TLS key negotiation fail on reconnect

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Ahmadi3D_Ali
OpenVpn Newbie
Posts: 4
Joined: Sun Aug 01, 2021 11:20 am

TLS key negotiation fail on reconnect

Post by Ahmadi3D_Ali » Sun Aug 01, 2021 11:29 am

Hello
If for whatever reason such as pulling the internet cable, my internet gets disconnected for a couple minutes, when the internet is back OpenVPN fails to reconnect and it throws TLS key negotiation failed error, this happens no matter how much i wait, i have to restart the pc for it to connect again.
Here is my config file

Code: Select all

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
log-append /etc/openvpn/openvpn.log

remote-cert-tls server

auth-user-pass pass.txt
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
Here I write part of the error :

Code: Select all

TCP/UDP: preserving recently used remote address: [AF_INETJxxx.xxx.xxx:1194]
socket buffers: R=[212992->425904] s=[212992->425904]
UDP link local: (not bound)
UDP link remote: [AFINETJxxx.xxx.xxx.xxx:1194]
TLS Error: TLS key negotitation failed to occur within 60 seconds (check network connectivity)
TSL Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
Restart puase, 5 second

User avatar
Danran
OpenVPN User
Posts: 28
Joined: Tue Jun 29, 2021 9:21 am

Re: TLS key negotiation fail on reconnect

Post by Danran » Wed Aug 04, 2021 12:20 am

I' having the same issue. Did you ever figure this out?

Ahmadi3D_Ali
OpenVpn Newbie
Posts: 4
Joined: Sun Aug 01, 2021 11:20 am

Re: TLS key negotiation fail on reconnect

Post by Ahmadi3D_Ali » Wed Aug 04, 2021 6:57 am

Danran wrote:
Wed Aug 04, 2021 12:20 am
I' having the same issue. Did you ever figure this out?
No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.

User avatar
Danran
OpenVPN User
Posts: 28
Joined: Tue Jun 29, 2021 9:21 am

Re: TLS key negotiation fail on reconnect

Post by Danran » Thu Aug 05, 2021 9:34 pm

Ahmadi3D_Ali wrote:
Wed Aug 04, 2021 6:57 am
Danran wrote:
Wed Aug 04, 2021 12:20 am
I' having the same issue. Did you ever figure this out?
No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.
What OS are you running? Im wondering if its an Ubuntu specific issue.

Ahmadi3D_Ali
OpenVpn Newbie
Posts: 4
Joined: Sun Aug 01, 2021 11:20 am

Re: TLS key negotiation fail on reconnect

Post by Ahmadi3D_Ali » Sat Aug 07, 2021 6:23 pm

Danran wrote:
Thu Aug 05, 2021 9:34 pm
Ahmadi3D_Ali wrote:
Wed Aug 04, 2021 6:57 am
Danran wrote:
Wed Aug 04, 2021 12:20 am
I' having the same issue. Did you ever figure this out?
No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.
What OS are you running? Im wondering if its an Ubuntu specific issue.

I'm using raveOS, its a mining os but its linux based and i think its ubuntu so yeah i think its ubuntu specific, the problem was that open vpn forum didn't have ubuntu or linux section so i posted this thread in windows section

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: TLS key negotiation fail on reconnect

Post by TinCanTech » Sat Aug 07, 2021 6:41 pm

Ahmadi3D_Ali wrote:
Sat Aug 07, 2021 6:23 pm
the problem was that open vpn forum didn't have ubuntu or linux section so i posted this thread in windows section
That was smart ..

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: TLS key negotiation fail on reconnect

Post by 300000 » Sun Aug 08, 2021 1:47 pm

This js your problem not openvpn at all . Whenever your internet is disconnected so do you expecting openvpn still connected on disconnect network? How do it is hide your ip from location ? When first reconnect internet it will show real ip that is normal. .

If you want to hide something dont use internet at all .

User avatar
Danran
OpenVPN User
Posts: 28
Joined: Tue Jun 29, 2021 9:21 am

Re: TLS key negotiation fail on reconnect

Post by Danran » Tue Aug 10, 2021 5:15 pm

300000 wrote:
Sun Aug 08, 2021 1:47 pm
This js your problem not openvpn at all . Whenever your internet is disconnected so do you expecting openvpn still connected on disconnect network? How do it is hide your ip from location ? When first reconnect internet it will show real ip that is normal. .

If you want to hide something dont use internet at all .
You are an openvpn expert? This above statment makes zero sense. Please revise?

User avatar
Danran
OpenVPN User
Posts: 28
Joined: Tue Jun 29, 2021 9:21 am

Re: TLS key negotiation fail on reconnect

Post by Danran » Tue Aug 10, 2021 5:18 pm

Ahmadi3D_Ali wrote:
Sat Aug 07, 2021 6:23 pm
Danran wrote:
Thu Aug 05, 2021 9:34 pm
Ahmadi3D_Ali wrote:
Wed Aug 04, 2021 6:57 am

No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.
What OS are you running? Im wondering if its an Ubuntu specific issue.

