search

pieterlange / kube-openvpn

:closed_lock_with_key: Kubernetes native OpenVPN
MIT License
383 stars 57 forks source link

Connection reset, restarting [-1] #66

Closed 13567436138 closed 4 years ago

13567436138 commented 5 years ago

Sun Feb 03 12:25:31 2019 Connection reset, restarting [-1] Sun Feb 03 12:25:31 2019 SIGUSR1[soft,connection-reset] received, process restarting Sun Feb 03 12:26:51 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]47.254.92.51:1194 Sun Feb 03 12:26:51 2019 Attempting to establish TCP connection with [AF_INET]47.254.92.51:1194 [nonblock] Sun Feb 03 12:26:52 2019 TCP connection established with [AF_INET]47.254.92.51:1194 Sun Feb 03 12:26:52 2019 TCP_CLIENT link local: (not bound) Sun Feb 03 12:26:52 2019 TCP_CLIENT link remote: [AF_INET]47.254.92.51:1194 Sun Feb 03 12:26:53 2019 Connection reset, restarting [-1] Sun Feb 03 12:26:53 2019 SIGUSR1[soft,connection-reset] received, process restarting

okutasan commented 3 years ago

how to fix this ?

alfieyfc commented 3 years ago

I keep getting this error too :( it repeats every second. On the server logs it's as below:

Wed Jan 20 23:38:06 2021 TCP connection established with [AF_INET]10.42.1.1:61256
Wed Jan 20 23:38:07 2021 10.42.1.1:61256 TLS: Initial packet from [AF_INET]10.42.1.1:61256, sid=86bee538 5617bef7
Wed Jan 20 23:38:07 2021 10.42.1.1:61256 TLS Error: reading acknowledgement record from packet
Wed Jan 20 23:38:07 2021 10.42.1.1:61256 Fatal TLS error (check_tls_errors_co), restarting
Wed Jan 20 23:38:07 2021 10.42.1.1:61256 SIGUSR1[soft,tls-error] received, client-instance restarting

Can we reopen this until at least some form of resolution is provided? Thanks!

alfieyfc commented 3 years ago

Nvm, I believe I have solved it! Using the same method I mentioned in https://github.com/pieterlange/kube-openvpn/issues/73#issuecomment-764263006.

Looking at this post I noticed there is a <tls-auth> in the client's .ovpn file but ta.key wasn't referenced in the servers .conf file.

OpenVPN: TLS Error: reading acknowledgement record from packet This error message (in my experince) most often means that one side (either the client or the server) is set up for TLS auth, but the other side is not.

So I added this line in openvpn-tmpl and created a configmap for the pod to mount. 

tls-auth ${EASYRSA_PKI}/ta.key

Error message gone! :)