OpenVPN clients can`t connect



  • Hi!

    I dont know which snap borked it, but now none of my 30 vpn clients cant connect.

    Server logs show:

    Mar 15 18:19:46 	openvpn 	69413 	EXTERNALIP:36553 TLS Error: TLS handshake failed
    Mar 15 18:19:46 	openvpn 	69413 	EXTERNALIP:36553 TLS Error: TLS object -> incoming plaintext read error
    Mar 15 18:19:46 	openvpn 	69413 	EXTERNALIP:36553 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
    Mar 15 18:19:46 	openvpn 	69413 	EXTERNALIP:36553 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1
    Mar 15 18:19:04 	openvpn 	69413 	EXTERNALIP:41915 TLS Error: TLS handshake failed
    Mar 15 18:19:04 	openvpn 	69413 	EXTERNALIP:41915 TLS Error: TLS object -> incoming plaintext read error
    Mar 15 18:19:04 	openvpn 	69413 	EXTERNALIP:41915 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 
    

    I havent changed absolutely anything. Any idea Im in real trouble here…

    Thanks!



  • Ummm clicked save on openvpn server, updated to latest snap, rebooted and all is fine again.
    What???



  • Rebooted and same thing with ssl.
    One connection was succesful others with same errors.

    How can I troubleshoot this?



  • I even created NEW CA, new openvpn server cert and new client cert and same results.



  • Hmmm found how to replicate.

    Wait for new snapshot (must include kernel too). Update and wait for box to reboot.
    Try to connect openvpn = no go

    Reboot the box again and we can connect.

    Huh?


  • Rebel Alliance Developer Netgate

    Check your clock on each boot, see what it is doing.

    Also compare the contents of /var/etc/openvpn when it works vs when it doesn't.

    Given the other problems your system seems to have (like the package startup issue) it's possible some boot-time task is failing to work 100%.



  • Hi Jimp, I will check it.

    P.S.
    This system has no other issues :)
    Other 2 have startup issues.


Log in to reply