From 445f99d9dc838c9dbc7e9733b96b4709af7b5a8a Mon Sep 17 00:00:00 2001 From: Quentin McGaw Date: Fri, 8 May 2026 16:12:13 +0000 Subject: [PATCH] hotfix(openvpn): bump hand-window from 10s to 20s --- internal/openvpn/logs.go | 2 +- internal/openvpn/logs_test.go | 4 ++-- internal/provider/custom/openvpnconf.go | 2 +- internal/provider/custom/openvpnconf_test.go | 2 +- internal/provider/utils/openvpn.go | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/openvpn/logs.go b/internal/openvpn/logs.go index d1245ba3..784e3f0c 100644 --- a/internal/openvpn/logs.go +++ b/internal/openvpn/logs.go @@ -46,7 +46,7 @@ Your credentials might be wrong ๐Ÿคจ ` level = levelError - case strings.Contains(s, "TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)"): //nolint:lll + case strings.Contains(s, "TLS Error: TLS key negotiation failed to occur within 20 seconds (check your network connectivity)"): //nolint:lll filtered = s + ` ๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’ That error usually happens because either: diff --git a/internal/openvpn/logs_test.go b/internal/openvpn/logs_test.go index dfb6636f..2fcd851f 100644 --- a/internal/openvpn/logs_test.go +++ b/internal/openvpn/logs_test.go @@ -52,9 +52,9 @@ func Test_processLogLine(t *testing.T) { }, "TLS key negotiation error": { s: "TLS Error: TLS key negotiation failed to occur within " + - "60 seconds (check your network connectivity)", + "20 seconds (check your network connectivity)", filtered: "TLS Error: TLS key negotiation failed to occur within " + - "60 seconds (check your network connectivity)" + ` + "20 seconds (check your network connectivity)" + ` ๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿšจ๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’๐Ÿš’ That error usually happens because either: diff --git a/internal/provider/custom/openvpnconf.go b/internal/provider/custom/openvpnconf.go index 01cd2aef..d4d28185 100644 --- a/internal/provider/custom/openvpnconf.go +++ b/internal/provider/custom/openvpnconf.go @@ -73,7 +73,7 @@ func modifyConfig(lines []string, connection models.Connection, modified = append(modified, "pull-filter ignore \"auth-token\"") // prevent auth failed loop modified = append(modified, "auth-retry nointeract") modified = append(modified, "suppress-timestamps") - modified = append(modified, "hand-window 10") // default is 60 seconds which is too long + modified = append(modified, "hand-window 20") // default is 60 seconds which is too long if *settings.User != "" { modified = append(modified, "auth-user-pass "+openvpn.AuthConf) } diff --git a/internal/provider/custom/openvpnconf_test.go b/internal/provider/custom/openvpnconf_test.go index 782b5575..f23d681a 100644 --- a/internal/provider/custom/openvpnconf_test.go +++ b/internal/provider/custom/openvpnconf_test.go @@ -62,7 +62,7 @@ func Test_modifyConfig(t *testing.T) { "pull-filter ignore \"auth-token\"", "auth-retry nointeract", "suppress-timestamps", - "hand-window 10", + "hand-window 20", "auth-user-pass /etc/openvpn/auth.conf", "verb 0", "data-ciphers-fallback cipher", diff --git a/internal/provider/utils/openvpn.go b/internal/provider/utils/openvpn.go index 64ba44b2..2331fd06 100644 --- a/internal/provider/utils/openvpn.go +++ b/internal/provider/utils/openvpn.go @@ -62,7 +62,7 @@ func OpenVPNConfig(provider OpenVPNProviderSettings, lines.add("mute-replay-warnings") // these are often ignored by some VPN providers lines.add("auth-retry", "nointeract") // retry authenticating without interaction lines.add("suppress-timestamps") // do not log timestamps, the Gluetun logger takes care of it - lines.add("hand-window", "10") // default is 60 seconds which is too long + lines.add("hand-window", "20") // default is 60 seconds which is too long lines.add("dev", settings.Interface) lines.add("verb", fmt.Sprint(*settings.Verbosity)) protocol := connection.Protocol