I have several OpenVPN servers on Raspberry Pi and other Linux boxes. They have been working for months and months without issue. Suddenly an office with 2 openVPN servers suddenly refuses to connect. One server was completely rebuilt with new OpenVPN without success. I am suspicious that Google Fiber might be the issue. Ports 1194 and 60189 have UDP forwarded to the correct local IP addresses. How can we test? (connection logs below for both servers at this one external IP address.)
Wed Feb 27 10:23:25 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Wed Feb 27 10:23:25 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Feb 27 10:23:25 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Wed Feb 27 10:23:25 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343
Wed Feb 27 10:23:25 2019 Need hold release from management interface, waiting...
Wed Feb 27 10:23:25 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343
Wed Feb 27 10:23:26 2019 MANAGEMENT: CMD 'state on'
Wed Feb 27 10:23:26 2019 MANAGEMENT: CMD 'log all on'
Wed Feb 27 10:23:26 2019 MANAGEMENT: CMD 'echo all on'
Wed Feb 27 10:23:26 2019 MANAGEMENT: CMD 'bytecount 5'
Wed Feb 27 10:23:26 2019 MANAGEMENT: CMD 'hold off'
Wed Feb 27 10:23:26 2019 MANAGEMENT: CMD 'hold release'
Wed Feb 27 10:23:35 2019 MANAGEMENT: CMD 'username "Auth" "kim2AS"'
Wed Feb 27 10:23:35 2019 MANAGEMENT: CMD 'password [...]'
Wed Feb 27 10:23:35 2019 MANAGEMENT: CMD 'proxy NONE '
Wed Feb 27 10:23:36 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Wed Feb 27 10:23:36 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 27 10:23:36 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 27 10:23:36 2019 MANAGEMENT: >STATE:1551234216,RESOLVE,,,,,,
Wed Feb 27 10:23:36 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]136.xxx.xxx.39:1194
Wed Feb 27 10:23:36 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Feb 27 10:23:36 2019 UDP link local: (not bound)
Wed Feb 27 10:23:36 2019 UDP link remote: [AF_INET]136.xxx.xxx.39:1194
Wed Feb 27 10:23:36 2019 MANAGEMENT: >STATE:1551234216,WAIT,,,,,,
Wed Feb 27 10:24:37 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 27 10:24:37 2019 TLS Error: TLS handshake failed
Wed Feb 27 10:24:37 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 27 10:24:37 2019 MANAGEMENT: >STATE:1551234277,RECONNECTING,tls-error,,,,,
Wed Feb 27 10:24:37 2019 Restart pause, 5 second(s)
Wed Feb 27 10:24:42 2019 MANAGEMENT: CMD 'proxy NONE '
Wed Feb 27 10:24:43 2019 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Wed Feb 27 10:24:43 2019 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 27 10:24:43 2019 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 27 10:24:43 2019 MANAGEMENT: >STATE:1551234283,RESOLVE,,,,,,
Wed Feb 27 10:24:43 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]136.xxx.xxx.39:1194
Wed Feb 27 10:24:43 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Feb 27 10:24:43 2019 UDP link local: (not bound)
Wed Feb 27 10:24:43 2019 UDP link remote: [AF_INET]136.xxx.xxx.39:1194
Wed Feb 27 10:24:43 2019 MANAGEMENT: >STATE:1551234283,WAIT,,,,,,
Wed Feb 27 10:25:44 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 27 10:25:44 2019 TLS Error: TLS handshake failed
Wed Feb 27 10:25:44 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 27 10:25:44 2019 MANAGEMENT: >STATE:1551234344,RECONNECTING,tls-error,,,,,
Wed Feb 27 10:25:44 2019 Restart pause, 5 second(s)
Here is the log for the connection to the Raspberry pi at the same location
Wed Feb 27 10:57:42 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Wed Feb 27 10:57:42 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Feb 27 10:57:42 2019 library versions: OpenSSL 1.1.0j 20 Nov 2018, LZO 2.10
Wed Feb 27 10:57:43 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]136.xxx.xxx.39:60189
Wed Feb 27 10:57:43 2019 UDP link local: (not bound)
Wed Feb 27 10:57:43 2019 UDP link remote: [AF_INET]136.xxx.xxx.39:60189
Wed Feb 27 10:58:43 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 27 10:58:43 2019 TLS Error: TLS handshake failed
Wed Feb 27 10:58:43 2019 SIGUSR1[soft,tls-error] received, process restarting
Wed Feb 27 10:58:49 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]136.xxx.xxx.39:60189
Wed Feb 27 10:58:49 2019 UDP link local: (not bound)
Wed Feb 27 10:58:49 2019 UDP link remote: [AF_INET]136.xxx.xxx.39:60189
Connections from several different Windows clients report this same issues.