Page 1 of 1
Bypass/Allow even with TLS error?
Posted: Mon Apr 08, 2019 10:07 pm
by TommyKL
I have a situation where we need to get into a remote client in order to diagnose a problem so that we can fix it.
The only way into it is via VPN otherwise we need to drive 7hrs to log into it directly.
We see that the client keeps trying to connect and it looks like certs have gotten out of sync somehow.
Is there a way to allow the client to connect to the server even though it is experiencing a TLS/cert problem?
Mon Apr 8 15:04:19 2019 us=979804 184.96.204.8:41293 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Apr 8 15:04:26 2019 us=27308 184.96.204.8:58319 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 8 15:04:26 2019 us=27384 184.96.204.8:58319 TLS Error: TLS handshake failed
Re: Bypass/Allow even with TLS error?
Posted: Mon Apr 08, 2019 11:12 pm
by TinCanTech
TommyKL wrote: ↑Mon Apr 08, 2019 10:07 pm
Is there a way to allow the client to connect to the server even though it is experiencing a TLS/cert problem?
No.
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 12:52 am
by mdibella
I think that error is referring to static key negotiation. Did you try turning off TLS-auth on the server?
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 3:04 am
by TinCanTech
mdibella wrote: ↑Tue Apr 09, 2019 12:52 am
Did you try
turning off TLS-auth on the server?
That is a
stupid idea ..
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 5:18 pm
by TommyKL
I'm not sure what is stupid, my requirement or the suggestion being offered>
As I explained, I only need to allow the client one time so we can find out what's going on with it without having to travel 7hrs to log into it.
The problem is not with the vpn, it's something else but if I could ssh into the darn thing I could find out what the problem is without having to go there.
Turning off auth doesn't allow the client to connect. I think this cannot work anyhow since the client IS using TLS.
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 6:17 pm
by TinCanTech
TinCanTech wrote: ↑Tue Apr 09, 2019 3:04 am
mdibella wrote: ↑Tue Apr 09, 2019 12:52 am
Did you try
turning off TLS-auth on the server?
That is a
stupid idea ..
TommyKL wrote: ↑Tue Apr 09, 2019 5:18 pm
I'm not sure what is stupid
<..>
Turning off auth doesn't allow the client to connect. I think this cannot work anyhow since the client IS using TLS.
Need I say more ..
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 7:13 pm
by TommyKL
Sure, you can tell us if there is a way, that would be nice.
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 8:33 pm
by TinCanTech
There is no way to disable your server security to diagnose an incorrectly configured client.
But you could post your server log as prescribed .. Please see:
viewtopic.php?f=30&t=22603
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 8:40 pm
by TommyKL
I'm not sure what the link to how to post is for since I explained the situation but I do appreciate that you have confirmed it cannot be done.
Thanks.
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 8:59 pm
by Pippin
If their is no other way to remote in, maybe someone local to the client can solve it?
Re: Bypass/Allow even with TLS error?
Posted: Tue Apr 09, 2019 9:04 pm
by TommyKL
The vpn broke because of a script running on the device. I'm trying to get into the device without restarting it so I can see the exact state it is in.
Having someone restart it will get it back online but won't answer what went wrong
.