TLS Error: TLS key negotiation failed to occur within 60 seconds

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Opencaxo
OpenVpn Newbie
Posts: 2
Joined: Wed Sep 14, 2011 2:00 pm

TLS Error: TLS key negotiation failed to occur within 60 seconds

Post by Opencaxo » Fri Dec 23, 2022 1:23 pm

I happen to get this error when trying to connect to my windows 2019 server with open vpn
The VPN works great but sometimes this error suddenly appears
Often restarting the server fixes it but I can't always restart an operational server.
I tried to reinstall open vpn, restart the service, restart the tap tab, but I can't get it to work I have to restart the whole server.

Fri Dec 23 14:16:06 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Dec 23 14:16:06 2022 TLS Error: TLS handshake failed

_client log




Fri Dec 23 14:15:06 2022 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Fri Dec 23 14:15:06 2022 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022
Fri Dec 23 14:15:06 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Dec 23 14:15:06 2022 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Fri Dec 23 14:15:06 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Dec 23 14:15:06 2022 Need hold release from management interface, waiting...
Fri Dec 23 14:15:06 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'state on'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'log all on'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'echo all on'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'bytecount 5'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'hold off'
Fri Dec 23 14:15:06 2022 MANAGEMENT: CMD 'hold release'
Fri Dec 23 14:15:06 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 23 14:15:06 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 23 14:15:06 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:61195
Fri Dec 23 14:15:06 2022 Socket Buffers: R=[65333->65333] S=[65333->65333]
Fri Dec 23 14:15:06 2022 UDP link local: (not bound)
Fri Dec 23 14:15:06 2022 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:61195
Fri Dec 23 14:15:06 2022 MANAGEMENT: >STATE:1671801306,WAIT,,,,,,
Fri Dec 23 14:16:06 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Dec 23 14:16:06 2022 TLS Error: TLS handshake failed
Fri Dec 23 14:16:06 2022 SIGUSR1[soft,tls-error] received, process restarting
Fri Dec 23 14:16:06 2022 MANAGEMENT: >STATE:1671801366,RECONNECTING,tls-error,,,,,
Fri Dec 23 14:16:06 2022 Restart pause, 5 second(s)

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: TLS Error: TLS key negotiation failed to occur within 60 seconds

Post by openvpn_inc » Fri Dec 23, 2022 1:45 pm

Hello Opencaxo,

When you say restarting the server helps, do you mean the entire operating system, or just the OpenVPN server process? Because you could try just restarting the OpenVPN server process and see if that helps instead of restarting the entire operating system. If however the only way to solve it is to restart the entire operating system, you can already conclude that the problem is not in OpenVPN, but in something external to it, like a firewall or such.

The messages in the logs indicate that the server could not be properly contacted. That would also seem to indicate an underlying connection problem.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Opencaxo
OpenVpn Newbie
Posts: 2
Joined: Wed Sep 14, 2011 2:00 pm

Re: TLS Error: TLS key negotiation failed to occur within 60 seconds

Post by Opencaxo » Fri Dec 23, 2022 2:25 pm

The server connects very well it is a web server I use open vpn for rdp access and mysql management
Just restarting the service doesn't change anything. only with reboot of the whole machine open vpn server starts again.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: TLS Error: TLS key negotiation failed to occur within 60 seconds

Post by openvpn_inc » Fri Dec 23, 2022 6:13 pm

Hello Opencaxo,

That is a strong indication that the issue may not be with OpenVPN, but with the system it is running on. There seems to be something that decides, okay, now OpenVPN just doesn't get to have a working connection anymore. Possibly a firewall issue going on here. You could use network analysis tools like Wireshark or tcpdump to confirm whether or not there is normal connectivity possible or not.

From OpenVPN client perspective it basically comes down to "I can't reach this OpenVPN server".

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply