DD-WRT :: View topic - OpenVPN PIA, ERROR RECONNECTING tls-error

OpenVPN PIA, ERROR RECONNECTING tls-error

DD-WRT Forum Index -> Advanced Networking

View previous topic :: View next topic

Author

Message

dloree
DD-WRT Novice

Joined: 02 Jan 2021
Posts: 3

Posted: Sat Jan 02, 2021 23:56 Post subject: OpenVPN PIA, ERROR RECONNECTING tls-error

Ive been trying to get an Open VPN to work with Private Internet Access, I got it up and running, tested and the vpn was working. But after a couple of hours, I get the error "Client: RECONNECTING tls-error' Please help! Ill post the log below

Info
connection type, DHCP
Tunnel protocol, UDP

Clientlog:
20210102 18:17:13 I UDPv4 link local: (not bound)
20210102 18:17:13 I UDPv4 link remote: [AF_INET]154.3.42.11:502
20210102 18:17:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:17:52 D MANAGEMENT: CMD 'state'
20210102 18:17:52 MANAGEMENT: Client disconnected
20210102 18:17:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:17:52 D MANAGEMENT: CMD 'state'
20210102 18:17:52 MANAGEMENT: Client disconnected
20210102 18:17:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:17:52 D MANAGEMENT: CMD 'state'
20210102 18:17:52 MANAGEMENT: Client disconnected
20210102 18:17:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:17:52 D MANAGEMENT: CMD 'status 2'
20210102 18:17:52 MANAGEMENT: Client disconnected
20210102 18:17:52 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:17:52 D MANAGEMENT: CMD 'log 500'
20210102 18:17:52 MANAGEMENT: Client disconnected
20210102 18:18:13 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210102 18:18:13 N TLS Error: TLS handshake failed
20210102 18:18:13 I SIGUSR1[soft tls-error] received process restarting
20210102 18:18:13 Restart pause 300 second(s)
20210102 18:23:13 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20210102 18:23:13 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210102 18:23:13 I TCP/UDP: Preserving recently used remote address: [AF_INET]154.3.42.21:502
20210102 18:23:13 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210102 18:23:13 I UDPv4 link local: (not bound)
20210102 18:23:13 I UDPv4 link remote: [AF_INET]154.3.42.21:502
20210102 18:24:13 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210102 18:24:13 N TLS Error: TLS handshake failed
20210102 18:24:13 I SIGUSR1[soft tls-error] received process restarting
20210102 18:24:13 Restart pause 300 second(s)
20210102 18:29:13 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20210102 18:29:13 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210102 18:29:13 I TCP/UDP: Preserving recently used remote address: [AF_INET]154.3.42.32:502
20210102 18:29:13 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210102 18:29:13 I UDPv4 link local: (not bound)
20210102 18:29:13 I UDPv4 link remote: [AF_INET]154.3.42.32:502
20210102 18:30:13 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210102 18:30:13 N TLS Error: TLS handshake failed
20210102 18:30:13 I SIGUSR1[soft tls-error] received process restarting
20210102 18:30:13 Restart pause 300 second(s)
20210102 18:35:13 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20210102 18:35:13 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210102 18:35:18 N RESOLVE: Cannot resolve host address: ca-toronto.privacy.network:502 (Try again)
20210102 18:35:21 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210102 18:35:21 I UDPv4 link local: (not bound)
20210102 18:35:21 I UDPv4 link remote: [AF_INET]154.3.40.61:502
20210102 18:36:21 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210102 18:36:21 N TLS Error: TLS handshake failed
20210102 18:36:21 I SIGUSR1[soft tls-error] received process restarting
20210102 18:36:21 Restart pause 300 second(s)
20210102 18:41:21 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20210102 18:41:21 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210102 18:41:21 I TCP/UDP: Preserving recently used remote address: [AF_INET]154.3.40.41:502
20210102 18:41:21 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210102 18:41:21 I UDPv4 link local: (not bound)
20210102 18:41:21 I UDPv4 link remote: [AF_INET]154.3.40.41:502
20210102 18:42:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:42:04 D MANAGEMENT: CMD 'state'
20210102 18:42:04 MANAGEMENT: Client disconnected
20210102 18:42:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:42:04 D MANAGEMENT: CMD 'state'
20210102 18:42:04 MANAGEMENT: Client disconnected
20210102 18:42:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:42:04 D MANAGEMENT: CMD 'state'
20210102 18:42:04 MANAGEMENT: Client disconnected
20210102 18:42:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:42:04 D MANAGEMENT: CMD 'status 2'
20210102 18:42:04 MANAGEMENT: Client disconnected
20210102 18:42:04 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:42:04 D MANAGEMENT: CMD 'log 500'
20210102 18:42:04 MANAGEMENT: Client disconnected
20210102 18:42:22 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210102 18:42:22 N TLS Error: TLS handshake failed
20210102 18:42:22 I SIGUSR1[soft tls-error] received process restarting
20210102 18:42:22 Restart pause 300 second(s)
20210102 18:47:22 W WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
20210102 18:47:22 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20210102 18:47:22 I TCP/UDP: Preserving recently used remote address: [AF_INET]154.3.40.51:502
20210102 18:47:22 Socket Buffers: R=[180224->180224] S=[180224->180224]
20210102 18:47:22 I UDPv4 link local: (not bound)
20210102 18:47:22 I UDPv4 link remote: [AF_INET]154.3.40.51:502
20210102 18:48:22 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20210102 18:48:22 N TLS Error: TLS handshake failed
20210102 18:48:22 I SIGUSR1[soft tls-error] received process restarting
20210102 18:48:22 Restart pause 300 second(s)
20210102 18:51:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:51:55 D MANAGEMENT: CMD 'state'
20210102 18:51:55 MANAGEMENT: Client disconnected
20210102 18:51:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:51:55 D MANAGEMENT: CMD 'state'
20210102 18:51:55 MANAGEMENT: Client disconnected
20210102 18:51:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:51:55 D MANAGEMENT: CMD 'state'
20210102 18:51:55 MANAGEMENT: Client disconnected
20210102 18:51:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:51:56 D MANAGEMENT: CMD 'status 2'
20210102 18:51:56 MANAGEMENT: Client disconnected
20210102 18:51:56 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20210102 18:51:56 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00

