4. OpenVPN - TLS error

OpenVPN - TLS error

  • S

    Hi, the OpenVPN on one of my Customer stopped working for a couple hours saying the following message:
    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    TLS Error: TLS handshake failed
    I tried the connexion with the same installer downloaded from the website and it was working for me on my own computer (different network)… but I see that the port used was different but it is the same config file which is weird.

    This is the server log of the error (it was the same error in the client log) when the user was trying to connect (XXX.XXX.XXX.XXX is user IP):

    Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed

    This is the server log of when I was connecting with the same installer/config/certificate (YYY.YYY.YYY.YYY is my IP):

    Jan 31 16:15:57 PFS-GroupeSCE openvpn: user 'sophie' authenticated
Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: YYY.YYY.YYY.YYY:61610 [sophie] Peer Connection Initiated with [AF_INET]YYY.YYY.YYY.YYY:61610
Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
Jan 31 16:15:58 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 send_push_reply(): safe_cap=940

    And this is the weird part…. a couple hours later, everything was working fine with no change on client or server... here is the error of the next login:

    Jan 31 21:58:33 PFS-GroupeSCE openvpn: user 'sophie' authenticated
Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 [sophie] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
Jan 31 21:58:34 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940

    The Customer ask me to identify the root cause of this incident but I really don't understand what happened and I hope someone here will be able to help me with that!

    Regards,

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy