TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
heap
OpenVPN User
Posts: 22
Joined: Mon Oct 21, 2019 8:48 am

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Post by heap » Tue Dec 13, 2022 2:44 am

Hello,
my vpn server-client was working fine, i didnt touch FW, nat, forwards basically nothing ... and now my clients XXXX/BBB... cant connect to the server anymore.

I checked, port forwards, NAT ... all seems to be okay.. but client just cant connect ;( also i am getting on android (clinet) error as attached.

Anyone have any idea what is that issue? i went thru https://openvpn.net/community-resources/how-to/ but i dont think its my case ;/

Thank you so much.
openvpn Server is running on ubuntu 22.04, clients on old linux ... and i am not sure when i executed on ubuntu apt-update but seems recently.

android client error /
https://imgur.com/a/q4IJGcL



log while openvpn server got restarted

Code: Select all

Dec 13 03:12:12 roon-core ovpn-server-tun[863]: SIGTERM[hard,] received, process exiting
Dec 13 03:12:12 roon-core systemd[1]: openvpn@server-tun.service: Deactivated successfully.
Dec 13 03:12:12 roon-core systemd[1]: Stopped OpenVPN connection to server-tun.
Dec 13 03:12:12 roon-core systemd[1]: Starting OpenVPN connection to server-tun...
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-CBC). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Dec 13 03:12:12 roon-core systemd[1]: Started OpenVPN connection to server-tun.
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_route_v4_best_gw query: dst 0.0.0.0
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_route_v4_best_gw result: via 10.0.1.1 dev ens160
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: Diffie-Hellman initialized with 2048 bit key
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: WARNING: Your certificate has expired!
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_route_v4_best_gw query: dst 0.0.0.0
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_route_v4_best_gw result: via 10.0.1.1 dev ens160
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: ROUTE_GATEWAY 10.0.1.1/255.255.255.0 IFACE=ens160 HWADDR=00:0c:29:92:ec:54
Dec 13 03:12:12 roon-core networkd-dispatcher[859]: WARNING:Unknown index 6 seen, reloading interface list
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: TUN/TAP device tun1 opened
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_iface_mtu_set: mtu 1500 for tun1
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_iface_up: set tun1 up
Dec 13 03:12:12 roon-core charon: 14[KNL] interface tun1 activated
Dec 13 03:12:12 roon-core systemd-networkd[837]: tun1: Link UP
Dec 13 03:12:12 roon-core systemd-networkd[837]: tun1: Gained carrier
Dec 13 03:12:12 roon-core charon: 07[KNL] fe80::7858:10bf:b608:76c2 appeared on tun1
Dec 13 03:12:12 roon-core systemd-networkd[837]: tun1: Gained IPv6LL
Dec 13 03:12:12 roon-core systemd-udevd[1632]: Using default interface naming scheme 'v249'.
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_addr_ptp_v4_add: 10.9.0.1 peer 10.9.0.2 dev tun1
Dec 13 03:12:12 roon-core charon: 06[KNL] 10.9.0.1 appeared on tun1
]Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: net_route_v4_add: 10.9.0.0/24 via 10.9.0.2 dev [NULL] table 0 metric -1
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: UDPv4 link local (bound): [AF_INET][undef]:1196
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: UDPv4 link remote: [AF_UNSPEC]
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: GID set to nogroup
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: UID set to nobody
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: MULTI: multi_init called, r=256 v=256
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: IFCONFIG POOL IPv4: base=10.9.0.4 size=62
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: IFCONFIG POOL LIST
Dec 13 03:12:12 roon-core ovpn-server-tun[1636]: Initialization Sequence Completed

edit2:
seems that server cert expired ;(

Not After : Dec 7 21:06:05 2022 GMT

can i somehow extend it?


log is from old linux clients. ..

Code: Select all

Dec 13 02:35:40 roon-core ovpn-server-tun[587190]: XXXXX:55297 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: XXXXX:47891 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: XXXXX:47891 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: XXXXX:47891 TLS: Initial packet from [AF_INET]XXXXX:47891, sid=2640b040 e7132a4a
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: BBBBBB:47563 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: BBBBBB:47563 TLS Error: TLS handshake failed
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: BBBBBB:47563 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: BBBBBB:45370 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: BBBBBB:45370 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 02:35:41 roon-core ovpn-server-tun[587190]: BBBBBB:45370 TLS: Initial packet from [AF_INET]BBBBBB:45370, sid=70ff5012 52192205
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: BBBBBB:36573 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: BBBBBB:36573 TLS Error: TLS handshake failed
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: BBBBBB:36573 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: XXXXX:57343 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: XXXXX:57343 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: XXXXX:57343 TLS: Initial packet from [AF_INET]XXXXX:57343, sid=03f9e783 f06e2771
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: XXXXX:45266 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: XXXXX:45266 TLS Error: TLS handshake failed
Dec 13 02:35:43 roon-core ovpn-server-tun[587190]: XXXXX:45266 SIGUSR1[soft,tls-error] received, client-instance restarting

heap
OpenVPN User
Posts: 22
Joined: Mon Oct 21, 2019 8:48 am

Re: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

Post by heap » Tue Dec 13, 2022 3:34 am

so i tried to create new server cert...
after that i run:

Code: Select all

openssl x509 -in ca.crt -days 36500 -out ca_new.crt -signkey ca.key

this creates a new file ca_new.crt which is signed by your EXISTING ca.key


seems it doesnt work ;-(

Post Reply