only one client can't connect for the last 2 days

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
davidea
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 12, 2018 9:56 am

only one client can't connect for the last 2 days

Post by davidea » Fri Oct 12, 2018 10:35 am

as in the title i have a strange problem, i run a server in my office under 2 nat router with proper port forwarding , the server is a virtual machine with debian 9 , Linux openvpn 4.9.0-8-amd64 #1 SMP Debian 4.9.110-3+deb9u6 (2018-10-08) x86_64 GNU/Linux and openvpn 2.4.0-6 since 2017-10-15 (i check the apt log when it was upgraded from the previous version)
i have 6 client around my country with lte connectivity (different isp), but some day ago i lost one of this , the most farthest , about 300km ....
i check the connectivity with every client with 5 ping packet every minute, but starting at 2018-10-11 00:13:43 i receive only some ping reply (10 in 2 days) ....

the client is a router with openwrt 16.01.1 installed about a mounth ago with external antenna . it run smoothly for all this time and i haven't upgraded nothing, it is in an unattended location
i don't remember the openvpn client version
today i investigate , and i see that the client is trying to connect to my server, but i obtain in the log this error

Code: Select all

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
since i haven't change the client or server config , what's the problem?? and why sometimes it connects and get reply from my ping ??
being the client with an lte connectivity, it has a private ip address as wan interface, and every 15 minutes if it can't connect restart the lte conectivity changing the ip address , last i put a cron task that restart the router 4 times every day

here my server config
https://pastebin.com/ercBNeNj

and here the log filtered for this particular client
https://pastebin.com/nGH45ukq

if it's needed i can try to search the client config backup on my office pc

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 5006
Joined: Fri Jun 03, 2016 1:17 pm

Re: only one client can't connect for the last 2 days

Post by TinCanTech » Fri Oct 12, 2018 11:30 am

Fri Oct 12 10:38:59 2018 us=301502 5.90.181.153:47451 TLS: Initial packet from [AF_INET]5.90.181.153:47451, sid=b4f4c13e ac2b6788
WRWRRWWWWWWWWWRWWRWWWWRWRRW
Fri Oct 12 10:39:30 2018 us=961005 5.90.181.153:47451 VERIFY OK: depth=1, C=IT, ST=PA, L=Palermo, O=Home, OU=davide, CN=davide, name=davide, emailAddress=webmaster@******.***
Fri Oct 12 10:39:30 2018 us=961201 5.90.181.153:47451 VERIFY OK: depth=0, C=IT, ST=PA, L=openwrt24, O=****, OU=openwrt24, CN=openwrt24, name=openwrt24, emailAddress=webmaster@******.***
WRWR
Fri Oct 12 10:39:31 2018 us=64817 5.90.181.153:47451 peer info: IV_VER=2.4.5
Fri Oct 12 10:39:31 2018 us=64940 5.90.181.153:47451 peer info: IV_PLAT=linux
Fri Oct 12 10:39:31 2018 us=65036 5.90.181.153:47451 peer info: IV_PROTO=2
Fri Oct 12 10:39:31 2018 us=65130 5.90.181.153:47451 peer info: IV_NCP=2
Fri Oct 12 10:39:31 2018 us=65222 5.90.181.153:47451 peer info: IV_LZ4=1
Fri Oct 12 10:39:31 2018 us=65313 5.90.181.153:47451 peer info: IV_LZ4v2=1
Fri Oct 12 10:39:31 2018 us=65405 5.90.181.153:47451 peer info: IV_LZO=1
Fri Oct 12 10:39:31 2018 us=65495 5.90.181.153:47451 peer info: IV_COMP_STUB=1
Fri Oct 12 10:39:31 2018 us=65568 5.90.181.153:47451 peer info: IV_COMP_STUBv2=1
Fri Oct 12 10:39:31 2018 us=65638 5.90.181.153:47451 peer info: IV_TCPNL=1
rWRwRWrWRwrWRwrWRwrWRwW
Fri Oct 12 10:39:59 2018 us=335318 5.90.181.153:47451 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Your client almost completed a connection and then failed .. you have a network problem.

davidea
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 12, 2018 9:56 am

Re: only one client can't connect for the last 2 days

Post by davidea » Fri Oct 12, 2018 12:51 pm

which type of network problem, on the server side i think is all ok, the other client can connect without problem
on the client side, i don't know , nothing has changed in the hardware and software configuration, the only variable is the isp network ....

