I have a pfSense box installed at an office that establishes an OpenVPN tunnel back to the main office. The remote office has DHCP and the pfSense box obtains DHCP from it. The IP and everything sets but sometimes when no traffic passes on the network and the tunnel re-establishes, I get this error showing up in the logs:
Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:62225 TLS: Initial packet from 72.xxx.xxx.xxx:62225, sid=815a5012 cc8bc$ Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:54959 TLS Error: TLS key negotiation failed to occur within 60 seconds$ Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:54959 TLS Error: TLS handshake failed Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:54959 SIGUSR1[soft,tls-error] received, client-instance restarting Jan 25 02:19:39 remote openvpn[558]: MULTI: multi_create_instance called Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Re-using SSL/TLS context Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 LZO compression initialized Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 A$ Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Local Options hash (VER=V4): 'f7df56b8' Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Expected Remote Options hash (VER=V4): 'd79ca330' Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 TLS: Initial packet from 72.xxx.xxx.xxx:60736, sid=ea09fb31 f04f1$ Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:49938 TLS Error: TLS key negotiation failed to occur within 60 seconds$ Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:49938 TLS Error: TLS handshake failed Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:49938 SIGUSR1[soft,tls-error] received, client-instance restarting Jan 25 02:19:41 remote openvpn[558]: MULTI: multi_create_instance called Jan 25 02:19:41 remote openvpn[558]: 72.xxx.xxx.xxx:50480 Re-using SSL/TLS context Jan 25 02:19:41 remote openvpn[558]: 72.xxx.xxx.xxx:50480 LZO compression initialized Jan 25 02:19:41 remote openvpn[558]: 72.xxx.xxx.xxx:50480 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] pfTop showed a bunch of connections from the remote location to the main office After rebooting the main office pfSense and the remote location's pfSense, everything linked after only 5-6 of the above messages. We ran into a similar scenario while testing and it seemed that setting the IP info static fixed the issue (the test scenario wouldn't connect AT ALL). Is this an OpenVPN issue or DHCP on pfSense? This is a TAP bridge with certs.
