Bypass/Allow even with TLS error?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Bypass/Allow even with TLS error?
I have a situation where we need to get into a remote client in order to diagnose a problem so that we can fix it.
The only way into it is via VPN otherwise we need to drive 7hrs to log into it directly.
We see that the client keeps trying to connect and it looks like certs have gotten out of sync somehow.
Is there a way to allow the client to connect to the server even though it is experiencing a TLS/cert problem?
Mon Apr 8 15:04:19 2019 us=979804 184.96.204.8:41293 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Apr 8 15:04:26 2019 us=27308 184.96.204.8:58319 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 8 15:04:26 2019 us=27384 184.96.204.8:58319 TLS Error: TLS handshake failed
The only way into it is via VPN otherwise we need to drive 7hrs to log into it directly.
We see that the client keeps trying to connect and it looks like certs have gotten out of sync somehow.
Is there a way to allow the client to connect to the server even though it is experiencing a TLS/cert problem?
Mon Apr 8 15:04:19 2019 us=979804 184.96.204.8:41293 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Apr 8 15:04:26 2019 us=27308 184.96.204.8:58319 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 8 15:04:26 2019 us=27384 184.96.204.8:58319 TLS Error: TLS handshake failed
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVPN Power User
- Posts: 51
- Joined: Thu Dec 13, 2018 11:15 pm
Re: Bypass/Allow even with TLS error?
I think that error is referring to static key negotiation. Did you try turning off TLS-auth on the server?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: Bypass/Allow even with TLS error?
I'm not sure what is stupid, my requirement or the suggestion being offered>
As I explained, I only need to allow the client one time so we can find out what's going on with it without having to travel 7hrs to log into it.
The problem is not with the vpn, it's something else but if I could ssh into the darn thing I could find out what the problem is without having to go there.
Turning off auth doesn't allow the client to connect. I think this cannot work anyhow since the client IS using TLS.
As I explained, I only need to allow the client one time so we can find out what's going on with it without having to travel 7hrs to log into it.
The problem is not with the vpn, it's something else but if I could ssh into the darn thing I could find out what the problem is without having to go there.
Turning off auth doesn't allow the client to connect. I think this cannot work anyhow since the client IS using TLS.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Bypass/Allow even with TLS error?
Need I say more ..
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: Bypass/Allow even with TLS error?
Sure, you can tell us if there is a way, that would be nice.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Bypass/Allow even with TLS error?
There is no way to disable your server security to diagnose an incorrectly configured client.
But you could post your server log as prescribed .. Please see:
viewtopic.php?f=30&t=22603
But you could post your server log as prescribed .. Please see:
viewtopic.php?f=30&t=22603
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: Bypass/Allow even with TLS error?
I'm not sure what the link to how to post is for since I explained the situation but I do appreciate that you have confirmed it cannot be done.
Thanks.
Thanks.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Bypass/Allow even with TLS error?
If their is no other way to remote in, maybe someone local to the client can solve it?
-
- OpenVPN User
- Posts: 35
- Joined: Sat Sep 15, 2018 4:44 pm
Re: Bypass/Allow even with TLS error?
The vpn broke because of a script running on the device. I'm trying to get into the device without restarting it so I can see the exact state it is in.
Having someone restart it will get it back online but won't answer what went wrong .
Having someone restart it will get it back online but won't answer what went wrong .