"Local/Remote TLS Keys out of sync" when multiple configs to same host are available



  • I have pfSense running 4 ovpn servers on udp/1194-1197. The servers listening on 1194, 1195, and 1197 use LDAPS to auth against my domain user as well as certs issued by pfSense linked to my domain account user id. 1196 does not have secondary auth against using LDAPS, but against the internal user DB. The reason for this is so that there can be a VPN for domain-linked hosts, one for BYOD hosts, and a third just for testing firewall rules outside of the two production OpenVPN connections. When I have all 3 LDAPS+Key configs in their specific folders in the config directory (C:\Program Files\OpenVPN\Config) and connect to the main 1194 server, I see the following in the logs:

    Mon Feb 24 21:58:08 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]X.X.X.X:1195 [0]
    Mon Feb 24 21:58:08 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]X.X.X.X:1197 [0]

    For some reason, I'm getting errors about a TLS key being out of sync on the two ports I'm not actually connected to. If I remove the configs for 1195 and 1197 from the config folder, restart the OpenVPN gui, and connect to 1194, I no longer get those errors. The keys for each connection were issued by different CAs in pfSense, and the certificates for each of my client connections were exported via pfSense. The keys are all different, as is expected.

    This doesn't actually break anything, but I'm just curious at this point of what the cause is. Has anyone run into this before?


Log in to reply