Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yo143ge
      last edited by

      Trying to setup open VPN in pfsense. im new here
      c85ba9fc-1823-4767-a015-73bc8bd126b8-image.png

      When i try to connect using the open VPN application in get an error ,
      2024-10-17 20:33:52 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
      2024-10-17 20:33:52 OpenVPN 2.6.7 [git:v2.6.7/53c9033317b3b8fd] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Nov 8 2023
      2024-10-17 20:33:52 Windows version 10.0 (Windows 10 or greater), amd64 executable
      2024-10-17 20:33:52 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
      2024-10-17 20:33:52 DCO version: 1.0.0
      2024-10-17 20:33:54 TCP/UDP: Preserving recently used remote address: [AF_INET]104.8.232.193:1194
      2024-10-17 20:33:54 UDPv4 link local: (not bound)
      2024-10-17 20:33:54 UDPv4 link remote: [AF_INET]104.8.232.193:1194
      2024-10-17 20:34:54 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      2024-10-17 20:34:54 TLS Error: TLS handshake failed

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @yo143ge
        last edited by

        @yo143ge
        Ensure, that the OpenVPN server is reachable from the client.
        Did you even add a rule to WAN to allow access?

        Do you see something in the server log?
        Status > System logs > OpenVPN

        You can verify if the client packets arrive on the WAN with Diagnostic > Packet Capture.
        Select the WAN interface and enter 1194 into the port filter field and start the capture. Then try to connect from the client.
        Ensure that the client access the server from WAN side, not from local network.
        Do you see any packets?

        1 Reply Last reply Reply Quote 0
        • H
          hv4282
          last edited by

          I got the same error message after upgrading to a more recent pfsense version (2.6). I tried the packet capture (and I saw the client packets arriving), I switched from UDP to TCP (to no avail), I tried different port numbers and still got the same error message (TLS key negotiation failed to occur within 60 seconds).

          Then I configured the OpenVPN server "Endpoint Configuration" and switched the interface from "WAN" to "any". Et voilà - the error message was gone and the connection was established as desired!

          I then tried all different settings for "interface" to find out which was the right one, but I got the error message for every single one of them. Only "any" worked.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.