I'm using raveOS, its a mining os but its linux based and i think its ubuntu so yeah i think its ubuntu specific, the problem was that open vpn forum didn't have ubuntu or linux section so i posted this thread in windows section
I diverted the problem/solved the issue, by switching to openvpn3 and using the openvpn3-autoload with it enabled on boot by s

Code: Select all

ystemctl enable openvpn3-autoload.service
. With that command on openvpn3, it actually 1. Connects on boot automatically, and 2. Reconnects to the vpn automatically after disconnecting and reconnecting the ethernet cable. Problem solved. Now if I could know how safe/production ready openvpn3 is.

User avatar
Danran
OpenVPN User
Posts: 28
Joined: Tue Jun 29, 2021 9:21 am

Re: TLS key negotiation fail on reconnect

Post by Danran » Fri Aug 13, 2021 3:55 am

I dont know how to edit a post, so I'm posting the proper command to enable on boot and after disconnect for openvpn3 here.

Code: Select all

systemctl enable openvpn3-autoload.service

Ahmadi3D_Ali
OpenVpn Newbie
Posts: 4
Joined: Sun Aug 01, 2021 11:20 am

Re: TLS key negotiation fail on reconnect

Post by Ahmadi3D_Ali » Sat Aug 14, 2021 7:11 pm

Danran wrote:
Fri Aug 13, 2021 3:55 am
I dont know how to edit a post, so I'm posting the proper command to enable on boot and after disconnect for openvpn3 here.

Code: Select all

systemctl enable openvpn3-autoload.service
Nice solution, this solves the issue of having no internet but it seems open vpn doesnt try to reconnect, meaning the ip is exposed, i think we need one more config so now open vpn tries to reconnect infinitly.
If you do not have this problem, maybe u can share you open vpn config so i can try it with yours, thank you.

User avatar
Danran
OpenVPN User
Posts: 28
Joined: Tue Jun 29, 2021 9:21 am

Re: TLS key negotiation fail on reconnect

Post by Danran » Sun Aug 15, 2021 5:01 pm

Ahmadi3D_Ali wrote:
Sat Aug 14, 2021 7:11 pm
Danran wrote:
Fri Aug 13, 2021 3:55 am
I dont know how to edit a post, so I'm posting the proper command to enable on boot and after disconnect for openvpn3 here.

Code: Select all

systemctl enable openvpn3-autoload.service
Nice solution, this solves the issue of having no internet but it seems open vpn doesnt try to reconnect, meaning the ip is exposed, i think we need one more config so now open vpn tries to reconnect infinitly.
If you do not have this problem, maybe u can share you open vpn config so i can try it with yours, thank you.
Sure! If I understand you correctly, I DO NOT have this problem. Openvpn3 connects at boot, and then if the internet (or ethernet cable is disconnected), it automatically reconnects to the vpn as soon as the internet cable is plugged back in. My final Configuration for openvpn3 that accomplishes exactly this, is posted below. I also got some help directly on github from the openvpn3 developer, so i'm fairly certin my openvpn configuration is solid, as well as secure. Below are the steps I took to get this all working with openvpn3.

On my vpn Access Server, my additional "Server Config Directives" are as follows:

Code: Select all

resolv-retry infinite
persist-key
persist-tun
keepalive 10 120
explicit-exit-notify 1
push "keepalive 10 120"
On my vpn client, my

Code: Select all

myovpn3.conf
file is located in

Code: Select all

/etc/openvpn3/autoload/myovpn3.conf
, and it looks like this (without the keys & certs):

Code: Select all

client
proto udp
nobind
remote 123.45.678.910
port 1194
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
auth-user-pass
verb 3
push-peer-info
resolv-retry infinite
persist-key
persist-tun
keepalive 10 120
Also, on my vpn client, my

Code: Select all

myovpn3.autoload
file is located at

Code: Select all

/etc/openvpn3/autoload/myovpn3.autoload
, and it looks like this (note: do not delete any parenthesis, but rather just fill in the blanks):

Code: Select all

{
   "autostart": true,
    "name": "TheNameOfMyVpn3",
    "acl": {
        "set-owner": "My-Linux-Username"
    },
    "tunnel": {
        "ipv6": "no",
        "persist": true,
        "dns-fallback": "google",
        "dns-setup-disabled": false
    },
    "user-auth": {
        "username": "MyVpn3UserNameHere",
        "password": "MyVpn3PasswordHere"
    }
}
I have also done a

Code: Select all

sudo chmod 644 /etc/openvpn3/autoload/myovpn3.conf
and a

Code: Select all

sudo chmod 644 /etc/openvpn3/autoload/myovpn3.autoload
to make permissions more restrictive, but not so much that openvpn3 cannot read the files without being root.

Finally, after all of my config files are perfectly formatted and checked over, I run the command

Code: Select all

sudo systemctl enable openvpn3-autoload.service
and then reboot my linux box. Upon reboot, you should automatically be connected to your openvpn server. You can check your ip by running the command

Code: Select all

curl https://ipinfo.io/ip
. After disconnecting the ethernet cable and wifi, your clients vpn (and internet connection in general) will go down and disconnect. Once you reconnect your linux box to the internet via ethernet cable of wifi, your vpn client should automatically reconnect to the vpn without any user interaction what so ever. It does on mine at least.

Let me know if you still have issues, but I hope this helps!

Danran
https://nerd-tech.net

Post Reply