EVE-NG-CLUSTER-SUPPORT - TLS Handshake Error
Posted: Fri Apr 24, 2026 11:15 am
Good Afternoon,
I am after some support please with regards to TLS handshake errors that I appear to be receiving with my first cluster configuration:
Setup
=====
EVE-NG (Pro) Resides within my home lab.
EVE-NG SAT01 Resides within GCP.
Version: 6.5.0-22-PRO
I have configured a vpn tunnel from my PFSENSE Firewall to my GCP instance so that the internal addressing of both the GCP VM and Home lab VM are reachable without having to go across the internet via public address spaces. i.e. The local ip subnets are encapsulated within the tunnel.
Firewall rules are enabled on both pfsense and gcp to allow any any from home lab network to gcp lab network bi directionally.
I added a node to the Satelite via a lab and upon attempting to connect to the console, the web page errors out - "you have been disconnected".
upon checking the eve-agent service on the sat node i see the following errors:
Apr 24 10:58:10 eve-sat eve-agent[15448]: 2026/04/24 10:58:10 http: TLS handshake error from 172.29.130.254:42052: read tcp 172.29.130.1:8443->172.29.130.254:42052: i/o timeout
Apr 24 10:58:15 eve-sat eve-agent[15448]: 2026/04/24 10:58:15 http: TLS handshake error from 172.29.130.254:43210: read tcp 172.29.130.1:8443->172.29.130.254:43210: i/o timeout
This implies to me that i have an tls cert error between the two nodes? As the 172.x.x.x addresses are eve ng addresses used internally (assuming via wireguard) i do not believe this to be a network or firewall issue but a certificate issue.
My suspicion is that i have missed something during the install, would you be able to support me on this issue please?
I am after some support please with regards to TLS handshake errors that I appear to be receiving with my first cluster configuration:
Setup
=====
EVE-NG (Pro) Resides within my home lab.
EVE-NG SAT01 Resides within GCP.
Version: 6.5.0-22-PRO
I have configured a vpn tunnel from my PFSENSE Firewall to my GCP instance so that the internal addressing of both the GCP VM and Home lab VM are reachable without having to go across the internet via public address spaces. i.e. The local ip subnets are encapsulated within the tunnel.
Firewall rules are enabled on both pfsense and gcp to allow any any from home lab network to gcp lab network bi directionally.
I added a node to the Satelite via a lab and upon attempting to connect to the console, the web page errors out - "you have been disconnected".
upon checking the eve-agent service on the sat node i see the following errors:
Apr 24 10:58:10 eve-sat eve-agent[15448]: 2026/04/24 10:58:10 http: TLS handshake error from 172.29.130.254:42052: read tcp 172.29.130.1:8443->172.29.130.254:42052: i/o timeout
Apr 24 10:58:15 eve-sat eve-agent[15448]: 2026/04/24 10:58:15 http: TLS handshake error from 172.29.130.254:43210: read tcp 172.29.130.1:8443->172.29.130.254:43210: i/o timeout
This implies to me that i have an tls cert error between the two nodes? As the 172.x.x.x addresses are eve ng addresses used internally (assuming via wireguard) i do not believe this to be a network or firewall issue but a certificate issue.
My suspicion is that i have missed something during the install, would you be able to support me on this issue please?