[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] strange connection problem

  • Subject: Re: [Openvpn-users] strange connection problem
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Fri, 25 Jan 2008 23:59:30 +0100

opvpn@xxxxxxxxxxxx wrote:
> 		Hello,
> 	I have a very strange problem and need confirmation of the solving idea 
> or another one.
> 	I have one user with an openvpn configuration that works fine when the 
> user connect from Austria, France, Slovakia and so on.
> 	But last week, he goes to Ukraine and the openvpn doesn't work, the log 
> on the server said :
> Wed Jan 16 09:28:41 2008 us=897519 TLS: Initial 
> packet from, sid=c8ef778c de50a23c
> Wed Jan 16 09:29:41 2008 us=588371 TLS Error: TLS 
> key negotiation failed to occur within 60 seconds (check your network 
> connectivity)
> Wed Jan 16 09:29:41 2008 us=588402 TLS Error: TLS 
> handshake failed
> 	I mean that the VPN client manage to connect to the openvpn server, the 
> server start the TLS negociation but this packet doesn't arrive on the 
> client. Is it right ?
that is the most likely reason, yes. Most likely the client is either on 
a badly responding wireless network (that's when I get most of these 
errors) or the client is behind a NAT'ting firewall that does not 
translate UDP ports correctly. Have you tried using 'TCP'? Most 
firewalls are more TCP-friendly.
> 	And after, why ? Does a MTU "problem" can have this behaviour ? 
> (because I have problem with another country but, the behaviour was 
> different : the VPN is ok, the user can ping the server but can connect 
> on it. and I solve the problem with changing the MTU of the tunnel).
> 	(Just to confirm my idea because now I can't make some tests).
OpenVPN's MTU does not come into play at this time. MTU negotiation 
takes place at a later stage. Right now, it looks like the server cannot 
talk back to the client.

OpenVPN mailing lists