4. OpenVPN - TLS error

OpenVPN - TLS error

  • S

    Hi, the OpenVPN on one of my Customer stopped working for a couple hours saying the following message:
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    I tried the connexion with the same installer downloaded from the website and it was working for me on my own computer (different network)… but I see that the port used was different but it is the same config file which is weird.

    This is the server log of the error (it was the same error in the client log) when the user was trying to connect (XXX.XXX.XXX.XXX is user IP):

    Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed

    This is the server log of when I was connecting with the same installer/config/certificate (YYY.YYY.YYY.YYY is my IP):

    Jan 31 16:15:57 PFS-GroupeSCE openvpn: user 'sophie' authenticated
Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: YYY.YYY.YYY.YYY:61610 [sophie] Peer Connection Initiated with [AF_INET]YYY.YYY.YYY.YYY:61610
Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
Jan 31 16:15:58 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 send_push_reply(): safe_cap=940

    And this is the weird part…. a couple hours later, everything was working fine with no change on client or server... here is the error of the next login:

    Jan 31 21:58:33 PFS-GroupeSCE openvpn: user 'sophie' authenticated
Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 [sophie] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
Jan 31 21:58:34 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940

    The Customer ask me to identify the root cause of this incident but I really don't understand what happened and I hope someone here will be able to help me with that!

    Regards,

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy