FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
385 views 2 comments
by anonymous
Good morning, everyone,
We have recently experienced problems with OpenVPN on several RUT955s. All at the same time the RUT955s stopped connecting to OpenVPN, while others remained connected to the same VPN. To restore the connection to OpenVPN (the certificate server is ours) it was necessary to reset these routers to factory configuration and reload the previous configuration including the certificates themselves. This caused us a major disruption and the need to go to each router to reconfigure them.
All of the affected routers, even with a SIM of another telephone operator, were unable to reconnect to the VPN. Those that did show that they were connected, however, were unable to acquire an IP address. The server log indicated that the TLS handshake failed, despite the fact that these routers had functioned perfectly for about a year, remaining connected to the VPN or automatically re-establishing the connection in the event of a drop.
In the office, we tried loading the same configuration and VPN keys on the routers that had this problem and found no malfunctions.
All the routers at the time of the problem contained SIM cards from the same telephone operator (TIM Italy - Telecom Italia Mobile).
What could have caused this problem?
If necessary I can attach the complete router logs and the OpenVPN server logs.

Thank you in advance
by anonymous
Hi, did you have any answer about this issue.

I'm having similar problems.

2 Answers

0 votes
by anonymous
Hi, the problem was caused by the mobile operator that, for some reason, stopped supporting a MTU lower than 1500 in the mobile settings. To solve this problem you have to insert another manual APN (for example ibox.tim.it1, instead of ibox.tim.it), then 1500 for the MTU, save the settings, and then reset the APN to the correct value and save again. This procedure resets the APN in the modem module and restarts the connection correctly with the new MTU.
Best answer
0 votes
by anonymous
Hello,

Could you please provide the the logs, where this disruption would be visible?

Best regards,
by anonymous

This is the log of a router trying to connext to the VPN:

Thu Sep 22 17:29:29 2022 daemon.err openvpn(client_alfa)[8732]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Sep 22 17:29:29 2022 daemon.err openvpn(client_alfa)[8732]: TLS Error: TLS handshake failed
Thu Sep 22 17:29:29 2022 daemon.notice openvpn(client_alfa)[8732]: TCP/UDP: Closing socket
Thu Sep 22 17:29:29 2022 daemon.notice openvpn(client_alfa)[8732]: SIGUSR1[soft,tls-error] received, process restarting
Thu Sep 22 17:29:29 2022 daemon.notice openvpn(client_alfa)[8732]: Restart pause, 5 second(s)
Thu Sep 22 17:29:34 2022 daemon.warn openvpn(client_alfa)[8732]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Re-using SSL/TLS context
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: LZO compression initializing
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.34.236.90:1194
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: UDP link local: (not bound)
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: UDP link remote: [AF_INET]89.34.236.90:1194
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: TLS: Initial packet from [AF_INET]89.34.236.90:1194, sid=ff46edf9 22aa69cb
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: VERIFY OK: depth=1, C=IT, ST=VA, L=Varese, O=*************, OU=MyOrganizationalUnit, CN=*************CA, name=server, emailAddress=*************
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: VERIFY OK: depth=0, C=IT, ST=VA, L=Varese, O=*************, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=*************

https://community.teltonika-networks.com/?qa=blob&qa_blobid=9031169556095787425

https://community.teltonika-networks.com/?qa=blob&qa_blobid=17664010032941447776

Here the link of the logs. The problem occured around 00:50-01:05AM on 21 september 2022.

Thank you very much