Arkley
OpenVpn Newbie
Posts: 1
Joined: Sat Oct 13, 2018 12:26 pm

Re: only one client can't connect for the last 2 days

Post by Arkley » Sat Oct 13, 2018 12:32 pm

I have had the same problem for a couple of days, and it's not a network problem, maybe a Windows Update on the server side machine has caused this?

davidea
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 12, 2018 9:56 am

Re: only one client can't connect for the last 2 days

Post by davidea » Sat Oct 13, 2018 9:48 pm

Arkley wrote:
Sat Oct 13, 2018 12:32 pm
I have had the same problem for a couple of days, and it's not a network problem, maybe a Windows Update on the server side machine has caused this?
no,the server is a debian linux machine, and the openvpn package is the same for the last year ....

today i run a ping

Code: Select all

PING 192.168.24.1 (192.168.24.1) 56(84) bytes of data.
64 bytes from 192.168.24.1: icmp_seq=5980 ttl=64 time=120 ms
64 bytes from 192.168.24.1: icmp_seq=6000 ttl=64 time=110 ms
64 bytes from 192.168.24.1: icmp_seq=6010 ttl=64 time=120 ms
64 bytes from 192.168.24.1: icmp_seq=6020 ttl=64 time=115 ms
64 bytes from 192.168.24.1: icmp_seq=6050 ttl=64 time=117 ms
64 bytes from 192.168.24.1: icmp_seq=6080 ttl=64 time=101 ms
64 bytes from 192.168.24.1: icmp_seq=6090 ttl=64 time=112 ms
64 bytes from 192.168.24.1: icmp_seq=6100 ttl=64 time=113 ms
64 bytes from 192.168.24.1: icmp_seq=6110 ttl=64 time=117 ms
64 bytes from 192.168.24.1: icmp_seq=6120 ttl=64 time=107 ms
64 bytes from 192.168.24.1: icmp_seq=6130 ttl=64 time=99.5 ms
64 bytes from 192.168.24.1: icmp_seq=6140 ttl=64 time=111 ms
64 bytes from 192.168.24.1: icmp_seq=6150 ttl=64 time=238 ms
64 bytes from 192.168.24.1: icmp_seq=6170 ttl=64 time=114 ms
64 bytes from 192.168.24.1: icmp_seq=6190 ttl=64 time=117 ms
64 bytes from 192.168.24.1: icmp_seq=6200 ttl=64 time=126 ms
64 bytes from 192.168.24.1: icmp_seq=6230 ttl=64 time=116 ms
64 bytes from 192.168.24.1: icmp_seq=6270 ttl=64 time=111 ms
64 bytes from 192.168.24.1: icmp_seq=6290 ttl=64 time=109 ms
64 bytes from 192.168.24.1: icmp_seq=6300 ttl=64 time=117 ms
64 bytes from 192.168.24.1: icmp_seq=6310 ttl=64 time=103 ms
64 bytes from 192.168.24.1: icmp_seq=6340 ttl=64 time=257 ms
64 bytes from 192.168.24.1: icmp_seq=6351 ttl=64 time=112 ms
64 bytes from 192.168.24.1: icmp_seq=6371 ttl=64 time=110 ms
64 bytes from 192.168.24.1: icmp_seq=6381 ttl=64 time=112 ms
64 bytes from 192.168.24.1: icmp_seq=6400 ttl=64 time=118 ms
64 bytes from 192.168.24.1: icmp_seq=6410 ttl=64 time=111 ms
64 bytes from 192.168.24.1: icmp_seq=6420 ttl=64 time=111 ms
64 bytes from 192.168.24.1: icmp_seq=6430 ttl=64 time=116 ms
64 bytes from 192.168.24.1: icmp_seq=6440 ttl=64 time=158 ms
it's about one packet every ten second ..... it's not enough to login and make some troubleshooting ....

davidea
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 12, 2018 9:56 am

Re: only one client can't connect for the last 2 days [solved]

Post by davidea » Tue Oct 23, 2018 10:41 pm

today i get my hands on the client router, and discovered that is a mobile related problem, from the client router if i hit the ping command , i receive only one packet every 10 (in ex : packet 18 , 28, 38 , 48 etc etc) ,i've tried the sim on a phone, i can't surf the web nor make a phone call (but it seems attached to the network), tomorrow we contact the provider ...

Post Reply