[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] What causes connection reset errors?


  • Subject: Re: [Openvpn-users] What causes connection reset errors?
  • From: Yan Seiner <yan@xxxxxxxxxx>
  • Date: Thu, 15 Nov 2007 18:18:44 -0800

Yan Seiner wrote:
> Seems like I'm not the only one....
>
> <http://sourceforge.net/mailarchive/forum.php?thread_name=455A2EBF.1010600%40Explosivo.com&forum_name=openvpn-users>
> <http://www.debianforum.de/forum/viewtopic.php?p=570168>
>
>
> And some others in German and Chinese.. Neither of which I read.
>
> Can anyone provide any info?  Any suggestions?
>
> This is getting somewhat desperate.
>   

RESOLVED!

The clock on the client was getting reset to Jan 1 2000 so the TLS cert 
was 'in the future'.

This begs the question:

Why did it connect *sometimes*?  If the certificate is invalid (out of 
date) it should *never* connect.  So should this be reported as a bug in 
openvpn?  tls/ssl?  The date was January 1 2000 when it connected.  It 
would try hundreds of times and then succeed.

And a feature request:

Since the client was inaccessible while this was going on, I had no way 
to know this was the problem.  Would it be possible to propagate the 
reason for failure to the server?  Even just a simple numerical code 
rather than just a 'connection reset'.

(The only way I was able to diagnose this is to install vtun on the 
client when it came up, then connect via that 'back door' and diagnose 
the failure.)
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users