TLS Error: local/remote TLS keys are out of sync
-
Hi Guys, facing another issue with my last Open VPN tunnel.
try to migrate my last Open VPN Peer to Peer Shared Key to SSL/TLS.
Shared key work like a charm, when i switch to SSL/TLS i get TLS Error: local/remote TLS keys are out of sync, and tunnel keep reseting... different error this time :/
Try numeros variant of config , switching server / client from pfsense to another is not the solution this time.
I have check NTP config, both on the same NTP Source, try different set of directions, TLS authent only.
No matter what is the config, authentication work 2 seconds and then get the TLS error and reseting...This is driving me crazy, do you guys have suggestions? let me know if i can
-
@ElaineNav
Are both nodes up to date?Ensure that the ciphers on client and server match.
Disable compression.Ensure that the server uses a server certificate.
For further investigation, enhance the log level on both, server and client, and check the log for detailed hints.
-
Thank you for your answer, yes Cipher match both side, compression is disabled,
Certificate are good 'Server Certificate on server side etc...)both pfsense are in 22.05 i have plan to upgrade them at the end of week.
I did enhance log level, but i still can't get the root cause, bu i juste notice the client pfsense do not add the remote network in the route table (wich work totaly fine when i switch back to shared key) try to understand why ...
-
I'll answer myself :
So my understanding of why route was not add was because the tunnel was not able to completly connect, and this make sense (still a guess though...)
After upgrading client to 24.11 the tunnel succeed to connect to the server (wich is still in 22.05)Finally im not really sure what was the root, because i had many pfsense in 22.05 with SSL/TLS tunnel working fine so my guess is, it was a mix of slow link and version, and was not related to my conf.
hope this will help others