Re: [pfSense Support] pfSense and DHCP+OpenVPN

[Scott Ullrich]

On 1/24/07, kevin hawkins <[EMAIL PROTECTED]> wrote:

I have a pfSense box installed at an office that establishes an OpenVPN
tunnel back to the main office.  The remote office has DHCP and the pfSense
box obtains DHCP from it.  The IP and everything sets but sometimes when no
traffic passes on the network and the tunnel re-establishes, I get this
error showing up in the logs:

Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:62225 TLS: Initial
packet from 72.xxx.xxx.xxx:62225, sid=815a5012 cc8bc$
Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:54959 TLS Error: TLS key
negotiation failed to occur within 60 seconds$
Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:54959 TLS Error: TLS
handshake failed
Jan 25 02:19:36 remote openvpn[558]: 72.xxx.xxx.xxx:54959
SIGUSR1[soft,tls-error] received, client-instance restarting
Jan 25 02:19:39 remote openvpn[558]: MULTI: multi_create_instance called
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Re-using SSL/TLS
context
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 LZO compression
initialized
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx :60736 Control Channel
MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Data Channel MTU
parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 A$
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Local Options hash
(VER=V4): 'f7df56b8'
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 Expected Remote
Options hash (VER=V4): 'd79ca330'
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:60736 TLS: Initial
packet from 72.xxx.xxx.xxx:60736, sid=ea09fb31 f04f1$
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:49938 TLS Error: TLS key
negotiation failed to occur within 60 seconds$
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:49938 TLS Error: TLS
handshake failed
Jan 25 02:19:39 remote openvpn[558]: 72.xxx.xxx.xxx:49938
SIGUSR1[soft,tls-error] received, client-instance restarting
Jan 25 02:19:41 remote openvpn[558]: MULTI: multi_create_instance called
Jan 25 02:19:41 remote openvpn[558]: 72.xxx.xxx.xxx:50480 Re-using SSL/TLS
context
Jan 25 02:19:41 remote openvpn[558]: 72.xxx.xxx.xxx:50480 LZO compression
initialized
Jan 25 02:19:41 remote openvpn[558]: 72.xxx.xxx.xxx :50480 Control Channel
MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]


pfTop showed a bunch of connections from the remote location to the main
office

After rebooting the main office pfSense and the remote location's pfSense,
everything linked after only 5-6 of the above messages.

We ran into a similar scenario while testing and it seemed that setting the
IP info static fixed the issue (the test scenario wouldn't connect AT ALL).
Is this an OpenVPN issue or DHCP on pfSense?  This is a TAP bridge with
certs.

Please upgrade to a recent SNAPSHOT and see if the problem persists:

http://snapshots.pfsense.com/FreeBSD6/RELENG_1/

Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]