("$($program.Name) has been uninstalled.") } } else { $context.ctxprint("$programName is not installed.") } } # Terminate the OpenVPN GUI if it is running $context.ctxprint("Checking if OpenVPN GUI is running...") $openVPNProcess = Get-Process -Name "openvpn-gui" -ErrorAction SilentlyContinue if ($openVPNProcess) { $context.ctxprint("OpenVPN GUI is running. Attempting to terminate the process...") Stop-Process -Name "openvpn-gui" -Force Start-Sleep -Seconds 5 # Wait for 5 seconds to ensure the process has been terminated $context.ctxprint("OpenVPN GUI process has been terminated.") } else { $context.ctxprint("OpenVPN GUI is not running.") } # Download the latest installer $context.ctxprint("Downloading the latest OpenVPN Connect client installer...") try { File-Download -source $openVPNUrl -destination $installerPath $context.ctxprint("Installer downloaded successfully.") } catch { $context.ctxprint("Failed to download the installer. Exiting.") exit 1 } # Uninstall OpenVPN Connect if it is installed Uninstall-Program("OpenVPN Connect*") # Check if OpenVPN GUI is installed by looking for openvpn-gui.exe if (Test-Path $openVPNGUIPath) { $context.ctxprint("OpenVPN GUI detected. Attempting to uninstall...") # Uninstall OpenVPN GUI using the Uninstall.exe if it exists if (Test-Path $uninstallerPath) { Start-Process -FilePath $uninstallerPath -ArgumentList "/S" -Wait $context.ctxprint("OpenVPN GUI has been uninstalled.") } else { $context.ctxprint("Uninstaller not found for OpenVPN GUI, please uninstall it manually.") } } else { $context.ctxprint("OpenVPN GUI is not installed.") } # Install the new version of OpenVPN Connect $context.ctxprint("Installing the latest version of OpenVPN Connect...") Start-Process msiexec.exe -ArgumentList "/i `"$installerPath`" /quiet /norestart" -Wait # Cleanup downloaded installer file Remove-Item -Path $installerPath -Force # Verify installation $openVPNInstalled = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "OpenVPN Connect*" } if ($openVPNInstalled) { $context.ctxprint("OpenVPN Connect has been successfully updated to the latest version.") } else { $context.ctxprint("OpenVPN Connect installation failed.") }

# Define the process name and path to the OpenVPN Connect executable $processName = "OpenVPNConnect" $openVPNPath = "C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe" # Update this path if different # Check if OpenVPN Connect is running $openVPNProcess = Get-Process -Name $processName -ErrorAction SilentlyContinue if ($openVPNProcess) { $context.ctxprint("OpenVPN Connect is currently running. Restarting the application...") # Stop the OpenVPN Connect process Stop-Process -Name $processName -Force $context.ctxprint("OpenVPN Connect has been stopped.") } else { $context.ctxprint("OpenVPN Connect is not currently running.") } # Start the OpenVPN Connect application if (Test-Path $openVPNPath) { Start-Process -FilePath $openVPNPath $context.ctxprint("OpenVPN Connect has been restarted.") } else { $context.ctxprint("OpenVPN Connect executable not found at the specified path: $openVPNPath") }

# Path to the OpenVPN Connect executable $openVPNCLIPath = "C:/Program Files/OpenVPN Connect/ovpnconnector.exe" $context.ctxprint("printing openvpn cli path") $context.ctxprint("$openVPNCLIPath") # Path to the client configuration file $configFilePath = "C:/client1.ovpn" # Destination directory for the OpenVPN profile $openVPNDir = "C:/Program Files/OpenVPN Connect" $renamedConfigPath = "$openVPNDir/ovpnconnector.ovpn" # Ensure the OpenVPN directory exists if (!(Test-Path $openVPNDir)) { $context.ctxprint("OpenVPN installation directory not found: $openVPNDir.") } # Validate the OpenVPN Connect CLI existence if (Test-Path $openVPNCLIPath) { $context.ctxprint("OpenVPN Connect CLI found at $openVPNCLIPath.") } else { $context.ctxprint("OpenVPN Connect CLI not found. Please ensure OpenVPN Connect is installed.") } # Validate configuration file existence if (Test-Path $configFilePath) { $context.ctxprint("Configuration file found at $configFilePath.") } else { $context.ctxprint("Configuration file not found at $configFilePath. Please check the path.") } # Copy and rename the configuration file if it does not already exist in the required directory if (!(Test-Path $renamedConfigPath)) { $context.ctxprint("Copying and renaming the configuration file to $openVPNDir...") Copy-Item -Path $configFilePath -Destination $openVPNDir -Force Rename-Item -Path "$openVPNDir/client1.ovpn" -NewName "ovpnconnector.ovpn" -Force $context.ctxprint("Configuration file copied and renamed to $renamedConfigPath.") } else { $context.ctxprint("Configuration file already exists at $renamedConfigPath. Skipping copy and rename.") } # # Archive old logs before starting a new session # if (Test-Path $logFilePath) { # $timestamp = Get-Date -Format "yyyyMMdd_HHmmss" # $archivedLogPath = "$logFilePath.$timestamp.bak" # Rename-Item -Path $logFilePath -NewName $archivedLogPath # $context.ctxprint("Previous log archived as $archivedLogPath.") # } else { # $context.ctxprint("No previous log found to archive.") # } # Ensure the OpenVPN client is not running $context.ctxprint("Ensuring OpenVPN Connect client is not running...") Get-Process -Name "OpenVPNConnect" -ErrorAction SilentlyContinue | Stop-Process -Force $context.ctxprint("OpenVPN Connect client processes stopped.") # Install the OpenVPN Connect system service $context.ctxprint("Installing the OpenVPN Connect system service...") Start-Process -FilePath $openVPNCLIPath -ArgumentList "install" -NoNewWindow -Wait $context.ctxprint("OpenVPN Connect system service installed successfully.") # Start the OpenVPN Connect service $context.ctxprint("Starting the OpenVPN Connect service...") Start-Process -FilePath $openVPNCLIPath -ArgumentList "start" -NoNewWindow -Wait $context.ctxprint("OpenVPN Connect service started.") # # Wait for logs to be generated # $context.ctxprint("Waiting for logs to be generated...") # Start-Sleep -Seconds 5 # Adjust the wait time if necessary # # Check and display logs for the current session # if (Test-Path $logFilePath) { # $logContent = Get-Content -Path $logFilePath -Force -Encoding UTF8 # $context.ctxprint("OpenVPN Logs for the current session:") # $context.ctxprint($logContent) # if ($logContent -like "*Connected*") { # $context.ctxprint("OpenVPN connection established successfully.") # } elseif ($logContent -like "*Error*" -or $logContent -eq "") { # $context.ctxprint("Failed to establish OpenVPN connection. Logs indicate an issue.") # } # } else { # $context.ctxprint("No logs were generated. OpenVPN CLI may have failed silently.") # }