We use OpenVPN to connect to a remote server, and have used script-generated duplicate configurations for each one. Nearly all of these operate flawlessly ...
except clients who are
within the client's place of business. We see their OpenVPN server re-connnecting to us literally hundreds of times a day, every day. The client experiences erratic network performance connecting to our administrative web-site through this tunnel. No one else does. I believe that the reconnections are occurring because the tunnel has dropped, but the server-side log files give little indication. (UDP, not TCP/IP, is used for the data transfer.) The reconnections are always uneventful.
In trying to understand the problem, we installed an OpenVPN client on a couple of machines within their network and had users use
this client to connect. They experienced similar problems
if they connect from the office.
A significant finding in their client log is this:
Code:
2017-06-19 07:59:52 Tunnelblick[452] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)
2017-06-19 07:59:53 Tunnelblick[452] CFNetwork SSLHandshake failed (-9806)
... and the second message is repeated 4 times.
This continues once a second for about 32 seconds, then we see this:
Code:
2017-06-19 07:57:28 Tunnelblick[510] currentIPInfo(Name): IP address info could not be fetched within 32.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
UserInfo={_kCFStreamErrorCodeKey=-9806, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x106435220 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9806,
_kCFStreamPropertySSLClientCertificateState=0, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.,
_kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-9806}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.,
NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo,
_kCFStreamErrorDomainKey=3}'; the response was '(null)'
The machine in question
is an OS/X box, and I don't know if this log is actually related to the network instability that we are experiencing.
(It could well be something peculiar to the OpenVPN client program, which is TunnelBlick.) I am trying to obtain log files from their primary OpenVPN client router.
My
suspicion is that the client has intermittent internet connectivity but might not be aware of it. Still, I need to gather more evidence of this.