Bypass/Allow even with TLS error?

[TommyKL]

I have a situation where we need to get into a remote client in order to diagnose a problem so that we can fix it.
The only way into it is via VPN otherwise we need to drive 7hrs to log into it directly.

We see that the client keeps trying to connect and it looks like certs have gotten out of sync somehow.
Is there a way to allow the client to connect to the server even though it is experiencing a TLS/cert problem?

Mon Apr 8 15:04:19 2019 us=979804 184.96.204.8:41293 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Apr 8 15:04:26 2019 us=27308 184.96.204.8:58319 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 8 15:04:26 2019 us=27384 184.96.204.8:58319 TLS Error: TLS handshake failed

[TinCanTech]

Is there a way to allow the client to connect to the server even though it is experiencing a TLS/cert problem?

No.

[mdibella]

I think that error is referring to static key negotiation. Did you try turning off TLS-auth on the server?

[TinCanTech]

Did you try turning off TLS-auth on the server?

That is a stupid idea ..

[TommyKL]

I'm not sure what is stupid, my requirement or the suggestion being offered>
As I explained, I only need to allow the client one time so we can find out what's going on with it without having to travel 7hrs to log into it.
The problem is not with the vpn, it's something else but if I could ssh into the darn thing I could find out what the problem is without having to go there.

Turning off auth doesn't allow the client to connect. I think this cannot work anyhow since the client IS using TLS.

[TinCanTech]

Did you try turning off TLS-auth on the server?

That is a stupid idea ..

I'm not sure what is stupid
<..>
Turning off auth doesn't allow the client to connect. I think this cannot work anyhow since the client IS using TLS.

Need I say more ..

[TommyKL]

Sure, you can tell us if there is a way, that would be nice.

[TinCanTech]

There is no way to disable your server security to diagnose an incorrectly configured client.

But you could post your server log as prescribed .. Please see:
viewtopic.php?f=30&t=22603

[TommyKL]

I'm not sure what the link to how to post is for since I explained the situation but I do appreciate that you have confirmed it cannot be done.

Thanks.

[Pippin]

If their is no other way to remote in, maybe someone local to the client can solve it?

[TommyKL]

The vpn broke because of a script running on the device. I'm trying to get into the device without restarting it so I can see the exact state it is in.
Having someone restart it will get it back online but won't answer what went wrong .