Sponsor

kc8tkr
DD-WRT Novice

Joined: 16 Apr 2020
Posts: 17

Posted: Sun Jan 03, 2021 0:53 Post subject:
put this in your config file, TLS Web Server Authentication

dloree
DD-WRT Novice

Joined: 02 Jan 2021
Posts: 3

Posted: Sun Jan 03, 2021 2:28 Post subject: OpenVPN PIA, ERROR RECONNECTING tls-error
Hey, I tried adding what you mentioned, and now its not running the vpn. My config text is attached, andthis is in the OpenVPN tab (Nothing: State Client: Local Address: Remote Address: Status VPN Client Stats Log Clientlog: and when I take of the line that you mentioned, it goes back to error

eibgrad
DD-WRT Guru

Joined: 18 Sep 2010
Posts: 9157

Posted: Sun Jan 03, 2021 3:47 Post subject:

"TLS Web Server Authentication" is NOT an OpenVPN directive. But regardless, the fact it (apparently) runs for several hours and *then* fails suggests it is NOT a configuration error, but more likely just a server that at some point refuses to accept connections. Sometimes VPN providers kick users off servers if they become overloaded, or for maintenance purposes. This is why you should never rely on *just one* server to establish your VPN connection, but instead provide several alternatives.

In the case of my own VPN (ExpressVPN), I've added the following to the Additional Config field so that in case any given server is inaccessible, it will try several others.

Code:

server-poll-timeout 10
remote-random
remote us-new-york-2-ca-version-2.expressnetw.com 1195
remote usa-atlanta-ca-version-2.expressnetw.com 1195
remote usa-chicago-ca-version-2.expressnetw.com 1195
remote usa-dallas-2-ca-version-2.expressnetw.com 1195
remote usa-dallas-ca-version-2.expressnetw.com 1195
…

The "server-poll-timeout" directive tells the OpenVPN client to never wait for more than 10 seconds for the server connection to be established before trying another server randomly (thanks to the "remote-random" directive). If you want then processed sequentially (e.g., to give certain servers higher preference), just least out that directive.

Last edited by eibgrad on Thu Apr 15, 2021 16:46; edited 2 times in total

kc8tkr
DD-WRT Novice

Joined: 16 Apr 2020
Posts: 17

Posted: Sun Jan 03, 2021 3:50 Post subject:
https://www.privateinternetaccess.com/helpdesk/guides/routers/dd-wrt-v40559-openvpn-setup

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6440
Location: UK, London, just across the river..

Posted: Sun Jan 03, 2021 8:26 Post subject:

do not use their guide its messy and not working, also do not use 40559 its a bad build from router data base
use this guide... need to be logged in to see the attachment...

also have a look here
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=326913
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

dloree
DD-WRT Novice

Joined: 02 Jan 2021
Posts: 3

Posted: Sun Jan 03, 2021 20:59 Post subject: OpenVPN PIA, ERROR RECONNECTING tls-error
Hey! I got it working through port 1198 and the config stuff in that pdf, but now my speed is at around 5-8% of what it was on speedtest

Alozaros
DD-WRT Guru

Joined: 16 Nov 2015
Posts: 6440
Location: UK, London, just across the river..

Posted: Sun Jan 03, 2021 21:46 Post subject: Re: OpenVPN PIA, ERROR RECONNECTING tls-error

dloree wrote:

Hey! I got it working through port 1198 and the config stuff in that pdf, but now my speed is at around 5-8% of what it was on speedtest

did you start with telling us, your router model and current build running ? (you should)
probably that's the routers max...as VPN needs resources...but we don't know your router, yet so that far we can go...
VPN needs dual core CPU router, preferably Netgear R7800 or R9000, to gain some performance above 100Mbit over VPN, try Wireguard instead...but than again we still dont know your router Razz

a quick tip is to use a better PIA server, that offers better performance and use 128 GCM encryption instead of 128 CBC...but it wont make miracles if router has low specs...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913

Display posts from previous:

Page 1 of 1

DD-WRT Forum Index -> Advanced Networking

All times are GMT

Navigation

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Log in

OpenVPN PIA, ERROR RECONNECTING tls-error

Quick Links

Log in