You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have tried several configurations of *.ovpn-files but the udp protocol seems working only for about 6 hours.
I'm using openvpn-client version 2.5.1 arm-unknown-linux-gnueabihf with OpenSSL 1.1.1n on a RaspberryPi 4 (Debian 11 Bullyseye).
After some hours of working the client fails with the following Error, initiated by TLS-Key expiration:
VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
VERIFY KU OK
Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK
VERIFY OK: depth=0, CN=de809.nordvpn.com
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
TLS: tls_process: killed expiring key
VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
VERIFY KU OK
Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK
VERIFY OK: depth=0, CN=de809.nordvpn.com
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
TLS: tls_process: killed expiring key
[de809.nordvpn.com] Inactivity timeout (--ping-restart), restarting
SIGUSR1[soft,ping-restart] received, process restarting
Restart pause, 5 second(s)
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TCP/UDP: Preserving recently used remote address: [AF_INET]***IP***
Socket Buffers: R=[180224->360448] S=[180224->360448]
UDP link local: (not bound)
UDP link remote: [AF_INET]***IP***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TCP/UDP: Preserving recently used remote address: [AF_INET]***IP***
Socket Buffers: R=[180224->360448] S=[180224->360448]
UDP link local: (not bound)
UDP link remote: [AF_INET]***IP***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
As you can see it hangs on a restart loop with TLS authentication failing over time. Of course, the internet connection got interrupted, since I am routing my network traffic over VPN (which does the client automatically).
Surprisingly, the TCP-Protocol works all the time.
Might the packet loss of udp be the cause?
I researched a lot and also looked at Troubleshooting Open-VPN-Client but can't find a possible, acceptable solution. It seems like others have this issue too.
A very inefficient and poor, for me unacceptable, solution would be to monitor the network connection all the time and restart the whole openvpn-client-service, when the internet connection gets interrupted.
Thanks in advance, if anyone can help or fix this!
The text was updated successfully, but these errors were encountered:
I have tried several configurations of *.ovpn-files but the udp protocol seems working only for about 6 hours.
I'm using openvpn-client version 2.5.1 arm-unknown-linux-gnueabihf with OpenSSL 1.1.1n on a RaspberryPi 4 (Debian 11 Bullyseye).
After some hours of working the client fails with the following Error, initiated by TLS-Key expiration:
As you can see it hangs on a restart loop with TLS authentication failing over time. Of course, the internet connection got interrupted, since I am routing my network traffic over VPN (which does the client automatically).
Surprisingly, the TCP-Protocol works all the time.
Might the packet loss of udp be the cause?
I researched a lot and also looked at Troubleshooting Open-VPN-Client but can't find a possible, acceptable solution. It seems like others have this issue too.
A very inefficient and poor, for me unacceptable, solution would be to monitor the network connection all the time and restart the whole openvpn-client-service, when the internet connection gets interrupted.
Thanks in advance, if anyone can help or fix this!
The text was updated successfully, but these errors were encountered: