OpenVPN connectivity issues

Logwatch was good enough to show me that I had my logs filled with messages like these... repeating themselves over and over ad infinitum:

2007-12-20 09:11:21.037917500 Re-using SSL/TLS context
2007-12-20 09:11:21.037942500 LZO compression initialized
2007-12-20 09:11:21.038038500 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
2007-12-20 09:11:21.038061500 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2007-12-20 09:11:21.038096500 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2007-12-20 09:11:21.038115500 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2007-12-20 09:11:21.038147500 Local Options hash (VER=V4): '14168603'
2007-12-20 09:11:21.038172500 Expected Remote Options hash (VER=V4): '504e774e'
2007-12-20 09:11:21.038221500 TLS: Initial packet from, sid=ae156279 68b55b32
2007-12-20 09:11:24.132401500 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2007-12-20 09:11:24.132458500 TLS Error: TLS handshake failed
2007-12-20 09:11:24.132578500 SIGUSR1[soft,tls-error] received, client-instance restarting
2007-12-20 09:11:25.446516500 MULTI: multi_create_instance called

That's openvpn server complaining that it is getting a connection... and then without a warning another one is started. Worst of all, I had no access to the client logs so I had to guess what's going on.

Good news is, I guessed right. I checked my certificate and it had expired the day before and the clients were dropping the connection as soon as they saw the expired certificate.

I don't know how many times it has been that this has happened now. It was okay with Web, SMTP and IMAP servers since you get a warning in the client but you can still keep working. With OpenVPN it's more subtle than that.

Homework -- figure a way of protecting myself against such errors.


Popular posts from this blog

Installing Gentoo with full disk encryption

ADSL Router Model CT-5367 user and pass (VIVACOM)

FreeIPA cluster with containers