[Openvpn-users] TLS_ERROR: BIO read tls_read_plaintext error: error:1408F119:lib(20):func(143):reason(281)

[. <uca...@gm...>]

I started getting TLS_ERROR: BIO read tls_read_plaintext error:
error:1408F119:lib(20):func(143):reason(281) with OpenVPN 2.2.1. I
tried new certificates and DH but nothing helps. What exactly does
this error message mean?

options
client option
V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher
AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
client expect
V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher
AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server
server option
V4 dev-type tun link-mtu 1570 tun-mtu 1500 proto UDPv4 comp-lzo cipher
AES-256-CBC auth SHA256 keysize 256 key-method 2 tls-server
server expect
V4 dev-type tun link-mtu 1570 tun-mtu 1500 proto UDPv4 comp-lzo cipher
AES-256-CBC auth SHA256 keysize 256 key-method 2 tls-client

server log:
20120911 07:06:15 192.168.3.150:54801 VERIFY OK: depth=1
20120911 07:06:15 192.168.3.150:54801 VERIFY OK: depth=0

20120911 07:06:17 N 192.168.3.150:54801 TLS_ERROR: BIO read
tls_read_plaintext error: error:1408F119:lib(20):func(143):reason(281)
20120911 07:06:17 N 192.168.3.150:54801 TLS Error: TLS object ->
incoming plaintext read error
20120911 07:06:17 N 192.168.3.150:54801 TLS Error: TLS handshake failed
20120911 07:06:17 192.168.3.150:54801 SIGUSR1[soft tls-error] received
client-instance restarting



client log:
Tue Sep 11 03:06:13 2012 us=229000 VERIFY OK
Tue Sep 11 03:06:13 2012 us=229000 VERIFY OK
Tue Sep 11 03:07:13 2012 us=836000 TLS Error: TLS key negotiation
failed to occur within 60 seconds (check your network connectivity)
Tue Sep 11 03:07:13 2012 us=836000 TLS Error: TLS handshake failed

~# openvpn --version
OpenVPN 2.2.1 mipsel-linux [SSL] [LZO2] [EPOLL] built on Jul 20 2012
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@op...>

  $ ./configure --host=mipsel-linux --exec-prefix=/usr --prefix=/
--disable-avahi --disable-cups --disable-pie --disable-relro
--disable-static --disable-swat --disable-shared-libs
--with-codepagedir=/etc/samba --with-configdir=/etc/samba
--with-included-iniparser --with-included-popt
--with-lockdir=/var/lock --with-logfilebase=/var/log
--with-nmbdsocketdir=/var/nmbd --with-piddir=/var/run
--with-privatedir=/etc/samba --with-sendfile-support
--without-cluster-support --without-ads --without-krb5 --without-ldap
--without-pam --without-winbind --without-libtdb --without-libtalloc
--without-libnetapi --without-libsmbclient --without-libsmbsharemodes
--without-libaddns
--with-shared-modules=pdb_tdbsam,pdb_wbc_sam,idmap_nss,nss_info_template,auth_winbind,auth_wbc,auth_domain
--host=mipsel-linux CPPFLAGS=-I../lzo/include
-I/home/seg/DEV/rt2880/src/router/openssl/include -L../lzo -Lopenssl
-L../lzo/src/.libs --enable-pthread --disable-plugins --enable-debug
--enable-password-save --enable-management --enable-lzo
--enable-server --enable-multihome
--with-ssl-headers=/home/seg/DEV/rt2880/src/router/openssl/include
--with-ssl-lib=openssl --with-ssl-type=openssl CFLAGS=-Os -pipe
-mips32r2 -mtune=mips32r2 -fno-caller-saves -DNEED_PRINTF
-ffunction-sections -fdata-sectio
Compile time defines:  ENABLE_CLIENT_SERVER ENABLE_DEBUG
ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME
ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LZO
USE_SSL

OS: DD-WRT v24-sp2 (07/20/12) std - build 19519

Thanks.