OpenVPN - TLS error
-
Hi, the OpenVPN on one of my Customer stopped working for a couple hours saying the following message:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
I tried the connexion with the same installer downloaded from the website and it was working for me on my own computer (different network)… but I see that the port used was different but it is the same config file which is weird.This is the server log of the error (it was the same error in the client log) when the user was trying to connect (XXX.XXX.XXX.XXX is user IP):
Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
This is the server log of when I was connecting with the same installer/config/certificate (YYY.YYY.YYY.YYY is my IP):
Jan 31 16:15:57 PFS-GroupeSCE openvpn: user 'sophie' authenticated Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: YYY.YYY.YYY.YYY:61610 [sophie] Peer Connection Initiated with [AF_INET]YYY.YYY.YYY.YYY:61610 Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled) Jan 31 16:15:58 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 send_push_reply(): safe_cap=940
And this is the weird part…. a couple hours later, everything was working fine with no change on client or server... here is the error of the next login:
Jan 31 21:58:33 PFS-GroupeSCE openvpn: user 'sophie' authenticated Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 [sophie] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194 Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled) Jan 31 21:58:34 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940
The Customer ask me to identify the root cause of this incident but I really don't understand what happened and I hope someone here will be able to help me with that!
Regards,