Skip to content
This repository has been archived by the owner on Feb 11, 2020. It is now read-only.

Better error message in case of OpenVPN connection failure #241

Open
jornane opened this issue Oct 25, 2019 · 5 comments
Open

Better error message in case of OpenVPN connection failure #241

jornane opened this issue Oct 25, 2019 · 5 comments

Comments

@jornane
Copy link

jornane commented Oct 25, 2019
edited
Loading

My client suddenly failed asking me to verify that I am using the correct certificate. I as a technical user don't know whether I am using the correct certificate, the client should handle that for me. A less technical user wouldn't know either. The error should therefore be handled by the client.

In this case, clicking OK and trying again solved the problem for me, but I don't know if the client did anything in the background.

I noticed the string in the source code here:

macos/eduVPN/ConnectionService.swift

Line 85 in 4fea6a0

return NSLocalizedString("Verify that you are using the correct certificate and try again.", comment: "")

@jornane
Copy link
Author

jornane commented Nov 27, 2019

Apparently, this error is a generic "Something went wrong with OpenVPN"-error, since a user where OpenVPN failed to connect due to timeout got the same error.

@jornane jornane changed the title Verify you are using the correct certificate Better error message in case of OpenVPN connection failure Nov 27, 2019
@ghost
Copy link

ghost commented Nov 27, 2019

The problem was a server clock issue, i.e. the server was not using NTP. As the Norwegian deploy(s) use two machines, it is very important that the time between those server is the same to avoid certificates being rejected as "not yet valid".

In the new vpn-ca planned as a default for one of the next releases this is somewhat mitigated by issuing certificates that are valid starting 5 minutes in the past.

@ghost
Copy link

ghost commented Nov 27, 2019

It is difficult for the client to find out what went wrong, the server log usually has more details. Assuming the log is on...

@ghost
Copy link

ghost commented Nov 28, 2019

Getting the exact same error now for different issue. It seems the client really does use the wrong client cert or tls-crypt key. Not sure what is going on. It doesn't help the client doesn't log anything before the connection is successful :(

@ghost
Copy link

ghost commented Nov 28, 2019

Server log in this case:

Nov 28 20:39:07 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS: Initial packet from [AF_INET6]2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX:55134, sid=460b1694 d1a49483
Nov 28 20:39:55 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS: Initial packet from [AF_INET6]2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX:55135, sid=4d78aa8c 0a8b64ac
Nov 28 20:40:07 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 28 20:40:07 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS handshake failed
Nov 28 20:40:07 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX SIGUSR1[soft,tls-error] received, client-instance restarting
Nov 28 20:40:55 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 28 20:40:55 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS handshake failed
Nov 28 20:40:55 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX SIGUSR1[soft,tls-error] received, client-instance restarting
Nov 28 20:41:58 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS: Initial packet from [AF_INET6]2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX:55136, sid=e9430f16 d6192f88
Nov 28 20:42:20 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS: Initial packet from [AF_INET6]2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX:55137, sid=f39d4f94 1779c93a
Nov 28 20:42:58 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 28 20:42:58 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS handshake failed
Nov 28 20:42:58 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX SIGUSR1[soft,tls-error] received, client-instance restarting
Nov 28 20:43:20 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Nov 28 20:43:20 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX TLS Error: TLS handshake failed
Nov 28 20:43:20 pi-vpn.tuxed.net openvpn[2407]: 2a02:8109:9dc0:42f9:fd16:e09:XXXX:XXXX SIGUSR1[soft,tls-error] received, client-instance restarting

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jornane