OpenVPN Support Forum

Posted: **Sun Aug 01, 2021 11:29 am**

Hello
If for whatever reason such as pulling the internet cable, my internet gets disconnected for a couple minutes, when the internet is back OpenVPN fails to reconnect and it throws TLS key negotiation failed error, this happens no matter how much i wait, i have to restart the pc for it to connect again.
Here is my config file

Code: Select all

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no
log-append /etc/openvpn/openvpn.log

remote-cert-tls server

auth-user-pass pass.txt
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512

Here I write part of the error :

Code: Select all

TCP/UDP: preserving recently used remote address: [AF_INETJxxx.xxx.xxx:1194]
socket buffers: R=[212992->425904] s=[212992->425904]
UDP link local: (not bound)
UDP link remote: [AFINETJxxx.xxx.xxx.xxx:1194]
TLS Error: TLS key negotitation failed to occur within 60 seconds (check network connectivity)
TSL Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
Restart puase, 5 second

Posted: **Wed Aug 04, 2021 12:20 am**

I' having the same issue. Did you ever figure this out?

Posted: **Wed Aug 04, 2021 6:57 am**

Danran wrote: ↑
Wed Aug 04, 2021 12:20 am
I' having the same issue. Did you ever figure this out?

No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.

Posted: **Thu Aug 05, 2021 9:34 pm**

Ahmadi3D_Ali wrote: ↑
Wed Aug 04, 2021 6:57 am

Danran wrote: ↑
Wed Aug 04, 2021 12:20 am
I' having the same issue. Did you ever figure this out?
No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.

What OS are you running? Im wondering if its an Ubuntu specific issue.

Posted: **Sat Aug 07, 2021 6:23 pm**

Danran wrote: ↑
Thu Aug 05, 2021 9:34 pm

Ahmadi3D_Ali wrote: ↑
Wed Aug 04, 2021 6:57 am

Danran wrote: ↑
Wed Aug 04, 2021 12:20 am
I' having the same issue. Did you ever figure this out?
No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.
What OS are you running? Im wondering if its an Ubuntu specific issue.

I'm using raveOS, its a mining os but its linux based and i think its ubuntu so yeah i think its ubuntu specific, the problem was that open vpn forum didn't have ubuntu or linux section so i posted this thread in windows section

Posted: **Sat Aug 07, 2021 6:41 pm**

Ahmadi3D_Ali wrote: ↑
Sat Aug 07, 2021 6:23 pm
the problem was that open vpn forum didn't have ubuntu or linux section so i posted this thread in windows section

That was smart ..

Posted: **Sun Aug 08, 2021 1:47 pm**

This js your problem not openvpn at all . Whenever your internet is disconnected so do you expecting openvpn still connected on disconnect network? How do it is hide your ip from location ? When first reconnect internet it will show real ip that is normal. .

If you want to hide something dont use internet at all .

Posted: **Tue Aug 10, 2021 5:15 pm**

300000 wrote: ↑
Sun Aug 08, 2021 1:47 pm
This js your problem not openvpn at all . Whenever your internet is disconnected so do you expecting openvpn still connected on disconnect network? How do it is hide your ip from location ? When first reconnect internet it will show real ip that is normal. .

If you want to hide something dont use internet at all .

You are an openvpn expert? This above statment makes zero sense. Please revise?

Posted: **Tue Aug 10, 2021 5:18 pm**

Ahmadi3D_Ali wrote: ↑
Sat Aug 07, 2021 6:23 pm

Danran wrote: ↑
Thu Aug 05, 2021 9:34 pm

Ahmadi3D_Ali wrote: ↑
Wed Aug 04, 2021 6:57 am

No..., and its such an annoying problem too, hopefully more than one person having this issue promotes the question and someone answers it.
What OS are you running? Im wondering if its an Ubuntu specific issue.

I'm using raveOS, its a mining os but its linux based and i think its ubuntu so yeah i think its ubuntu specific, the problem was that open vpn forum didn't have ubuntu or linux section so i posted this thread in windows section

I diverted the problem/solved the issue, by switching to openvpn3 and using the openvpn3-autoload with it enabled on boot by s

Code: Select all

ystemctl enable openvpn3-autoload.service

. With that command on openvpn3, it actually 1. Connects on boot automatically, and 2. Reconnects to the vpn automatically after disconnecting and reconnecting the ethernet cable. Problem solved. Now if I could know how safe/production ready openvpn3 is.

