Menu
▾
▴
Re: [Openvpn-users] TLS errors
|
From: James Y. <ji...@nt...> - 2002-06-20 15:51:05
|
Bradley, The error below (which is non-fatal and only outputs at --verb 8 or higher) occurs when OpenVPN gets a tunnel datagram to forward, but has no key with which to encrypt the datagram. This can happen if (a) the initial TLS handshake hasn't completed yet, or (b) the initial TLS handshake failed, or (c) OpenVPN is run without --remote or no peer has connected yet. Though I'd need to see more data (complete --verb 8 output + config files) to have a chance at figuring out what's happening, the things to look for would be (a) does each OpenVPN peer begin the TLS negotiation with the other, (b) if so, does the negotiation complete or does it stall somewhere, (c) do you get any kind of TLS error before the "no data channel send key available" such as a timeout. Also be aware that this error can be totally innocuous, if you start an OpenVPN peer and then immediately try sending data over the tunnel before the peers have connected and negotiated. The initial negotiation time can be several seconds, especially if you are using 2048 bit RSA keys. In general, once the TLS connection is negotiated and OpenVPN begins passing tunnel data, any packets that had to be dropped in the initial seconds before the negotiation completed will be resent. In this case you can just ignore the error. Also, check out differences between the config that works (odyssey to lakota) and the one that doesn't (lakota to ganges), in terms of both differences in the config files and differences in the --verb 8 output. Hope this helps. James ----- Original Message ----- From: "Bradley M Alexander" <st...@tu...> To: <ope...@li...> Sent: Thursday, June 20, 2002 6:30 AM Subject: [Openvpn-users] TLS errors > I'm having a problem getting openvpn up and running. I have three machines, > odyssey, lakota and ganges. I was able to successfully connect odyssey > (which is my CA) to lakota, but I when attempting to connect lakota to > ganges, I get the following error: > > 83: TLS Error: no data channel send key available: [key#0 state=S_INITIAL > id=0 sid=00000000 00000000] [key#1 state=S_UNDEF id=0 sid=00000000 > 00000000] [key#2 state=S_UNDEF id=0 sid=00000000 00000000] > > Openvpn finds the keys and certificates: > > 51: ca_file = '/etc/ssl/certs/odyssey-ca.pem' > 52: dh_file = '/etc/ssl/certs/dh2048.pem' > 53: cert_file = '/etc/ssl/certs/lakota.pem' > 54: priv_key_file = '/etc/ssl/keys/lakota.key' > > Can anyone explain the cause of this error? I can include the entire > session, but didn't want to clog up the list. > > Thanks, > --Brad > > > ------------------------------------------------------- > Bringing you mounds of caffeinated joy > >>> http://thinkgeek.com/sf <<< > > _______________________________________________ > Openvpn-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-users > |
