Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

    OpenVPN
    3
    10
    508
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techjunky last edited by

      I have checked the normal things through google and everything is right...

      I was on this VPN literally 6 hours ago and zero changes have been made since then. I can get to some port forwarded applications, so I know the firewall is up and passing traffic...

      I did find an odd article that said time not set identical on both ends could cause this... Why would that have changed from 6 hours ago? I am really stumped.

      Device is a SG-3100.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Maybe the openvpn process died? Maybe where your at now, vs 6 hours ago is blocking the port your trying to connect to for vpn 1194?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 22.05 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • T
          techjunky last edited by

          Yeah, unfortunately I would have to drive over an hour to get to the site to check the firewall... It shouldn't be magically blocking the port. I disabled all firewalls on my client end to see if it was a port blocking issue. No RULES/NATS have changed since 6 hours ago. Makes more sense that the OPENVPN process died...

          Guess I need to setup remote management on the firewall if this is a normal thing to happen...

          I have had my home grown device for years without issue, this SG-3100 is only 5 days old and I have had to reboot it once last night due to traffic not passing and now the VPN wont work at all... Not a good sign of encouragement so far.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            Have 2 sg3100 in production at remote locations.. Have had zero issues with them, they run and run and run..

            So your in the same place as before trying to access 6 hours ago. Yeah if you can access other stuff that is forwarded via the same IP as your accessing for vpn access...

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 22.05 | Lab VMs CE 2.6, 2.7

            1 Reply Last reply Reply Quote 0
            • T
              techjunky last edited by

              Here is a screenshot of the status.
              [img]https://i.postimg.cc/KYzsL19Y/openvpn-status.png[/img]

              Here is a screenshot of the log.

              [img]https://i.postimg.cc/9QqDfb2X/openpvn-log.png[/img]

              Looks like around 8am this morning it took a dump. I can't seem to get it back online,

              1 Reply Last reply Reply Quote 0
              • kiokoman
                kiokoman LAYER 8 last edited by kiokoman

                maybe you have a client configured with an empty password. openvpn need to ask you for a password but it can't as there is no std/tty available so it die
                also you put something wrong on curstom option
                push ?
                you can check that file at line 48 ( /var/etc/openvpn/server1.conf )

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 0
                • T
                  techjunky last edited by

                  There is a password 100%. I will check the file and see whats happening. So odd considering literally NOTHING changed.

                  1 Reply Last reply Reply Quote 0
                  • T
                    techjunky last edited by

                    So I added the following in the push config about 3 days ago...

                    push Domain SEARCH and when the service restarted it didn't like that push command so it tanked.

                    DO NOT USE domain search. :)

                    1 Reply Last reply Reply Quote 0
                    • kiokoman
                      kiokoman LAYER 8 last edited by

                      push dhcp-option domain-search ?
                      is it working now ?

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      1 Reply Last reply Reply Quote 0
                      • T
                        techjunky last edited by

                        Yeah, I decided to just use the following instead and its working.

                        push dhcp-option Domain "domainname"

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post