OpenVPN clients can`t connect
-
Hi!
I don
t know which snap borked it, but now none of my 30 vpn clients cant connect.Server logs show:
Mar 15 18:19:46 openvpn 69413 EXTERNALIP:36553 TLS Error: TLS handshake failed Mar 15 18:19:46 openvpn 69413 EXTERNALIP:36553 TLS Error: TLS object -> incoming plaintext read error Mar 15 18:19:46 openvpn 69413 EXTERNALIP:36553 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Mar 15 18:19:46 openvpn 69413 EXTERNALIP:36553 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1 Mar 15 18:19:04 openvpn 69413 EXTERNALIP:41915 TLS Error: TLS handshake failed Mar 15 18:19:04 openvpn 69413 EXTERNALIP:41915 TLS Error: TLS object -> incoming plaintext read error Mar 15 18:19:04 openvpn 69413 EXTERNALIP:41915 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returnedI haven
t changed absolutely anything. Any idea Im in real trouble here…Thanks!
-
Ummm clicked save on openvpn server, updated to latest snap, rebooted and all is fine again.
What??? -
Rebooted and same thing with ssl.
One connection was succesful others with same errors.How can I troubleshoot this?
-
I even created NEW CA, new openvpn server cert and new client cert and same results.
-
Hmmm found how to replicate.
Wait for new snapshot (must include kernel too). Update and wait for box to reboot.
Try to connect openvpn = no goReboot the box again and we can connect.
Huh?
-
Check your clock on each boot, see what it is doing.
Also compare the contents of /var/etc/openvpn when it works vs when it doesn't.
Given the other problems your system seems to have (like the package startup issue) it's possible some boot-time task is failing to work 100%.
-
Hi Jimp, I will check it.
P.S.
This system has no other issues :)
Other 2 have startup issues.
