I have tried several configurations of *.ovpn-files but the udp protocol seems working only for about 6 hours.
I'm using openvpn-client version 2.5.1 arm-unknown-linux-gnueabihf with OpenSSL 1.1.1n on a RaspberryPi 4 (Debian 11 Bullyseye).
After some hours of working the client fails with the following Error, initiated by TLS-Key expiration:
VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
VERIFY KU OK
Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK
VERIFY OK: depth=0, CN=de809.nordvpn.com
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
TLS: tls_process: killed expiring key
VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
VERIFY KU OK
Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK
VERIFY OK: depth=0, CN=de809.nordvpn.com
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
TLS: tls_process: killed expiring key
[de809.nordvpn.com] Inactivity timeout (--ping-restart), restarting
SIGUSR1[soft,ping-restart] received, process restarting
Restart pause, 5 second(s)
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TCP/UDP: Preserving recently used remote address: [AF_INET]***IP***
Socket Buffers: R=[180224->360448] S=[180224->360448]
UDP link local: (not bound)
UDP link remote: [AF_INET]***IP***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)
Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
TCP/UDP: Preserving recently used remote address: [AF_INET]***IP***
Socket Buffers: R=[180224->360448] S=[180224->360448]
UDP link local: (not bound)
UDP link remote: [AF_INET]***IP***
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
As you can see it hangs on a restart loop with TLS authentication failing over time. Of course, the internet connection got interrupted, since I am routing my network traffic over VPN (which does the client automatically).
Surprisingly, the TCP-Protocol works all the time.
Might the packet loss of udp be the cause?
I researched a lot and also looked at Troubleshooting Open-VPN-Client but can't find a possible, acceptable solution. It seems like others have this issue too.
A very inefficient and poor, for me unacceptable, solution would be to monitor the network connection all the time and restart the whole openvpn-client-service, when the internet connection gets interrupted.
Thanks in advance, if anyone can help or fix this!
I have tried several configurations of *.ovpn-files but the udp protocol seems working only for about 6 hours. I'm using openvpn-client version 2.5.1 arm-unknown-linux-gnueabihf with OpenSSL 1.1.1n on a RaspberryPi 4 (Debian 11 Bullyseye). After some hours of working the client fails with the following Error, initiated by TLS-Key expiration:
As you can see it hangs on a restart loop with TLS authentication failing over time. Of course, the internet connection got interrupted, since I am routing my network traffic over VPN (which does the client automatically). Surprisingly, the TCP-Protocol works all the time. Might the packet loss of udp be the cause?
I researched a lot and also looked at Troubleshooting Open-VPN-Client but can't find a possible, acceptable solution. It seems like others have this issue too. A very inefficient and poor, for me unacceptable, solution would be to monitor the network connection all the time and restart the whole openvpn-client-service, when the internet connection gets interrupted.
Thanks in advance, if anyone can help or fix this!