Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - TLS error

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 275 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simon.arsenault
      last edited by

      Hi, the OpenVPN on one of my Customer stopped working for a couple hours saying the following message:
      TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      TLS Error: TLS handshake failed

      I tried the connexion with the same installer downloaded from the website and it was working for me on my own computer (different network)… but I see that the port used was different but it is the same config file which is weird.

      This is the server log of the error (it was the same error in the client log) when the user was trying to connect (XXX.XXX.XXX.XXX is user IP):

      Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
      Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
      Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
      Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
      

      This is the server log of when I was connecting with the same installer/config/certificate (YYY.YYY.YYY.YYY is my IP):

      Jan 31 16:15:57 PFS-GroupeSCE openvpn: user 'sophie' authenticated
      Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: YYY.YYY.YYY.YYY:61610 [sophie] Peer Connection Initiated with [AF_INET]YYY.YYY.YYY.YYY:61610
      Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
      Jan 31 16:15:58 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 send_push_reply(): safe_cap=940
      

      And this is the weird part…. a couple hours later, everything was working fine with no change on client or server... here is the error of the next login:

      Jan 31 21:58:33 PFS-GroupeSCE openvpn: user 'sophie' authenticated
      Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 [sophie] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
      Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
      Jan 31 21:58:34 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940
      

      The Customer ask me to identify the root cause of this incident but I really don't understand what happened and I hope someone here will be able to help me with that!

      Regards,

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.