TLS Error: local/remote TLS keys are out of sync: - problem

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
andrewxxx
OpenVpn Newbie
Posts: 2
Joined: Thu Jan 28, 2016 11:02 am

TLS Error: local/remote TLS keys are out of sync: - problem

Post by andrewxxx » Thu Jan 28, 2016 11:08 am

I have a problem connecting multiple users to a single server.

One user = good.
Two users = problem.

Problem:

Thu Jan 28 10:44:03 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]

my configuration:

port 1194
proto udp
dev tap0
keepalive 10 120
status /tmp/openvpn-status.log
verb 3
tls-server
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/tomato/dh.pem
log-append /tmp-log.log

bridge configuration:

#!/bin/sh /etc/rc.common
START=94
start() {
openvpn --mktun --dev tap0
brctl addif br-lan tap0
ifconfig tap0 0.0.0.0 promisc up
}
stop() {
ifconfig tap0 0.0.0.0 down
brctl delif br-lan tap0
openvpn --rmtun --dev tap0
}

dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'

Logs:


Thu Jan 28 10:37:10 2016 TLS: Initial packet from [AF_INET]185.24.26.12:58474, sid=95df3f74 f3152eae
Thu Jan 28 10:37:11 2016 VERIFY OK: depth=1, C=PL, ST=lubuskie, L=ZielonaGora, O=VPN OPENWRT, OU=MyOrganizationalUnit, CN=VPN OPENWRT CA, name=EasyRSA, emailAddress=xxx@gmail.com
Thu Jan 28 10:37:11 2016 VERIFY OK: depth=0, C=PL, ST=lubuskie, L=ZielonaGora, O=VPN OPENWRT, OU=MyOrganizationalUnit, CN=windows_klient1_password, name=EasyRSA, emailAddress=xxx@gmail.com
Thu Jan 28 10:37:11 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 28 10:37:11 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 28 10:37:11 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 28 10:37:11 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 28 10:37:11 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Jan 28 10:37:11 2016 [windows_klient1_password] Peer Connection Initiated with [AF_INET]185.24.26.12:58474
Thu Jan 28 10:37:12 2016 Initialization Sequence Completed
Thu Jan 28 10:37:14 2016 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jan 28 10:37:14 2016 send_push_reply(): safe_cap=940
Thu Jan 28 10:37:14 2016 SENT CONTROL [windows_klient1_password]: 'PUSH_REPLY' (status=1)
Thu Jan 28 10:43:38 2016 TLS: new session incoming connection from [AF_INET]185.24.26.12:49340
Thu Jan 28 10:43:39 2016 VERIFY OK: depth=1, C=PL, ST=lubuskie, L=ZielonaGora, O=VPN OPENWRT, OU=MyOrganizationalUnit, CN=VPN OPENWRT CA, name=EasyRSA, emailAddress=xxx@gmail.com
Thu Jan 28 10:43:39 2016 VERIFY OK: depth=0, C=PL, ST=lubuskie, L=ZielonaGora, O=VPN OPENWRT, OU=MyOrganizationalUnit, CN=tz, name=EasyRSA, emailAddress=xxx@gmail.com
Thu Jan 28 10:43:39 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 28 10:43:39 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 28 10:43:39 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jan 28 10:43:39 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 28 10:43:39 2016 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Thu Jan 28 10:43:39 2016 TLS: tls_multi_process: untrusted session promoted to trusted
Thu Jan 28 10:43:39 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Jan 28 10:43:39 2016 [tz] Peer Connection Initiated with [AF_INET]185.24.26.12:49340
Thu Jan 28 10:43:42 2016 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jan 28 10:43:42 2016 send_push_reply(): safe_cap=940
Thu Jan 28 10:43:42 2016 SENT CONTROL [tz]: 'PUSH_REPLY' (status=1)
Thu Jan 28 10:44:03 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:04 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:04 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:04 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:04 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:08 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:09 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:10 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:18 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:18 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]
Thu Jan 28 10:44:19 2016 TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.24.26.12:58474 [0]

andrewxxx
OpenVpn Newbie
Posts: 2
Joined: Thu Jan 28, 2016 11:02 am

Re: TLS Error: local/remote TLS keys are out of sync: - prob

Post by andrewxxx » Thu Jan 28, 2016 9:08 pm

problem solved.
They are missing a few entries in the configuration.

adrinano
OpenVpn Newbie
Posts: 1
Joined: Tue Aug 22, 2017 10:32 am

Re: TLS Error: local/remote TLS keys are out of sync: - problem

Post by adrinano » Tue Aug 22, 2017 10:33 am

andrewxxx wrote:problem solved.
They are missing a few entries in the configuration.
Hi,
I have the same problem... which are the missing entries?

raptor2148
OpenVpn Newbie
Posts: 2
Joined: Sat Mar 30, 2019 3:35 pm

Re: TLS Error: local/remote TLS keys are out of sync: - problem

Post by raptor2148 » Thu Apr 16, 2020 12:36 am

what is missing?

Post Reply