OpenVPN connectivity fails all of a sudden [solved]



  • Hello,

    two days ago suddenly I started to be unable to connect to the OpenVPN server I have.

    The server is part of pfSense router and was working without problems until the day before yesterday. When I try to connect to it, the log says

    openvpn[61203]: (ip address hidden):45630 Re-using SSL/TLS context
    openvpn[61203]: (ip address hidden):45630 LZO compression initialized
    
    

    And then fails without further notice, only to show after a minute

    
    openvpn[61203]: (ip address hidden):45630 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    openvpn[61203]: (ip address hidden):45630 TLS Error: TLS handshake failed
    
    

    I tried to make a connection both from inside and outside the LAN, and both gave the same result.

    The OpenVPN is configured to use UDP on port 1194, with LZO compression.

    There is corresponding rule in the firewall, and when I nmap the router, it shows the port 1194 as open.

    I tried to reboot the router, but nothing changed.

    I made new certificates, but still receiving the same error.

    I changed the port to 1195, it was all the same. Tried to change to TCP, but it was resetting my connection.

    I have made no changes in the configuration of the router, except adding a DHCP lease in the LAN network for one server.

    The version of pfSense is 2.0.2.



  • It turned out that a misinterpretation of the UNIX timestamp expired the certificates prematurely. They had 10 years lifetime, but the date was misinterpreted as a date from the past. I created new certificates with 6 years instead of 10 of lifetime and everything works again.

    In conclusion, avoid creating certificates with 10 years of expiry, make them with less.


Log in to reply