What's new

ovpn-server log errors meaning?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

JohnD5000

Very Senior Member
Can anyone tell me what these errors mean? My log is filled with them. I finally set the "Enable Openvpn Server" to OFF and errors stopped. But what do they mean? I wasn't even trying to vpn into my system.



Dec 21 22:32:36 ovpn-server1[4925]: 92.218.239.140:17096 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:36 ovpn-server1[4925]: 92.218.239.140:37367 TLS: Initial packet from [AF_INET]92.218.239.140:37367 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:40 ovpn-server1[4925]: 92.218.239.140:1343 TLS: Initial packet from [AF_INET]92.218.239.140:1343 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:40 ovpn-server1[4925]: 92.218.239.140:51112 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 21 22:32:40 ovpn-server1[4925]: 92.218.239.140:51112 TLS Error: TLS handshake failed
Dec 21 22:32:40 ovpn-server1[4925]: 92.218.239.140:51112 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:42 ovpn-server1[4925]: 89.161.47.252:55310 TLS: Initial packet from [AF_INET]89.161.47.252:55310 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:42 ovpn-server1[4925]: 92.218.239.140:8979 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 21 22:32:42 ovpn-server1[4925]: 92.218.239.140:8979 TLS Error: TLS handshake failed
Dec 21 22:32:42 ovpn-server1[4925]: 92.218.239.140:8979 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:43 ovpn-server1[4925]: 92.218.239.140:12119 TLS: Initial packet from [AF_INET]92.218.239.140:12119 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:45 ovpn-server1[4925]: 92.218.239.140:26109 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 21 22:32:45 ovpn-server1[4925]: 92.218.239.140:26109 TLS Error: TLS handshake failed
Dec 21 22:32:45 ovpn-server1[4925]: 92.218.239.140:26109 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:47 ovpn-server1[4925]: 92.218.239.140:23404 TLS: Initial packet from [AF_INET]92.218.239.140:23404 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:47 ovpn-server1[4925]: 92.218.239.140:37316 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 21 22:32:47 ovpn-server1[4925]: 92.218.239.140:37316 TLS Error: TLS handshake failed
Dec 21 22:32:47 ovpn-server1[4925]: 92.218.239.140:37316 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:49 ovpn-server1[4925]: 92.218.239.140:13904 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 21 22:32:49 ovpn-server1[4925]: 92.218.239.140:13904 TLS Error: TLS handshake failed
Dec 21 22:32:49 ovpn-server1[4925]: 92.218.239.140:13904 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:50 ovpn-server1[4925]: 92.218.239.140:52582 TLS: Initial packet from [AF_INET]92.218.239.140:52582 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:50 ovpn-server1[4925]: 92.218.239.140:44098 TLS: Initial packet from [AF_INET]92.218.239.140:44098 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
Dec 21 22:32:51 ovpn-server1[4925]: 89.161.47.252:35102 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec 21 22:32:51 ovpn-server1[4925]: 89.161.47.252:35102 TLS Error: TLS handshake failed
Dec 21 22:32:51 ovpn-server1[4925]: 89.161.47.252:35102 SIGUSR1[soft,tls-error] received, client-instance restarting
Dec 21 22:32:51 ovpn-server1[4925]: 92.218.239.140:53299 TLS: Initial packet from [AF_INET]92.218.239.140:53299 (via [AF_INET]73.61.139.5%eth0), sid=6a22eb44 5adb63fe
 

use something other than the standard port or one in the dynamic port range IMO.
Thanks. So a number between 49152 to 65535? Sounds good, but how do I make sure the specific port number I pick is not currently being used for something else?
 
Thanks. So a number between 49152 to 65535?
No, do not use something from the dynamic port range (32768–60999 in Linux). Use an unallocated and non-obvious user port between 5001 to 32767 that isn't being used for some other service (e.g. not 8443, 9999, etc).

...but how do I make sure the specific port number I pick is not currently being used for something else?
Code:
netstat -nltup | grep ":12345 "
 
Last edited:
Go to NETWORK TOOLS in the management GUI and click on the NETSTAT tab. Check (select) Display Listening Sockets and display all sockets and click DIAGNOSE.

In the middle column you will have something in octet format x.x.x.x: port_being_used, or it will have the name of the service like x.x.x.x:NetBIOS which means it's a well known port. If you look up the service on the internet, it will tell you the port it uses.
 
No, do not use something from the dynamic port range (32768–60999 in Linux).
I hadn't seen this advice before. I thought the dynamic range was specifically for this purpose, outside of the range that could be assigned to some service. (Noting at the same time that wireguard is in this range, so even more confused!)

Why so, if you don't mind?
 
Dynamic ports are specifically not for this purpose. They are for dynamic (i.e. not fixed)/ephemeral/temporary/local use. As such the availability of any particular port number is not guaranteed. For fixed-port internet facing services "user" ports should be used.

Note that Linux doesn't conform to the IANA's suggested port range for dynamic ports (49152–65535).
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top