OpenVPN often do not connect - ping-restart and TLS handshake error
-
Hi, I use my pfSense box to connect to my VPN provider.
This is my topology:
INTERNET –----------- ISP ROUTER/GATEWAY (NAT)
| |
| |
| |
PFSENSE BOX LAN 1
|
|
LAN 2Obviously, only LAN2 reaches the Internet through my VPN provider and the pfSense box is used as VPN gateway.
My ISP ROUTER/GATEWAY (Technicolor TG582n) performs NAT between my Local Net and the Internet. I have a public address on the Internet interface and my local net is on 192.168.0.0/24 net.
The WAN interface of pfSense box is in the LAN 1 192.168.0.0/24 net, the LAN interface is on 192.168.1.0/24 net.I configured my pfSense box following these instructions and sometimes the connection is OK. But very often my pfSense box do not succeed in connection and in my logs I have continually the ping-restart error.
Other times the connection is OK, but it hangs a lot of times and in my log I have a lot of ping-restart errors and TLS hankshake failed too.Here is my last log, in which the connection started after a lot of ping-restart errors, then the connection hanged out and I had a lot of TLS handshake error before the connection started again. I want to emphasize that very often the connection fails without ever reconnecting.
May 28 13:50:23 openvpn 6881 Initialization Sequence Completed May 28 13:50:23 openvpn 6881 Preserving previous TUN/TAP instance: ovpnc1 May 28 13:50:21 openvpn 6881 [vpnarea] Peer Connection Initiated with [AF_INET](VPNSERVER-IP) May 28 13:50:13 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:50:13 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:50:13 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:50:11 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:50:11 openvpn 6881 TLS Error: TLS handshake failed May 28 13:50:11 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:49:11 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:49:11 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:49:11 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:49:09 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:49:09 openvpn 6881 TLS Error: TLS handshake failed May 28 13:49:09 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:48:09 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:48:09 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:48:09 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:48:07 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:48:07 openvpn 6881 TLS Error: TLS handshake failed May 28 13:48:07 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:47:07 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:47:07 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:47:07 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:47:05 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:47:05 openvpn 6881 TLS Error: TLS handshake failed May 28 13:47:05 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:46:05 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:46:05 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:46:05 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:46:03 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:46:03 openvpn 6881 TLS Error: TLS handshake failed May 28 13:46:03 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:45:03 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:45:03 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:45:03 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:45:01 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:45:01 openvpn 6881 TLS Error: TLS handshake failed May 28 13:45:01 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:44:01 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:44:01 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:44:01 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:43:59 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:43:59 openvpn 6881 TLS Error: TLS handshake failed May 28 13:43:59 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:42:59 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:42:59 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:42:59 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:42:57 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:42:57 openvpn 6881 TLS Error: TLS handshake failed May 28 13:42:57 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:41:57 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:41:57 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:41:57 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:41:55 openvpn 6881 SIGUSR1[soft,tls-error] received, process restarting May 28 13:41:55 openvpn 6881 TLS Error: TLS handshake failed May 28 13:41:55 openvpn 6881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) May 28 13:40:55 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:40:55 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:40:55 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:40:53 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:40:53 openvpn 6881 [vpnarea] Inactivity timeout (--ping-restart), restarting May 28 13:15:25 openvpn 6881 Initialization Sequence Completed May 28 13:15:25 openvpn 6881 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.186.35.14 10.186.35.13 init May 28 13:15:25 openvpn 6881 /sbin/ifconfig ovpnc1 10.186.35.14 10.186.35.13 mtu 1500 netmask 255.255.255.255 up May 28 13:15:25 openvpn 6881 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 May 28 13:15:25 openvpn 6881 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) May 28 13:15:25 openvpn 6881 TUN/TAP device /dev/tun1 opened May 28 13:15:25 openvpn 6881 TUN/TAP device ovpnc1 exists previously, keep at program end May 28 13:15:22 openvpn 6881 [vpnarea] Peer Connection Initiated with [AF_INET](VPNSERVER-IP) May 28 13:15:22 openvpn 6881 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this May 28 13:14:52 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:14:52 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:14:52 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:14:50 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:14:50 openvpn 6881 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 13:13:50 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:13:50 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:13:50 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:13:48 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:13:48 openvpn 6881 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 13:12:47 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:12:47 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:12:47 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:12:45 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:12:45 openvpn 6881 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 13:11:45 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:11:45 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:11:45 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:11:43 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:11:43 openvpn 6881 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 13:10:43 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:10:43 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:10:43 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:10:41 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:10:41 openvpn 6881 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 13:09:41 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:09:41 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:09:41 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:09:39 openvpn 6881 SIGUSR1[soft,ping-restart] received, process restarting May 28 13:09:39 openvpn 6881 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 13:08:39 openvpn 6881 write UDPv4: No route to host (code=65) May 28 13:08:39 openvpn 6881 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 13:08:39 openvpn 6881 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 13:08:39 openvpn 6881 Initializing OpenSSL support for engine 'cryptodev' May 28 13:08:39 openvpn 6881 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 13:08:39 openvpn 6678 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible May 28 13:08:39 openvpn 6678 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10 May 28 13:08:39 openvpn 6678 OpenVPN 2.3.14 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 3 2017 May 28 12:54:57 openvpn 6838 Initialization Sequence Completed May 28 12:54:57 openvpn 6838 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.186.35.10 10.186.35.9 init May 28 12:54:57 openvpn 6838 /sbin/ifconfig ovpnc1 10.186.35.10 10.186.35.9 mtu 1500 netmask 255.255.255.255 up May 28 12:54:57 openvpn 6838 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 May 28 12:54:57 openvpn 6838 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) May 28 12:54:57 openvpn 6838 TUN/TAP device /dev/tun1 opened May 28 12:54:57 openvpn 6838 TUN/TAP device ovpnc1 exists previously, keep at program end May 28 12:54:55 openvpn 6838 [vpnarea] Peer Connection Initiated with [AF_INET](VPNSERVER-IP) May 28 12:54:54 openvpn 6838 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this May 28 12:54:54 openvpn 6838 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 12:54:54 openvpn 6838 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 12:54:54 openvpn 6838 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 12:54:52 openvpn 6838 SIGUSR1[soft,ping-restart] received, process restarting May 28 12:54:52 openvpn 6838 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 12:53:52 openvpn 6838 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 12:53:52 openvpn 6838 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 12:53:52 openvpn 6838 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 12:53:50 openvpn 6838 SIGUSR1[soft,ping-restart] received, process restarting May 28 12:53:50 openvpn 6838 [UNDEF] Inactivity timeout (--ping-restart), restarting May 28 12:52:50 openvpn 6838 write UDPv4: No route to host (code=65) May 28 12:52:50 openvpn 6838 UDPv4 link remote: [AF_INET](VPNSERVER-IP) May 28 12:52:50 openvpn 6838 UDPv4 link local (bound): [AF_INET]192.168.0.10 May 28 12:52:50 openvpn 6838 Initializing OpenSSL support for engine 'cryptodev' May 28 12:52:50 openvpn 6838 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts May 28 12:52:50 openvpn 6723 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible May 28 12:52:50 openvpn 6723 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10 May 28 12:52:50 openvpn 6723 OpenVPN 2.3.14 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 3 2017
I tried to set the "keepalive 10 600" statement in OpenVPN client options, but I didn't resolve the problem.
Someone can help me? Do you have any ideas?
Please treat me as a pfSense newbie (which I am).Thanks a lot folks! :)
-
This post is deleted!