TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)



  • I have checked the normal things through google and everything is right...

    I was on this VPN literally 6 hours ago and zero changes have been made since then. I can get to some port forwarded applications, so I know the firewall is up and passing traffic...

    I did find an odd article that said time not set identical on both ends could cause this... Why would that have changed from 6 hours ago? I am really stumped.

    Device is a SG-3100.


  • LAYER 8 Global Moderator

    Maybe the openvpn process died? Maybe where your at now, vs 6 hours ago is blocking the port your trying to connect to for vpn 1194?



  • Yeah, unfortunately I would have to drive over an hour to get to the site to check the firewall... It shouldn't be magically blocking the port. I disabled all firewalls on my client end to see if it was a port blocking issue. No RULES/NATS have changed since 6 hours ago. Makes more sense that the OPENVPN process died...

    Guess I need to setup remote management on the firewall if this is a normal thing to happen...

    I have had my home grown device for years without issue, this SG-3100 is only 5 days old and I have had to reboot it once last night due to traffic not passing and now the VPN wont work at all... Not a good sign of encouragement so far.


  • LAYER 8 Global Moderator

    Have 2 sg3100 in production at remote locations.. Have had zero issues with them, they run and run and run..

    So your in the same place as before trying to access 6 hours ago. Yeah if you can access other stuff that is forwarded via the same IP as your accessing for vpn access...



  • Here is a screenshot of the status.
    [img]https://i.postimg.cc/KYzsL19Y/openvpn-status.png[/img]

    Here is a screenshot of the log.

    [img]https://i.postimg.cc/9QqDfb2X/openpvn-log.png[/img]

    Looks like around 8am this morning it took a dump. I can't seem to get it back online,


  • LAYER 8

    maybe you have a client configured with an empty password. openvpn need to ask you for a password but it can't as there is no std/tty available so it die
    also you put something wrong on curstom option
    push ?
    you can check that file at line 48 ( /var/etc/openvpn/server1.conf )



  • There is a password 100%. I will check the file and see whats happening. So odd considering literally NOTHING changed.



  • So I added the following in the push config about 3 days ago...

    push Domain SEARCH and when the service restarted it didn't like that push command so it tanked.

    DO NOT USE domain search. :)


  • LAYER 8

    push dhcp-option domain-search ?
    is it working now ?



  • Yeah, I decided to just use the following instead and its working.

    push dhcp-option Domain "domainname"


Log in to reply