Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS key negotiation failed to occur within 60 seconds

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 682 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Anthadeas
      last edited by

      Hello all,

      I need a hand please.

      Bottom Line up front:
      Client logs state TLS key negotiation failed to occur within 60 seconds, TLS handshake failed.

      I have been running into this issue for a while now. Everything worked fine and then I tried setting up Surfshark on Pfsense to act as a VPN for my entire network. I followed this Guide. Basically I was playing out of my league and was messing with some settings I shouldn't have and of course didn't backup my configuration before hand. Lesson learned. Anyway I wen't back through that same guide and tried undoing everything I did. I think I got it all and my internet started working again. So major problem solved. But OpenVPN wasn't working anymore. I figured my best bet would be to use the OpenVPN setup wizard and just make a second instance of OvenVPN on a new port. That didn't work so i started doing the following troubleshooting steps

      1. Exported the new certs after creating a new instance of OpenVPN. Still receive the same error.
      2. Ensure I wasn't trying to connect from the same network
      3. Tried on both my phone and my laptop to ensure it wasn't specific to one client
      4. rechecked my firewall for the 30th time to make sure it is configured the same as the wizard set it up as.
      5. Installed WireGuard to say screw it and at least have access in the mean time and WireGuard doesn't work either.

      So I checked logs. (I am not very smart and I am also not very good at reading logs, plus I am pretty new. So I am basically a recipe for a bad time) I don't really know what I am looking for but I have read many other forum posts with the same title that basically say "Firewall issue" "Check Pfsense logs" but I don't know what to change in my firewall if I have something wrong. If someone can baby step me through this I would be very grateful.

      Firewall Logs.txt

      Pfsense OpenVPN Logs.txt

      OpenVPN client logs.png

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Anthadeas
        last edited by

        @anthadeas
        You client tries to connect to an IPv6 and an IPv4, each port 1194, but your server is listening only on an IPv4, which is another one then the client tries to connect to.

        So what does your client log show? Are these connection attempts to different servers?
        If it is the same host name resolving to both, IPv4 and v6 ensure to enable both on the server.
        Use the client export utility an export the whole client config and import it again at the client.

        Note: for quick step back pfSense stores some config changes, which you can easily go back in Diagnostics > Backup & Restore > Config History.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.