OpenVPN wont reconnect until reboot

audiobahn

Hi All,

My OpenVPN connection seems to drop off and not re-establish connection until I do a reboot. Looking at the logs it seems to get stuck into the following loop... Manually stopping and restarting the service still doesn't fix it. Anyone know what the problem may be?

Oct 21 06:58:43	openvpn	36554	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 21 06:58:43	openvpn	36554	Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Oct 21 06:58:43	openvpn	36554	Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Oct 21 06:58:48	openvpn	36554	TCP/UDP: Preserving recently used remote address: [AF_INET]xxxxxxxxxxx:xxxxxxx
Oct 21 06:58:48	openvpn	36554	Socket Buffers: R=[42080->524288] S=[57344->524288]
Oct 21 06:58:48	openvpn	36554	UDPv4 link local (bound): [AF_INET]192.168.1.210:0
Oct 21 06:58:48	openvpn	36554	UDPv4 link remote: [AF_INET]xxxxxxxxxxxx:xxxxxx
Oct 21 06:59:48	openvpn	36554	TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 21 06:59:48	openvpn	36554	TLS Error: TLS handshake failed
Oct 21 06:59:48	openvpn	36554	SIGUSR1[soft,tls-error] received, process restarting
Oct 21 06:59:48	openvpn	36554	Restart pause, 300 second(s)

Gertjan

@audiobahn

OpenVPN client ? Server ?

I presume client.
Solve this first :

OpenVPN can't connect to the other side (the server ?) : there is no answer or traffic. Is the underlying WAN up ?

audiobahn

@gertjan said in OpenVPN wont reconnect until reboot:

@audiobahn

OpenVPN client ? Server ?

I presume client.
Solve this first :

OpenVPN can't connect to the other side (the server ?) : there is no answer or traffic. Is the underlying WAN up ?

Hi, thanks for the reply. It’s a client yes. The WAN is up. Does the VPN always use the same port to make the connection? That’s the only thing I can think of which could be a variable…

DMoorhead

@audiobahn I get the exact same issue. Open VPN Server on a NetGate SG-3100 utilizing TLS + User Auth. After a reboot all is well for a bit, then then after a few hours TLS handshake failed errors happen until the NetGate is rebooted again. Restarting VPN services has no effect. Kinda of a deal breaker, anyone got any ideas?

Gertjan

@audiobahn said in OpenVPN wont reconnect until reboot:

Does the VPN always use the same port to make the connection?

Dono :

@audiobahn said in OpenVPN wont reconnect until reboot:

Oct 21 06:58:48 openvpn 36554 UDPv4 link remote: [AF_INET]xxxxxxxxxxxx:xxxxxx

The :xxxx (destination port) should be the same every time as the server is listening on that address : port.

The source port may vary, that's normal.

audiobahn

@dmoorhead @Gertjan
Thank you both for your replies. I will have a play with it again tonight to try and figure it out... @DMoorhead, what VPN provider do you use? I use NordVPN. Shouldn't make a difference in theory but could be a factor.

audiobahn

So I’ve managed to resolve my problem by changing my default DNS servers from OpenDNS to google and cloud flare’s (8.8.8.8 & 1.1.1.1).

DMoorhead

@audiobahn This is just an OpenVPN server on the NetGate with various devices connecting. I resolved my issue by redoing the OpenVPN server without the use of a TLS cert. Oddly enough, the DNS resolver suddenly stopped working and still has issues even after restarting the service. Haven't been able to reboot it yet. hmmmm... glad you got yours working