OpenVPN Client cannot reconect (UDP and Radius/LDAP)

This forum is for general conversation and user-user networking.
Post Reply
bakejpan
OpenVpn Newbie
Posts: 1
Joined: Sat Sep 17, 2022 11:44 am

OpenVPN Client cannot reconect (UDP and Radius/LDAP)

Post by bakejpan » Sat Sep 17, 2022 12:21 pm

OpenVPN CE on PFsense 2.6.0-RELEASE (amd64)
My problem is as follows. With the Open VPN server set to UDP on VPN restart, the client cannot automatically relog. In the client window, the wheel spins endlessly. Interestingly, the same VPN server only on TCP can relog at restart. The authorization server in my case is RADIUS.
Client need to switch the button off and on again and then it connects without asking for password. Is it a bug?

What i can do to make my udp server vpn clients reconect automaticly when i restart udp vpn service?

All log are from time when i restart vpn service

Server Logs
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_VER=3.git::d3f8b18b
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_PLAT=win
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_NCP=2
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_TCPNL=1
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_PROTO=30
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_GUI_VER=OCWindows_3.3.6-2752
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_SSO=webauth,openurl,crtext
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 peer info: IV_BS64DL=1
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 TLS Error: Auth Username/Password was not provided by peer
Sep 17 14:01:53 openvpn 39609 31.182.200.17:18624 TLS Error: TLS handshake failed
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_VER=3.git::d3f8b18b
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_PLAT=win
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_NCP=2
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_TCPNL=1
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_PROTO=30
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_GUI_VER=OCWindows_3.3.6-2752
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_SSO=webauth,openurl,crtext
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 peer info: IV_BS64DL=1
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 TLS Error: Auth Username/Password was not provided by peer
Sep 17 14:01:53 openvpn 39609 46.170.191.12:53144 TLS Error: TLS handshake failed
Client Logs
[Sep 17, 2022, 13:56:22] Client halt/restart: RESTART psid=0 reason=''
⏎[Sep 17, 2022, 13:56:22] EVENT: CLIENT_RESTART ⏎[Sep 17, 2022, 13:56:22] Client terminated, restarting in 2000 ms...
⏎[Sep 17, 2022, 13:56:22] SetupClient: signaling tun destroy event
⏎[Sep 17, 2022, 13:56:24] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:56:24] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:56:24] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:56:24] EVENT: WAIT ⏎[Sep 17, 2022, 13:56:24] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:56:25] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:56:26] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:56:26] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:56:26] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:56:26] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 13:57:06] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Sep 17, 2022, 13:57:06] Client terminated, restarting in 2000 ms...
⏎[Sep 17, 2022, 13:57:08] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:57:08] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:57:08] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:57:08] EVENT: WAIT ⏎[Sep 17, 2022, 13:57:08] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:57:08] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:57:08] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:57:08] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:57:08] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:57:08] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 13:57:24] EVENT: PAUSE ⏎[Sep 17, 2022, 13:57:24] EVENT: RESUME ⏎[Sep 17, 2022, 13:57:24] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:57:24] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:57:24] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:57:24] EVENT: WAIT ⏎[Sep 17, 2022, 13:57:24] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:57:25] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:57:25] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:57:25] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:57:25] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:57:25] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 13:58:05] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Sep 17, 2022, 13:58:05] Client terminated, restarting in 2000 ms...
⏎[Sep 17, 2022, 13:58:07] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:58:07] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:58:07] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:58:07] EVENT: WAIT ⏎[Sep 17, 2022, 13:58:07] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:58:07] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:58:07] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:58:07] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:58:07] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:58:07] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 13:58:24] EVENT: PAUSE ⏎[Sep 17, 2022, 13:58:24] EVENT: RESUME ⏎[Sep 17, 2022, 13:58:24] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:58:24] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:58:24] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:58:24] EVENT: WAIT ⏎[Sep 17, 2022, 13:58:24] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:58:25] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:58:25] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:58:25] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:58:25] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:58:25] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 13:59:05] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Sep 17, 2022, 13:59:05] Client terminated, restarting in 2000 ms...
⏎[Sep 17, 2022, 13:59:07] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:59:07] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:59:07] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:59:07] EVENT: WAIT ⏎[Sep 17, 2022, 13:59:07] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:59:07] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:59:07] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:59:07] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:59:07] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:59:07] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 13:59:25] EVENT: PAUSE ⏎[Sep 17, 2022, 13:59:25] EVENT: RESUME ⏎[Sep 17, 2022, 13:59:25] EVENT: RECONNECTING ⏎[Sep 17, 2022, 13:59:25] EVENT: RESOLVE ⏎[Sep 17, 2022, 13:59:25] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 13:59:25] EVENT: WAIT ⏎[Sep 17, 2022, 13:59:25] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 13:59:25] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 13:59:25] EVENT: CONNECTING ⏎[Sep 17, 2022, 13:59:25] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 13:59:25] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 13:59:25] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 14:00:05] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Sep 17, 2022, 14:00:05] Client terminated, restarting in 2000 ms...
⏎[Sep 17, 2022, 14:00:07] EVENT: RECONNECTING ⏎[Sep 17, 2022, 14:00:07] EVENT: RESOLVE ⏎[Sep 17, 2022, 14:00:07] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 14:00:07] EVENT: WAIT ⏎[Sep 17, 2022, 14:00:07] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 14:00:07] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 14:00:07] EVENT: CONNECTING ⏎[Sep 17, 2022, 14:00:07] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 14:00:07] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 14:00:07] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 14:00:25] EVENT: PAUSE ⏎[Sep 17, 2022, 14:00:25] EVENT: RESUME ⏎[Sep 17, 2022, 14:00:25] EVENT: RECONNECTING ⏎[Sep 17, 2022, 14:00:25] EVENT: RESOLVE ⏎[Sep 17, 2022, 14:00:25] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 14:00:25] EVENT: WAIT ⏎[Sep 17, 2022, 14:00:25] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 14:00:25] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 14:00:25] EVENT: CONNECTING ⏎[Sep 17, 2022, 14:00:25] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 14:00:25] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 14:00:25] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 14:01:05] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Sep 17, 2022, 14:01:05] Client terminated, restarting in 2000 ms...
⏎[Sep 17, 2022, 14:01:07] EVENT: RECONNECTING ⏎[Sep 17, 2022, 14:01:07] EVENT: RESOLVE ⏎[Sep 17, 2022, 14:01:07] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 14:01:07] EVENT: WAIT ⏎[Sep 17, 2022, 14:01:07] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 14:01:07] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 14:01:07] EVENT: CONNECTING ⏎[Sep 17, 2022, 14:01:07] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 14:01:07] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 14:01:07] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 14:01:25] EVENT: PAUSE ⏎[Sep 17, 2022, 14:01:25] EVENT: RESUME ⏎[Sep 17, 2022, 14:01:25] EVENT: RECONNECTING ⏎[Sep 17, 2022, 14:01:25] EVENT: RESOLVE ⏎[Sep 17, 2022, 14:01:25] Contacting x.x.x.x:1194 via UDP
⏎[Sep 17, 2022, 14:01:25] EVENT: WAIT ⏎[Sep 17, 2022, 14:01:25] WinCommandAgent: transmitting bypass route to x.x.x.x
{
"host" : "x.x.x.x",
"ipv6" : false
}

