Open VPN does not connect after 7pm

Jamil Mungur

Hello

I have an issue with my PFSENSE vpn. I cannot connect to my vpn after 7pm. I did several tests , the vpn works perfectly before 7pm.
I get the following error
Tue Aug 29 20:13:15 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Aug 29 20:13:15 2023 TLS Error: TLS handshake failed

I checked the time zone for the pf sense is good. Please let me know if anyone has faced similar problem and if problem has been solved.

Thanks

rcoleman-netgate

@Jamil-Mungur Any chance the certificate expired at 7pm?

Jamil Mungur

@rcoleman-netgate Thank for reply

What is strange is that it works again the next day

rcoleman-netgate

@Jamil-Mungur What is the timezone set on the system? Where are you located? US Eastern Time Zone?

Jamil Mungur

@rcoleman-netgate I am in Mauritius and my time zone is correctly set to GMT+4

bingo600

@Jamil-Mungur
How is your pfSense system time ?
Do you have NTP enabled , and in "sync" ?

Oh ... The same might apply to the "Client device"
How is the client system time ?
A few minutes off wont make problems , but hours could ...

johnpoz

@Jamil-Mungur do you have any sort of schedule setup on pfsense for firewall rules? There is nothing out of the box that would block based on time of day, you would have to on purpose setup a schedule to do such a thing.

Tue Aug 29 20:13:15 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Where exactly are you seeing that error, on some client remote, or is a client in pfsense to some vpn service?

Jamil Mungur

Hello Everyone
Thanks for the replies.
Time is good in the pfsense web interface, date and time on client pc is also good and accurate.

i tried disabling NTP still same problem.

The error in when i connect to the VPV via OpenVpn with the client software.

I did not set any rule for shedule, Can you tell me where are such schdules set so that i can verify. But i did not set any shedule

johnpoz

@Jamil-Mungur again is that some client like your phone, or pfsense itself trying to connect to some vpn service out on the internet?

So this is some client PC, where is this client pc at - same location, other location?

Why would you disable ntp, if you think the time might be off?

Jamil Mungur

@johnpoz The pc is at a remote location. Right now its 9:33am and i can connect to the system using open vpn without issue. Its only after 7pm that i cannot connect .

Gertjan

@Jamil-Mungur said in Open VPN does not connect after 7pm:

I have an issue with my PFSENSE vpn. I cannot connect to my vpn after 7pm. I did several tests , the vpn works perfectly before 7pm

Connecting what using what connecting to where to where ?

A VPN application from a LAN device like a phone or PC through pfSEnse ?
To where : A VPN supplier ? Or another device like another VPN server running on another pfSense or another device you control ?

If the connection works fine afterwards, but things go bad around 19h00, the moment everybody comes home and most Internet Service providers (and VPN poviders ;) ) have a hard time following the demands, then that could be 'normal'.

When you see this :
@Jamil-Mungur said in Open VPN does not connect after 7pm:

Tue Aug 29 20:13:15 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

you should focus on the last part : "check your network connectivity" : the path to your selected endpoint is bad or even not possible.
This includes everything : your local network, equipment used, your ISP connection, the ISP POPs, the backbone (Internet itself) the ISP at the other side, the equipment at the other side.

@Jamil-Mungur said in Open VPN does not connect after 7pm:

I checked the time zone for the pf sense is good.

If that was an issue, then the message would indicate that cert exchanging went well, which implies a working connection, but authentication went bad.

@Jamil-Mungur said in Open VPN does not connect after 7pm:

Please let me know if anyone has faced similar problem and if problem has been solved.

If I knew what the (your) situation was ....

Jamil Mungur

Hello Everyone,

I managed to solve the issue. It was related to the Dyndns.

Thanks for support

johnpoz

@Jamil-Mungur and how was that exactly.. The dyndns was only updating once a day, or every 12 hours or something and the IP from your isp was changing at 7pm?

Pretty sure the default in pfsense is to update dyndns on IP change.. Was the ttl on the dyndns too long?