[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] TLS key nego failed to occur within 60 secs


  • Subject: Re: [Openvpn-users] TLS key nego failed to occur within 60 secs
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Tue, 27 May 2003 02:08:11 -0000

Rudy Koento <rudy_koento@xxxxxxxxx> said:

> Actually, during those errors, I did not even initiate
> a session.  Let me describe my setup a little bit
> more:
> 
> I've set up 2 Linux box, A and B.  A is acting as the
> server and B the client.  The errors I get is at A. 
> Note that I didn't run OpenVPN 24x7 at B, whereas it's
> always on at A.  So is it possible that openVPN
> assumes the tunnel should be on 24x7?

Right, that explains it.  You get errors on A when B is down.  You can quiet
down A by using --mute to cut down on repetitive errors.

James

> 
> --- James Yonan <jim@xxxxxxxxx> wrote:
> > Rudy,
> > 
> > This error occurs if an OpenVPN session can't talk
> > with its peer during the
> > time that SSL/TLS keys are negotiated/renegotiated,
> > which by default are
> > initially on session startup and once per hour
> > thereafter.  It's interesting
> > that your tunnel is still working, despite these
> > errors.  While you could
> > suppress these errors with --verb 0 (make sure to
> > upgrade to 1.4.1 if you use
> > --verb 0), they do indicate that there is some sort
> > of communication problem
> > with the peer.
> > 
> > James
> > 
> > Rudy Koento <rudy_koento@xxxxxxxxx> said:
> > 
> > > This is not really a problem, since the vpn is
> > working
> > > properly (And it was so easy to set up!  Thanks to
> > > openvpn developers!), but my logs keeps on getting
> > > these:
> > > 
> > > May 26 15:49:01 emblin openvpn[26895]: TLS Error:
> > TLS
> > > handshake failed
> > > May 26 15:50:16 emblin openvpn[26895]: TLS Error:
> > TLS
> > > key negotiation failed to occur within 60 seconds
> > > May 26 15:50:16 emblin openvpn[26895]: TLS Error:
> > TLS
> > > handshake failed
> > > May 26 15:51:31 emblin openvpn[26895]: TLS Error:
> > TLS
> > > key negotiation failed to occur within 60 seconds
> > > 
> > > I've already set the log to 1.  Does this mean
> > someone
> > > is trying to connect?  But from netstat, I can't
> > see
> > > any connections trying to establish.
> > > 
> > > I'm using OpenVPN 1.4.0 on RedHat 8.0
> > > 
> > > __________________________________
> > > Do you Yahoo!?
> > > The New Yahoo! Search - Faster. Easier. Bingo.
> > > http://search.yahoo.com
> > > 
> > > 
> > >
> >
> -------------------------------------------------------
> > > This SF.net email is sponsored by: ObjectStore.
> > > If flattening out C++ or Java code to make your
> > application fit in a
> > > relational database is painful, don't do it! Check
> > out ObjectStore.
> > > Now part of Progress Software.
> > http://www.objectstore.net/sourceforge
> > > _______________________________________________
> > > Openvpn-users mailing list
> > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > >
> >
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> > > 
> > 
> > 
> > 
> > -- 
> > 
> > 
> > 
> > 
> > 
> >
> -------------------------------------------------------
> > This SF.net email is sponsored by: ObjectStore.
> > If flattening out C++ or Java code to make your
> > application fit in a
> > relational database is painful, don't do it! Check
> > out ObjectStore.
> > Now part of Progress Software.
> > http://www.objectstore.net/sourceforge
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> >
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 
> 
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: ObjectStore.
> If flattening out C++ or Java code to make your application fit in a
> relational database is painful, don't do it! Check out ObjectStore.
> Now part of Progress Software. http://www.objectstore.net/sourceforge
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



-- 




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users