unable to connect to NW

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
wraak
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 16, 2010 5:54 pm

unable to connect to NW

Post by wraak » Tue Feb 16, 2010 6:26 pm

I'm working for an ISP in the NW, I have spoke with our openVPN support and service desk. I am unable to connect to a network called NW, here's what has been tried so far:

tried removing the firewall portion of symantec as he indicated this
may have happened after the symantec update.

disabled windows firewall which service automatically starts after removing SEP.

logged in as myself or as administrator to rule out possible corrupted
AD profile, or permissions.

completely removed SEP, verified AVG was gone.

he is able to connect to WI (with openVPN) and CISCO VPN simultanesly which confirms
that the TAP32 driver is working correctly.

tried all possible combinations. if i type a wrong password or random
username when attempting connection to NW I do not get an error,
instead it hangs at same step as it does with right username and
password.

contacted openVPN support they said they do not support the community
edition.

this is from the log connecting to NW:

Mon Feb 15 17:06:07 2010 us=30155 UDPv4 link local: [undef]
Mon Feb 15 17:06:07 2010 us=30180 UDPv4 link remote: ip.add.112.138:1194
Mon Feb 15 17:06:07 2010 us=43221 TLS: Initial packet from ip.add.112.138:1194, sid=d1c5f3db ee0e3fa5
Mon Feb 15 17:06:07 2010 us=154693 VERIFY OK: depth=1, /C=US/ST=WA/L=CITY/O=ISPname/CN=ovpn-usr-CA/emailAddress=ops-security@coblah.com
Mon Feb 15 17:06:07 2010 us=155835 VERIFY OK: depth=0, /C=US/ST=WA/O=ISPname/CN=ovpn-noc-west/emailAddress=ops-security@coblah.com
Mon Feb 15 17:07:08 2010 us=62626 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 15 17:07:08 2010 us=62649 TLS Error: TLS handshake failed


as you can see the step with VERIFY OK it hangs for a couple of minutes after which comes up with the TLS Error.
we have tried removing and reinstall openVPN multiple times.
UDP and TCP packets should be allowed by the router as this is the corporate network and people in the same office using same wifi connection can connect just fine.
we verified that his UN/PASSWD with NW network are valid as we we're able to connect from the same office from a different computer

as this works on any other machine in the office, connectivity with openVPN to WI works as well, suggests that this is an issue locally on the computer.

anything I can try to get this working?


This is the log connecting to the WI network, the UDP ip connecting to is different

Mon Feb 15 17:10:54 2010 us=908038 UDPv4 link local: [undef]
Mon Feb 15 17:10:54 2010 us=908062 UDPv4 link remote: ip.add.114.35:1194
Mon Feb 15 17:10:54 2010 us=922442 TLS: Initial packet from ip.add.114.35:1194, sid=23661c91 c5a8cd5c
Mon Feb 15 17:10:55 2010 us=9097 Replay-window backtrack occurred [1]
Mon Feb 15 17:10:55 2010 us=51378 VERIFY OK: depth=1, /C=US/ST=WA/L=CITY/O=ISPName/CN=VPN_Certificate_Authority/emailAddress=ops-security@ISPname.com
Mon Feb 15 17:10:55 2010 us=54598 VERIFY OK: depth=0, /C=US/ST=WA/O=ISPname/OU=server/CN=uservpn.ISPname.net/emailAddress=uservpn.ispname.net
Mon Feb 15 17:10:55 2010 us=608024 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Feb 15 17:10:55 2010 us=608048 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 15 17:10:55 2010 us=608119 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Feb 15 17:10:55 2010 us=608136 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 15 17:10:55 2010 us=608274 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Feb 15 17:10:55 2010 us=608297 [uservpn.ispname.net] Peer Connection Initiated with ip.add.114.35:1194

User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: unable to connect to NW

Post by krzee » Wed Mar 10, 2010 4:04 am

is there a large amount of latency between those 2 machines? seems that the connection CAN be made but is timing out because it takes too long (I had this happen recently when i was connecting to a vpn from a terrible australian inet connection to a USA colo

wraak
OpenVpn Newbie
Posts: 2
Joined: Tue Feb 16, 2010 5:54 pm

Re: unable to connect to NW

Post by wraak » Wed Mar 10, 2010 7:30 pm

no latency issues, as other users in the corporate network can connect just fine, if i set another laptop side by side using same wifi connection one connects the other one doesnt. i'm thinking about reimaging machine, but i know it's something easy, maybe corrupted openVPN installation (as we reinstalled so many times), maybe corrupted security keys. Maybe some registry tweaking

User avatar
krzee
Forum Team
Posts: 728
Joined: Fri Aug 29, 2008 5:42 pm

Re: unable to connect to NW

Post by krzee » Thu Mar 18, 2010 2:18 am

anything interesting in the server log when that client connects?

Post Reply