I have a problem with the OpenVPN Service on Windows machines. I set the connect-rety-max value in the config to 1, ergo, retry the connection once then stop. This does not work.
Here is my log
2023-05-03 09:37:30 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-05-03 09:37:30 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-05-03 09:37:30 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-05-03 09:37:30 TCP/UDP: Preserving recently used remote address: [AF_INET]<redacted>
2023-05-03 09:37:30 UDPv4 link local: (not bound)
2023-05-03 09:37:30 UDPv4 link remote: [AF_INET]<redacted>
2023-05-03 09:38:31 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-05-03 09:38:31 TLS Error: TLS handshake failed
2023-05-03 09:38:31 SIGUSR1[soft,tls-error] received, process restarting
2023-05-03 09:38:32 All connections have been connect-retry-max (1) times unsuccessful, exiting
2023-05-03 09:38:32 Exiting due to fatal error
2023-05-03 09:38:41 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-05-03 09:38:41 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-05-03 09:38:41 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-05-03 09:38:41 TCP/UDP: Preserving recently used remote address: [AF_INET]<redacted>
2023-05-03 09:38:41 UDPv4 link local: (not bound)
2023-05-03 09:38:41 UDPv4 link remote: [AF_INET]<redacted>
2023-05-03 09:39:42 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2023-05-03 09:39:42 TLS Error: TLS handshake failed
2023-05-03 09:39:42 SIGUSR1[soft,tls-error] received, process restarting
2023-05-03 09:39:43 All connections have been connect-retry-max (1) times unsuccessful, exiting
2023-05-03 09:39:43 Exiting due to fatal error
This repeats indefinitely. The connect-retry-max setting appears to nominally work in that the connection fails and the client software stops retrying, however, there is something about this running as a Windows service that appears to reset the client software and it goes through the whole process again. How can I stop that behavior from ocurring?
Running OpenVPN as a Windows service: retries connections indefinitely
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
bp81
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 10, 2021 3:14 pm
-
bp81
- OpenVpn Newbie
- Posts: 4
- Joined: Tue Aug 10, 2021 3:14 pm
Re: Running OpenVPN as a Windows service: retries connections indefinitely
Also, here is the config file
dev-node <redacted node name>
dev-type tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry 0
remote <redacted remote server hostname> <redacted remote server port> udp4
nobind
verify-x509-name "<redacted certificate name>" name
remote-cert-tls server
explicit-exit-notify
connect-retry-max 1
<ca>
<redacted ca>
</ca>
<cert>
<redacted certificate>
</cert>
<key>
<redacted private key>
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
<redacted openvpn static key>
</tls-auth>
dev-node <redacted node name>
dev-type tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA256
tls-client
client
resolv-retry 0
remote <redacted remote server hostname> <redacted remote server port> udp4
nobind
verify-x509-name "<redacted certificate name>" name
remote-cert-tls server
explicit-exit-notify
connect-retry-max 1
<ca>
<redacted ca>
</ca>
<cert>
<redacted certificate>
</cert>
<key>
<redacted private key>
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
<redacted openvpn static key>
</tls-auth>