josh
2008-05-27 15:22:51 UTC
I'm seeing the following on an OpenVPN client (OpenSolaris) connecting
to a Solaris OpenVPN endpoint. We have roughly 180 clients connected
to two different T1000's, all using the same config files. We have a
handful of clients that are using TCP for connectivity instead of UDP
(not my idea, but the clients) This particular store is connected via
TCP.
I'm attaching the server.config, client startup script, and server.log
from when this error is happening.
Here's a snippet of the log file on the client:
Tue May 27 08:23:36 2008 Initialization Sequence Completed
Tue May 27 09:22:39 2008 [vpn] Inactivity timeout (--ping-restart), restarting
delete net 192.168.244.0: gateway 192.168.244.1
delete net 172.35.1.0: gateway 192.168.244.1
delete net 10.0.0.0: gateway 192.168.244.1
Tue May 27 09:22:39 2008 SIGUSR1[soft,ping-restart] received, process restarting
Tue May 27 09:22:44 2008 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used
5000 as the default port.
Tue May 27 09:22:44 2008 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Tue May 27 09:22:44 2008 Attempting to establish TCP connection with
x.x.x.x:1194
Tue May 27 09:22:44 2008 TCP connection established with x.x.x.x:1194
Tue May 27 09:22:44 2008 TCPv4_CLIENT link local: [undef]
Tue May 27 09:22:44 2008 TCPv4_CLIENT link remote: x.x.x.x:1194
Tue May 27 09:22:46 2008 [vpn] Peer Connection Initiated with x.x.x.x:1194
Tue May 27 09:22:47 2008 TUN/TAP device tun1 opened
Tue May 27 09:22:47 2008 /usr/sbin/ifconfig tun1 192.168.244.53
192.168.244.1 mtu 1500 up
Tue May 27 09:22:47 2008 /usr/sbin/ifconfig tun1 netmask 255.255.255.255
add net 10.0.0.0: gateway 192.168.244.1
add net 172.35.1.0: gateway 192.168.244.1
add net 192.168.244.0: gateway 192.168.244.1
Tue May 27 09:22:47 2008 Initialization Sequence Completed
Tue May 27 10:23:46 2008 TLS Error: TLS key negotiation failed to
occur within 60 seconds (check your network connectivity)
Tue May 27 10:23:46 2008 TLS Error: TLS handshake failed
Tue May 27 10:23:46 2008 Fatal TLS error (check_tls_errors_co), restarting
delete net 192.168.244.0: gateway 192.168.244.1
delete net 172.35.1.0: gateway 192.168.244.1
delete net 10.0.0.0: gateway 192.168.244.1
Tue May 27 10:23:46 2008 SIGUSR1[soft,tls-error] received, process restarting
Tue May 27 10:23:51 2008 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used
5000 as the default port.
Tue May 27 10:23:51 2008 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Tue May 27 10:23:51 2008 Attempting to establish TCP connection with
x.x.x.x:1194
Tue May 27 10:23:51 2008 TCP connection established with x.x.x.x:1194
Tue May 27 10:23:51 2008 TCPv4_CLIENT link local: [undef]
Tue May 27 10:23:51 2008 TCPv4_CLIENT link remote: x.x.x.x:1194
Tue May 27 10:23:55 2008 [vpn] Peer Connection Initiated with x.x.x.x:1194
Tue May 27 10:23:56 2008 TUN/TAP device tun1 opened
Tue May 27 10:23:56 2008 /usr/sbin/ifconfig tun1 192.168.244.53
192.168.244.1 mtu 1500 up
Thanks!
to a Solaris OpenVPN endpoint. We have roughly 180 clients connected
to two different T1000's, all using the same config files. We have a
handful of clients that are using TCP for connectivity instead of UDP
(not my idea, but the clients) This particular store is connected via
TCP.
I'm attaching the server.config, client startup script, and server.log
from when this error is happening.
Here's a snippet of the log file on the client:
Tue May 27 08:23:36 2008 Initialization Sequence Completed
Tue May 27 09:22:39 2008 [vpn] Inactivity timeout (--ping-restart), restarting
delete net 192.168.244.0: gateway 192.168.244.1
delete net 172.35.1.0: gateway 192.168.244.1
delete net 10.0.0.0: gateway 192.168.244.1
Tue May 27 09:22:39 2008 SIGUSR1[soft,ping-restart] received, process restarting
Tue May 27 09:22:44 2008 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used
5000 as the default port.
Tue May 27 09:22:44 2008 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Tue May 27 09:22:44 2008 Attempting to establish TCP connection with
x.x.x.x:1194
Tue May 27 09:22:44 2008 TCP connection established with x.x.x.x:1194
Tue May 27 09:22:44 2008 TCPv4_CLIENT link local: [undef]
Tue May 27 09:22:44 2008 TCPv4_CLIENT link remote: x.x.x.x:1194
Tue May 27 09:22:46 2008 [vpn] Peer Connection Initiated with x.x.x.x:1194
Tue May 27 09:22:47 2008 TUN/TAP device tun1 opened
Tue May 27 09:22:47 2008 /usr/sbin/ifconfig tun1 192.168.244.53
192.168.244.1 mtu 1500 up
Tue May 27 09:22:47 2008 /usr/sbin/ifconfig tun1 netmask 255.255.255.255
add net 10.0.0.0: gateway 192.168.244.1
add net 172.35.1.0: gateway 192.168.244.1
add net 192.168.244.0: gateway 192.168.244.1
Tue May 27 09:22:47 2008 Initialization Sequence Completed
Tue May 27 10:23:46 2008 TLS Error: TLS key negotiation failed to
occur within 60 seconds (check your network connectivity)
Tue May 27 10:23:46 2008 TLS Error: TLS handshake failed
Tue May 27 10:23:46 2008 Fatal TLS error (check_tls_errors_co), restarting
delete net 192.168.244.0: gateway 192.168.244.1
delete net 172.35.1.0: gateway 192.168.244.1
delete net 10.0.0.0: gateway 192.168.244.1
Tue May 27 10:23:46 2008 SIGUSR1[soft,tls-error] received, process restarting
Tue May 27 10:23:51 2008 IMPORTANT: OpenVPN's default port number is
now 1194, based on an official port number assignment by IANA.
OpenVPN 2.0-beta16 and earlier used
5000 as the default port.
Tue May 27 10:23:51 2008 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Tue May 27 10:23:51 2008 Attempting to establish TCP connection with
x.x.x.x:1194
Tue May 27 10:23:51 2008 TCP connection established with x.x.x.x:1194
Tue May 27 10:23:51 2008 TCPv4_CLIENT link local: [undef]
Tue May 27 10:23:51 2008 TCPv4_CLIENT link remote: x.x.x.x:1194
Tue May 27 10:23:55 2008 [vpn] Peer Connection Initiated with x.x.x.x:1194
Tue May 27 10:23:56 2008 TUN/TAP device tun1 opened
Tue May 27 10:23:56 2008 /usr/sbin/ifconfig tun1 192.168.244.53
192.168.244.1 mtu 1500 up
Thanks!