Join Log in
Score:1
KarlFri avatar Server

VPN stuck in "TLS: Initial packet" loop

sb flag
KarlFri

I have a OpenVPN 2.4.9 server where multiple clients need to connect to, but right now no client can connect. I get the following error, filtered for one specific client:

14:06:38 xxx.xxx.xxx.xxx:1209 Re-using SSL/TLS context
14:06:38 xxx.xxx.xxx.xxx:1209 LZO compression initializing
14:06:38 xxx.xxx.xxx.xxx:1209 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:06:38 xxx.xxx.xxx.xxx:1209 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:06:38 xxx.xxx.xxx.xxx:1209 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:06:38 xxx.xxx.xxx.xxx:1209 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:06:38 xxx.xxx.xxx.xxx:1209 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1209, sid=f5f87f34 db300e2a
14:07:37 xxx.xxx.xxx.xxx:1152 Re-using SSL/TLS context
14:07:37 xxx.xxx.xxx.xxx:1152 LZO compression initializing
14:07:37 xxx.xxx.xxx.xxx:1152 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:07:37 xxx.xxx.xxx.xxx:1152 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:07:37 xxx.xxx.xxx.xxx:1152 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:07:37 xxx.xxx.xxx.xxx:1152 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:07:37 xxx.xxx.xxx.xxx:1152 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1152, sid=a51c6653 918e9955
14:10:02 xxx.xxx.xxx.xxx:1070 Re-using SSL/TLS context
14:10:02 xxx.xxx.xxx.xxx:1070 LZO compression initializing
14:10:02 xxx.xxx.xxx.xxx:1070 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:10:02 xxx.xxx.xxx.xxx:1070 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:10:02 xxx.xxx.xxx.xxx:1070 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:10:02 xxx.xxx.xxx.xxx:1070 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:10:02 xxx.xxx.xxx.xxx:1070 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1070, sid=4783fc46 dc03a197
14:11:44 xxx.xxx.xxx.xxx:1055 Re-using SSL/TLS context
14:11:44 xxx.xxx.xxx.xxx:1055 LZO compression initializing
14:11:44 xxx.xxx.xxx.xxx:1055 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:11:44 xxx.xxx.xxx.xxx:1055 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:11:44 xxx.xxx.xxx.xxx:1055 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:11:44 xxx.xxx.xxx.xxx:1055 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:11:44 xxx.xxx.xxx.xxx:1055 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1055, sid=c49e2c9b 38019dec
14:12:49 xxx.xxx.xxx.xxx:1052 Re-using SSL/TLS context
14:12:49 xxx.xxx.xxx.xxx:1052 LZO compression initializing
14:12:49 xxx.xxx.xxx.xxx:1052 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
14:12:49 xxx.xxx.xxx.xxx:1052 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
14:12:49 xxx.xxx.xxx.xxx:1052 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
14:12:49 xxx.xxx.xxx.xxx:1052 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
14:12:49 xxx.xxx.xxx.xxx:1052 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1052, sid=fd3a21d4 1f68e97a

About 60s after "TLS: Initial packet from" it all starts again.

For me, it looks like some kind of timeout, what is the client expecting? And why does it not get the expected return?

Because of timeouts, I have already set:

reneg-sec 3600
ping 120
ping-restart 120
44
0 + 0
ssl
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.