Netgate SG-1000 microFirewall

Author Topic: OpenVPN - TLS error  (Read 46 times)

0 Members and 1 Guest are viewing this topic.

Offline simon.arsenault

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
OpenVPN - TLS error
« on: February 01, 2018, 12:26:58 pm »
Hi, the OpenVPN on one of my Customer stopped working for a couple hours saying the following message:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

I tried the connexion with the same installer downloaded from the website and it was working for me on my own computer (different network)... but I see that the port used was different but it is the same config file which is weird.

This is the server log of the error (it was the same error in the client log) when the user was trying to connect (XXX.XXX.XXX.XXX is user IP):
Code: [Select]
Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:08:53 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:11:00 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:12:05 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed
Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 16:13:18 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 TLS Error: TLS handshake failed


This is the server log of when I was connecting with the same installer/config/certificate (YYY.YYY.YYY.YYY is my IP):
Code: [Select]
Jan 31 16:15:57 PFS-GroupeSCE openvpn: user 'sophie' authenticated
Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: YYY.YYY.YYY.YYY:61610 [sophie] Peer Connection Initiated with [AF_INET]YYY.YYY.YYY.YYY:61610
Jan 31 16:15:57 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
Jan 31 16:15:58 PFS-GroupeSCE openvpn[40017]: sophie/YYY.YYY.YYY.YYY:61610 send_push_reply(): safe_cap=940

And this is the weird part.... a couple hours later, everything was working fine with no change on client or server... here is the error of the next login:
Code: [Select]
Jan 31 21:58:33 PFS-GroupeSCE openvpn: user 'sophie' authenticated
Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: XXX.XXX.XXX.XXX:1194 [sophie] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:1194
Jan 31 21:58:33 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 MULTI_sva: pool returned IPv4=192.168.20.5, IPv6=(Not enabled)
Jan 31 21:58:34 PFS-GroupeSCE openvpn[40017]: sophie/XXX.XXX.XXX.XXX:1194 send_push_reply(): safe_cap=940

The Customer ask me to identify the root cause of this incident but I really don't understand what happened and I hope someone here will be able to help me with that!

Regards,
« Last Edit: February 01, 2018, 12:34:06 pm by simon.arsenault »