I happen to get this error when trying to connect to my windows 2019 server with open vpn
The VPN works great but sometimes this error suddenly appears
Often restarting the server fixes it but I can't always restart an operational server.
I tried to reinstall open vpn, restart the service, restart the tap tab, but I can't get it to work I have to restart the whole server.
Fri Dec 23 14:16:06 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Dec 23 14:16:06 2022 TLS Error: TLS handshake failed
_client log
Fri Dec 23 14:15:06 2022 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Fri Dec 23 14:15:06 2022 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022
Fri Dec 23 14:15:06 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Dec 23 14:15:06 2022 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Fri Dec 23 14:15:06 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Dec 23 14:15:06 2022 Need hold release from management interface, waiting...
Fri Dec 23 14:15:06 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'state on'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'log all on'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'echo all on'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'bytecount 5'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'hold off'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'hold release'
Fri Dec 23 14:15:06 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 23 14:15:06 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 23 14:15:06 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:61195
Fri Dec 23 14:15:06 2022 Socket Buffers: R=[65333->65333] S=[65333->65333]
Fri Dec 23 14:15:06 2022 UDP link local: (not bound)
Fri Dec 23 14:15:06 2022 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:61195
Fri Dec 23 14:15:06 2022 MANAGEMENT: >STATE:1671801306,WAIT,,,,,,
Fri Dec 23 14:16:06 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Dec 23 14:16:06 2022 TLS Error: TLS handshake failed
Fri Dec 23 14:16:06 2022 SIGUSR1[soft,tls-error] received, process restarting
Fri Dec 23 14:16:06 2022 MANAGEMENT: >STATE:1671801366,RECONNECTING,tls-error,,,,,
Fri Dec 23 14:16:06 2022 Restart pause, 5 second(s)
TLS Error: TLS key negotiation failed to occur within 60 seconds
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Sep 14, 2011 2:00 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: TLS Error: TLS key negotiation failed to occur within 60 seconds
Hello Opencaxo,
When you say restarting the server helps, do you mean the entire operating system, or just the OpenVPN server process? Because you could try just restarting the OpenVPN server process and see if that helps instead of restarting the entire operating system. If however the only way to solve it is to restart the entire operating system, you can already conclude that the problem is not in OpenVPN, but in something external to it, like a firewall or such.
The messages in the logs indicate that the server could not be properly contacted. That would also seem to indicate an underlying connection problem.
Kind regards,
Johan
When you say restarting the server helps, do you mean the entire operating system, or just the OpenVPN server process? Because you could try just restarting the OpenVPN server process and see if that helps instead of restarting the entire operating system. If however the only way to solve it is to restart the entire operating system, you can already conclude that the problem is not in OpenVPN, but in something external to it, like a firewall or such.
The messages in the logs indicate that the server could not be properly contacted. That would also seem to indicate an underlying connection problem.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Sep 14, 2011 2:00 pm
Re: TLS Error: TLS key negotiation failed to occur within 60 seconds
The server connects very well it is a web server I use open vpn for rdp access and mysql management
Just restarting the service doesn't change anything. only with reboot of the whole machine open vpn server starts again.
Just restarting the service doesn't change anything. only with reboot of the whole machine open vpn server starts again.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: TLS Error: TLS key negotiation failed to occur within 60 seconds
Hello Opencaxo,
That is a strong indication that the issue may not be with OpenVPN, but with the system it is running on. There seems to be something that decides, okay, now OpenVPN just doesn't get to have a working connection anymore. Possibly a firewall issue going on here. You could use network analysis tools like Wireshark or tcpdump to confirm whether or not there is normal connectivity possible or not.
From OpenVPN client perspective it basically comes down to "I can't reach this OpenVPN server".
Kind regards,
Johan
That is a strong indication that the issue may not be with OpenVPN, but with the system it is running on. There seems to be something that decides, okay, now OpenVPN just doesn't get to have a working connection anymore. Possibly a firewall issue going on here. You could use network analysis tools like Wireshark or tcpdump to confirm whether or not there is normal connectivity possible or not.
From OpenVPN client perspective it basically comes down to "I can't reach this OpenVPN server".
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support