[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

[Openvpn-users] how to modify TLS key negotiation handshake timeout

Subject: [Openvpn-users] how to modify TLS key negotiation handshake timeout
From: Francois Rolland <francois.rolland@xxxxxxx>
Date: Mon, 8 Jan 2007 17:56:56 +0100

Hello list

I have troubles in establishing an openvpn connection between Europa and 
Asia. The ping latency is very long : often more than 650 ms

The TLS key negotiation cannot be established before the timeout of 60 
seconds 

Here is my server logfile :

Mon Jan 08 16:54:22 2007 us=559208 MULTI: multi_create_instance called
Mon Jan 08 16:54:22 2007 us=559281 58.xx.xx.xx:1377 Re-using SSL/TLS 
context
Mon Jan 08 16:54:22 2007 us=559351 58.xx.xx.xx:1377 LZO compression 
initialized
Mon Jan 08 16:54:22 2007 us=559475 58.xx.xx.xx:1377 Control Channel MTU 
parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Jan 08 16:54:22 2007 us=559500 58.xx.xx.xx:1377 Data Channel MTU parms 
[ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jan 08 16:54:22 2007 us=559563 58.xx.xx.xx:1377 Local Options String: 
'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 
0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Mon Jan 08 16:54:22 2007 us=559881 58.xx.xx.xx:1377 Expected Remote 
Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto 
UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 
128,tls-auth,key-method 2,tls-client'
Mon Jan 08 16:54:22 2007 us=559917 58.xx.xx.xx:1377 Local Options hash 
(VER=V4): '14168603'
Mon Jan 08 16:54:22 2007 us=559946 58.xx.xx.xx:1377 Expected Remote 
Options hash (VER=V4): '504e774e'
Mon Jan 08 16:54:22 2007 us=559996 58.xx.xx.xx:1377 TLS: Initial packet 
from 58.xx.xx.xx:1377, sid=70e0381a 328656cd
Mon Jan 08 16:55:22 2007 us=351177 read UDPv4: Connection reset by peer 
(WSAECONNRESET) (code=10054)
Mon Jan 08 16:55:22 2007 us=354787 read UDPv4: Connection reset by peer 
(WSAECONNRESET) (code=10054)
Mon Jan 08 16:55:22 2007 us=882099 58.xx.xx.xx:1377 TLS Error: TLS key 
negotiation failed to occur within 60 seconds (check your network 
connectivity)
Mon Jan 08 16:55:22 2007 us=882139 58.xx.xx.xx:1377 TLS Error: TLS 
handshake failed
Mon Jan 08 16:55:22 2007 us=882359 58.xx.xx.xx:1377 
SIGUSR1[soft,tls-error] received, client-instance restarting

However, from time to time, the connexion can be established (in less than 
one minute), when the ping latency is smaller (450 to 500 ms), so there is 
no problem with keys.


How is it possible to change this timeout ? Or are there other 
configuration parameters to help openvpn deel with high latency ?

Thanks

Francois
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Prev by Date: [Openvpn-users] routed vpn only works to endpoint and not other machines
Next by Date: [Openvpn-users] "Fatal Decryption Error" WinXP SP2
Previous by thread: Re: [Openvpn-users] routed vpn only works to endpoint and not other machines
Next by thread: [Openvpn-users] "Fatal Decryption Error" WinXP SP2
Index(es):
- Date
- Thread