Geert Lorang
2017-07-17 16:17:38 UTC
Hi,
Since Ubuntu 17.04 came out a few of our users have upgraded their
OpenVPN client to 2.4 but this seems to break compatibility with our
server which is still on 2.3 (latest Debian Jessie). I can reproduce
this problem on Windows as well with latest 2.4.3.
As soon as you start downloading some big(ger) files which utilize the
VPN quite heavily OpenVPN will prompt again for credentials after 1-5
minutes and our users have to re-authenticate with their token as we use
a 2FA based setup.
The exact same config / setup / PC / Internet connection / ... but with
OpenVPN 2.3 just works perfectly for over a year, it's really only the
2.4 clients (both Windows & Linux) that have this problem.
When a disconnect occurs the following is seen server side:
Jul 17 17:51:09 X ovpn-openvpn[640]: geert/::ffff:X.X.X.X TLS Error: TLS
key negotiation failed to occur within 60 seconds (check your network
connectivity)
Jul 17 17:51:09 X ovpn-openvpn[640]: geert/::ffff:X.X.X.X TLS Error: TLS
handshake failed
Jul 17 17:51:09 X ovpn-openvpn[640]: geert/::ffff:X.X.X.X TLS:
move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Client side there is nothing the log.
Most relevant config settings we have are reneg-sec 0, auth-user-pass,
auth-nocache and proto udp I guess. If needed I can provide the entire
configs.
Anyone seen this before / knows what's going on?
Thanks,
Geert
Since Ubuntu 17.04 came out a few of our users have upgraded their
OpenVPN client to 2.4 but this seems to break compatibility with our
server which is still on 2.3 (latest Debian Jessie). I can reproduce
this problem on Windows as well with latest 2.4.3.
As soon as you start downloading some big(ger) files which utilize the
VPN quite heavily OpenVPN will prompt again for credentials after 1-5
minutes and our users have to re-authenticate with their token as we use
a 2FA based setup.
The exact same config / setup / PC / Internet connection / ... but with
OpenVPN 2.3 just works perfectly for over a year, it's really only the
2.4 clients (both Windows & Linux) that have this problem.
When a disconnect occurs the following is seen server side:
Jul 17 17:51:09 X ovpn-openvpn[640]: geert/::ffff:X.X.X.X TLS Error: TLS
key negotiation failed to occur within 60 seconds (check your network
connectivity)
Jul 17 17:51:09 X ovpn-openvpn[640]: geert/::ffff:X.X.X.X TLS Error: TLS
handshake failed
Jul 17 17:51:09 X ovpn-openvpn[640]: geert/::ffff:X.X.X.X TLS:
move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Client side there is nothing the log.
Most relevant config settings we have are reneg-sec 0, auth-user-pass,
auth-nocache and proto udp I guess. If needed I can provide the entire
configs.
Anyone seen this before / knows what's going on?
Thanks,
Geert