TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

techjunky

I have checked the normal things through google and everything is right...

I was on this VPN literally 6 hours ago and zero changes have been made since then. I can get to some port forwarded applications, so I know the firewall is up and passing traffic...

I did find an odd article that said time not set identical on both ends could cause this... Why would that have changed from 6 hours ago? I am really stumped.

Device is a SG-3100.

johnpoz

Maybe the openvpn process died? Maybe where your at now, vs 6 hours ago is blocking the port your trying to connect to for vpn 1194?

techjunky

Yeah, unfortunately I would have to drive over an hour to get to the site to check the firewall... It shouldn't be magically blocking the port. I disabled all firewalls on my client end to see if it was a port blocking issue. No RULES/NATS have changed since 6 hours ago. Makes more sense that the OPENVPN process died...

Guess I need to setup remote management on the firewall if this is a normal thing to happen...

I have had my home grown device for years without issue, this SG-3100 is only 5 days old and I have had to reboot it once last night due to traffic not passing and now the VPN wont work at all... Not a good sign of encouragement so far.

johnpoz

Have 2 sg3100 in production at remote locations.. Have had zero issues with them, they run and run and run..

So your in the same place as before trying to access 6 hours ago. Yeah if you can access other stuff that is forwarded via the same IP as your accessing for vpn access...

techjunky

Here is a screenshot of the status.
[img]https://i.postimg.cc/KYzsL19Y/openvpn-status.png[/img]

Here is a screenshot of the log.

[img]https://i.postimg.cc/9QqDfb2X/openpvn-log.png[/img]

Looks like around 8am this morning it took a dump. I can't seem to get it back online,

kiokoman

maybe you have a client configured with an empty password. openvpn need to ask you for a password but it can't as there is no std/tty available so it die
also you put something wrong on curstom option
push ?
you can check that file at line 48 ( /var/etc/openvpn/server1.conf )

techjunky

There is a password 100%. I will check the file and see whats happening. So odd considering literally NOTHING changed.

techjunky

So I added the following in the push config about 3 days ago...

push Domain SEARCH and when the service restarted it didn't like that push command so it tanked.

DO NOT USE domain search. :)

kiokoman

push dhcp-option domain-search ?
is it working now ?

techjunky

Yeah, I decided to just use the following instead and its working.

push dhcp-option Domain "domainname"