[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: TLS Error: local/remote TLS keys are out of sync


  • Subject: Re: [Openvpn-users] Re: TLS Error: local/remote TLS keys are out of sync
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Wed, 1 Dec 2004 10:23:23 -0700 (MST)


On Wed, 1 Dec 2004, Charles Duffy wrote:

> On Wed, 01 Dec 2004 08:33:23 +0000, Steve Shellswell wrote:
> 
> > I am still struggling with this. Please can anyone shed any light on the 
> > error message?
> > 
> > TLS Error: local/remote TLS keys are out of sync: 1.2.3.4:1194 [0]
> 
> I don't know the error, but the code that would result in the different
> (desired) path being taken follows:
> 
>               if (DECRYPT_KEY_ENABLED (multi, ks)
>                   && key_id == ks->key_id
>                   && ks->authenticated
>                   && addr_port_match(from, &ks->remote_addr))

This is the basic test of TLS state compatibility between a local OpenVPN 
instance and its remote peer.

If the test fails, it tells us that we are getting a packet from a source
which claims reference to a prior negotiated TLS session, but the local
OpenVPN instance has no memory of such a negotiation.

It almost always occurs on UDP sessions when the passive side of the
connection is restarted without the active side restarting as well (The 
passive side is the server which only listens for the connections, the 
active side is the client which initiates connections).

James

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users