Closed marina8888 closed 5 years ago
Ok so this looks like a potential reachability issue (which should be picked up and fixed in iOS testing) and can be caused by a WAN failure (which I noticed when macOS WiFi icon flashed). Essentially, if WAN fails, the VPN should reconnect and bind to a new available address and port pair. If this process does not happen, the tunnel will remain unresponsive.
On the other hand, since this seems to be repetative (once every hour), it could instead link to a renegotiation issue. Data channel encryption keys are changed every hour and this renegotiation process could be failing. I will search for any exception in the logs for you at this time and report any feedback here.
Just spoke to Irena and she said BT hub disconnects briefly every hour or so anyway… please feel free to assume that disconnection itself is not linked to the uh enterprise- apologies if I misled you.
Marina
On 1 Oct 2019, at 00:18, James Webb notifications@github.com wrote:
Ok so this looks like a potential reachability issue (which should be picked up and fixed in iOS testing) and can be caused by a WAN failure (which I noticed when macOS WiFi icon flashed). Essentially, if WAN fails, the VPN should reconnect and bind to a new available address and port pair. If this process does not happen, the tunnel will remain unresponsive.
On the other hand, since this seems to be repetative (once every hour), it could instead link to a renegotiation issue. Data channel encryption keys are changed every hour and this renegotiation process could be failing. I will search for any exception in the logs for you at this time and report any feedback here.
No this is actually an issue with renegotiation. Logs are showing many issues with decrypting using the obfuscation keys and then complaining about TLS keys being out of sync => reneg failed.
@AnthonyWharton for reference server side:
TLS Error: tls-crypt unwrapping failed
tls-crypt unwrap error: bad packet ID (may be a replay): [ #8 / time = (1569877927) Mon Sep 30 22:12:07 2019 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
TLS Error: local/remote TLS keys are out of sync
Think this might be a macOS client issue...
This has now been fixed. UH Enterprise clients now control the key renegotation time instead of the server which presented issues. Each client now defines:
Cannot reconnect to network without disconnecting from UH Enterprise first.
To Reproduce
Expected behavior Internet becomes no longer accessible until you disconnect from UH Enterprise, showing a page "your connection was interrupted". Once you are disconnected, the internet is accessible again and it is possible to reconnect to UH Enterprise.
Screenshots
Web Console (please complete the following information):
Additional context Error witnessed by James Webb at 10.15-10.25 p.m. 30/09/2019 Video not attachable but emailed directly.
Thank you, Marina