⏎[Sep 17, 2022, 14:01:25] Connecting to [x.x.x.x]:1194 (x.x.x.x) via UDPv4
⏎[Sep 17, 2022, 14:01:25] EVENT: CONNECTING ⏎[Sep 17, 2022, 14:01:25] Tunnel Options:V4,dev-type tun,link-mtu 1553,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
⏎[Sep 17, 2022, 14:01:25] Creds: Username/PasswordEmpty
⏎[Sep 17, 2022, 14:01:25] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Sep 17, 2022, 14:01:40] EVENT: DISCONNECTED ⏎
Server config
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 192.168.101.2
engine rdrand
tls-server
server 192.168.31.0 255.255.255.0
client-config-dir /var/etc/openvpn/server1/csc
verify-client-cert none
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user UElSSU9TIFJBRElVUw== false server1 1194
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'PS-PR-PFSENSE-01' 1"
lport 1194
management /var/etc/openvpn/server1/sock unix
push "route 10.0.0.0 255.0.0.0"
push "route 172.16.0.0 255.240.0.0"
push "route 192.168.0.0 255.255.0.0"
push "dhcp-option DNS 10.10.10.10"
push "dhcp-option DNS 10.10.10.11"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
push "block-outside-dns"
push "register-dns"
remote-cert-tls client
capath /var/etc/openvpn/server1/ca
cert /var/etc/openvpn/server1/cert
key /var/etc/openvpn/server1/key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1/tls-auth 0
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
allow-compression no
persist-remote-ip
float
topology subnet
explicit-exit-notify 1
inactive 300
client config
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote x.x.x.x 1194 udp4
nobind
auth-user-pass
remote-cert-tls server
explicit-exit-notify

User avatar
imjebran
OpenVPN Power User
Posts: 74
Joined: Tue Jul 03, 2012 10:38 am

Re: OpenVPN Client cannot reconect (UDP and Radius/LDAP)

Post by imjebran » Wed Oct 05, 2022 1:43 pm

Code: Select all

tls-auth /var/etc/openvpn/server1/tls-auth 0
Disable this and try again. the Tls-auth required renegotiation on each connection.

User avatar
ordex
OpenVPN Inc.
Posts: 425
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: OpenVPN Client cannot reconect (UDP and Radius/LDAP)

Post by ordex » Wed Oct 05, 2022 1:55 pm

imjebran wrote:
Wed Oct 05, 2022 1:43 pm

Code: Select all

tls-auth /var/etc/openvpn/server1/tls-auth 0
Disable this and try again. the Tls-auth required renegotiation on each connection.
tls-auth is not "negotiated". it is only an envelope around control packets, to be sure they are sent by who owns the key.

In the UDP case the explicit-exit-notify option should be enough to inform all clients that the server is disconnecting.

Post Reply