Posted: **Fri Aug 13, 2021 3:55 am**

I dont know how to edit a post, so I'm posting the proper command to enable on boot and after disconnect for openvpn3 here.

Code: Select all

systemctl enable openvpn3-autoload.service

Posted: **Sat Aug 14, 2021 7:11 pm**

Danran wrote: ↑
Fri Aug 13, 2021 3:55 am
I dont know how to edit a post, so I'm posting the proper command to enable on boot and after disconnect for openvpn3 here.
Code: Select all
systemctl enable openvpn3-autoload.service

Nice solution, this solves the issue of having no internet but it seems open vpn doesnt try to reconnect, meaning the ip is exposed, i think we need one more config so now open vpn tries to reconnect infinitly.
If you do not have this problem, maybe u can share you open vpn config so i can try it with yours, thank you.

Posted: **Sun Aug 15, 2021 5:01 pm**

Ahmadi3D_Ali wrote: ↑
Sat Aug 14, 2021 7:11 pm
Danran wrote: ↑
Fri Aug 13, 2021 3:55 am
I dont know how to edit a post, so I'm posting the proper command to enable on boot and after disconnect for openvpn3 here.
Code: Select all
systemctl enable openvpn3-autoload.service
Nice solution, this solves the issue of having no internet but it seems open vpn doesnt try to reconnect, meaning the ip is exposed, i think we need one more config so now open vpn tries to reconnect infinitly.
If you do not have this problem, maybe u can share you open vpn config so i can try it with yours, thank you.

Sure! If I understand you correctly, I DO NOT have this problem. Openvpn3 connects at boot, and then if the internet (or ethernet cable is disconnected), it automatically reconnects to the vpn as soon as the internet cable is plugged back in. My final Configuration for openvpn3 that accomplishes exactly this, is posted below. I also got some help directly on github from the openvpn3 developer, so i'm fairly certin my openvpn configuration is solid, as well as secure. Below are the steps I took to get this all working with openvpn3.

On my vpn Access Server, my additional "Server Config Directives" are as follows:

Code: Select all

resolv-retry infinite
persist-key
persist-tun
keepalive 10 120
explicit-exit-notify 1
push "keepalive 10 120"

On my vpn client, my

Code: Select all

myovpn3.conf

file is located in

Code: Select all

/etc/openvpn3/autoload/myovpn3.conf

, and it looks like this (without the keys & certs):

Code: Select all

client
proto udp
nobind
remote 123.45.678.910
port 1194
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
auth-user-pass
verb 3
push-peer-info
resolv-retry infinite
persist-key
persist-tun
keepalive 10 120

Also, on my vpn client, my

Code: Select all

myovpn3.autoload

file is located at

Code: Select all

/etc/openvpn3/autoload/myovpn3.autoload

, and it looks like this (note: do not delete any parenthesis, but rather just fill in the blanks):

Code: Select all

{
   "autostart": true,
    "name": "TheNameOfMyVpn3",
    "acl": {
        "set-owner": "My-Linux-Username"
    },
    "tunnel": {
        "ipv6": "no",
        "persist": true,
        "dns-fallback": "google",
        "dns-setup-disabled": false
    },
    "user-auth": {
        "username": "MyVpn3UserNameHere",
        "password": "MyVpn3PasswordHere"
    }
}

I have also done a

Code: Select all

sudo chmod 644 /etc/openvpn3/autoload/myovpn3.conf

and a

Code: Select all

sudo chmod 644 /etc/openvpn3/autoload/myovpn3.autoload

to make permissions more restrictive, but not so much that openvpn3 cannot read the files without being root.

Finally, after all of my config files are perfectly formatted and checked over, I run the command

Code: Select all

sudo systemctl enable openvpn3-autoload.service

and then reboot my linux box. Upon reboot, you should automatically be connected to your openvpn server. You can check your ip by running the command

Code: Select all

curl https://ipinfo.io/ip

. After disconnecting the ethernet cable and wifi, your clients vpn (and internet connection in general) will go down and disconnect. Once you reconnect your linux box to the internet via ethernet cable of wifi, your vpn client should automatically reconnect to the vpn without any user interaction what so ever. It does on mine at least.

Let me know if you still have issues, but I hope this helps!

Danran
https://nerd-tech.net

OpenVPN Support Forum

TLS key negotiation fail on reconnect

TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect

Re: TLS key negotiation fail on reconnect