11399 questions

13582 answers

21280 comments

31963 members

0 votes
90 views 1 comments
by
Good morning, everyone,
We have recently experienced problems with OpenVPN on several RUT955s. All at the same time the RUT955s stopped connecting to OpenVPN, while others remained connected to the same VPN. To restore the connection to OpenVPN (the certificate server is ours) it was necessary to reset these routers to factory configuration and reload the previous configuration including the certificates themselves. This caused us a major disruption and the need to go to each router to reconfigure them.
All of the affected routers, even with a SIM of another telephone operator, were unable to reconnect to the VPN. Those that did show that they were connected, however, were unable to acquire an IP address. The server log indicated that the TLS handshake failed, despite the fact that these routers had functioned perfectly for about a year, remaining connected to the VPN or automatically re-establishing the connection in the event of a drop.
In the office, we tried loading the same configuration and VPN keys on the routers that had this problem and found no malfunctions.
All the routers at the time of the problem contained SIM cards from the same telephone operator (TIM Italy - Telecom Italia Mobile).
What could have caused this problem?
If necessary I can attach the complete router logs and the OpenVPN server logs.

Thank you in advance

1 Answer

0 votes
by
Hello,

Could you please provide the the logs, where this disruption would be visible?

Best regards,
by

This is the log of a router trying to connext to the VPN:

Thu Sep 22 17:29:29 2022 daemon.err openvpn(client_alfa)[8732]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Sep 22 17:29:29 2022 daemon.err openvpn(client_alfa)[8732]: TLS Error: TLS handshake failed
Thu Sep 22 17:29:29 2022 daemon.notice openvpn(client_alfa)[8732]: TCP/UDP: Closing socket
Thu Sep 22 17:29:29 2022 daemon.notice openvpn(client_alfa)[8732]: SIGUSR1[soft,tls-error] received, process restarting
Thu Sep 22 17:29:29 2022 daemon.notice openvpn(client_alfa)[8732]: Restart pause, 5 second(s)
Thu Sep 22 17:29:34 2022 daemon.warn openvpn(client_alfa)[8732]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Re-using SSL/TLS context
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: LZO compression initializing
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.34.236.90:1194
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: UDP link local: (not bound)
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: UDP link remote: [AF_INET]89.34.236.90:1194
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: TLS: Initial packet from [AF_INET]89.34.236.90:1194, sid=ff46edf9 22aa69cb
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: VERIFY OK: depth=1, C=IT, ST=VA, L=Varese, O=*************, OU=MyOrganizationalUnit, CN=*************CA, name=server, emailAddress=*************
Thu Sep 22 17:29:34 2022 daemon.notice openvpn(client_alfa)[8732]: VERIFY OK: depth=0, C=IT, ST=VA, L=Varese, O=*************, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=*************

https://community.teltonika-networks.com/?qa=blob&qa_blobid=9031169556095787425

https://community.teltonika-networks.com/?qa=blob&qa_blobid=17664010032941447776

Here the link of the logs. The problem occured around 00:50-01:05AM on 21 september 2022.

Thank you very much