VPN just suddenly down
-
I've had a VPN connection to a remote firewall for months without a problem.
All of a sudden, while working, the VPN goes down.No other network issues, just the VPN goes down. I check the firewall using the public IP and everything looks normal just can't connect anymore.
The firewall logs show;
The TLS Error: TLS key negotiation failed to occur within 60 seconds and TLS Error:
TLS handshake failedSince there was an update available and my last thought was to reboot, I updated and rebooted but no difference. I also rebooted my PC with no change.
I'm stumped that this would happen just out of the blue and without any changes on the firewall or the PC I'm working on.
What could be happening?
-
That is a certificate error reissue certificates and attempt a connection again. A client device could have updated without you knowing. My iOS device updates the openVPN application by itself… just a thought
-
@JonathanLee If that's the case, at least it would answer why it was so random and sudden, while I was working, without making any cert changes.
I'll give it a try and report back.
-
I tried renew/reissue in Certificate Authorities for the vpn CA and I renewed the clients certs then picked up the config for each and we're back online.
I didn't expect it to simply disconnect me without any warning but there it is.
Thanks for your help!
-
@lewis said in VPN just suddenly down:
The TLS Error: TLS key negotiation failed to occur within 60 seconds and TLS Error:
TLS handshake failedI will just point out for future reference that that error is not necessarily a certificate problem. It could be, as was seemingly the case here, but all that actually tells you is the the negotiation didn't succeed within the 60s time limit. Usually that's just because the other side didn't respond at all.
-
I looked at the logs too and didn't find anything obvious. I could not find anything else but once I renewed the certs and used the new config files, all went back to normal.
What other reasons might this kind of thing happen? I assume not hacking?
-
@lewis yeah that fixed it!!!
-
@JonathanLee What's an upvote? I gave the person who helped me a thumbs up :)
-
@lewis said in VPN just suddenly down:
I assume not hacking?
Very unlikely. There are any number of reasons it might fail to connect. Including the cert(s) expiring.
More commonly some general connectivity issue would present like that as I said but here you were still able to connect to the firewall webgui outside the VPN so that's unlikely.
If you found a cert that had expired then that was almost certainly the cause.
I only pointed out it might not be that because a lot of users see the 'TLS Error' log and assume a crypto issue of some sort when it isn't. And google's probably going to send them to this thread.
-
@stephenw10 Got it. Thanks for the additional information.
-
@lewis said in VPN just suddenly down:
@JonathanLee What's an upvote? I gave the person who helped me a thumbs up :)
(It is this thumb with a zero it means it is lonely and needs a upvote)
haha
-
