[Solved] connection problem on a 4G router TAP vs TUN

Samples of working configurations.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Locked
bbking
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 08, 2016 6:42 pm

[Solved] connection problem on a 4G router TAP vs TUN

Post by bbking » Fri Jan 08, 2016 7:02 pm

Hi there,

let me greet everyone as this is my first post!

I am working on getting a 4G router connected to an openVPN Server running on Zentyal (http://www.zentyal.org). I can connect to the server from a Win7 machine without problems. When importing the same ca.cert, client.crt and client.key certificates on a Robustel R300lite 4G router I get the following logs on the server:

Code: Select all

Fri Jan  8 19:34:50 2016 37.76.108.55:33598 TLS Error: TLS handshake failed
Fri Jan  8 19:34:50 2016 37.76.108.55:33598 SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Jan  8 19:34:50 2016 read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
Fri Jan  8 19:34:50 2016 read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
Fri Jan  8 19:34:50 2016 MULTI: multi_create_instance called
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 Re-using SSL/TLS context
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 LZO compression initialized
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 Local Options hash (VER=V4): 'f7df56b8'
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 Expected Remote Options hash (VER=V4): 'd79ca330'
Fri Jan  8 19:34:50 2016 37.76.108.55:51650 TLS: Initial packet from [AF_INET]37.76.108.55:51650, sid=f3ed16f1 1fe83d28
Fri Jan  8 19:34:51 2016 read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
Fri Jan  8 19:34:52 2016 read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
Fri Jan  8 19:34:53 2016 MULTI: multi_create_instance called
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 Re-using SSL/TLS context
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 LZO compression initialized
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 Local Options hash (VER=V4): 'f7df56b8'
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 Expected Remote Options hash (VER=V4): 'd79ca330'
Fri Jan  8 19:34:53 2016 37.76.108.55:57772 TLS: Initial packet from [AF_INET]37.76.108.55:57772, sid=261ce7f5 28940ad0
Fri Jan  8 19:34:54 2016 read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
Fri Jan  8 19:34:54 2016 read UDPv4 [CMSG=8|ECONNREFUSED]: Connection refused (code=111)
Fri Jan  8 19:34:54 2016 37.76.108.55:42178 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
and on the router:

Code: Select all

16-01-08 19:46:13 <1> OpenVPN: UDPv4 READ [114] from 193.239.xxx.yyy:61194: P_CONTROL_V1 kid=0 sid=3657e419 20a08372 [ ] pid=5 DATA 5e3b2516 315263e4 e212f5b0 34fae7a1 f4f4084e ecea8590 d8fbfbcd 05f0c23[more...]
16-01-08 19:46:13 <1> OpenVPN: TLS: control channel, op=P_CONTROL_V1, IP=193.239.xxx.yyy:61194
16-01-08 19:46:13 <1> OpenVPN: TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=1ab4467a cf5b10eb, rec-sid=3657e419 20a08372, rec-ip=193.239.xxx.yyy:61194, stored-sid=3657e419 20a08372, stored-ip=193.239.xxx.yyy:61194
16-01-08 19:46:13 <1> OpenVPN: TLS: found match, session[0], sid=3657e419 20a08372
16-01-08 19:46:13 <1> OpenVPN: TLS: received control channel packet s#=0 sid=3657e419 20a08372
16-01-08 19:46:13 <1> OpenVPN: ACK read ID 5 (buf->len=100)
16-01-08 19:46:13 <1> OpenVPN: ACK RWBS rel->size=8 rel->packet_id=00000005 id=00000005 ret=1
16-01-08 19:46:13 <1> OpenVPN: ACK mark active incoming ID 5
16-01-08 19:46:13 <1> OpenVPN: ACK acknowledge ID 5 (ack->len=1)
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=1ab4467a cf5b10eb, stored-sid=3657e419 20a08372, stored-ip=193.239.xxx.yyy:61194
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
16-01-08 19:46:13 <1> OpenVPN: ACK reliable_can_send active=0 current=0 : [4]
16-01-08 19:46:13 <1> OpenVPN: BIO write tls_write_ciphertext 100 bytes
16-01-08 19:46:13 <1> OpenVPN: Incoming Ciphertext -> TLS
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
16-01-08 19:46:13 <1> OpenVPN: ACK reliable_can_send active=0 current=0 : [4]
16-01-08 19:46:13 <1> OpenVPN: ACK write ID 5 (ack->len=1, n=1)
16-01-08 19:46:13 <1> OpenVPN: Dedicated ACK -> TCP/UDP
16-01-08 19:46:13 <1> OpenVPN: ACK reliable_send_timeout 604800 [4]
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_process: timeout set to 60
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=164a65a6 797e425a, stored-sid=00000000 00000000, stored-ip=[undef]
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
16-01-08 19:46:13 <1> OpenVPN: PO_CTL rwflags=0x0003 ev=13 arg=0x00078680
16-01-08 19:46:13 <1> OpenVPN: I/O WAIT T?|T?|SR|SW [1/184729]
16-01-08 19:46:13 <1> OpenVPN: PO_WAIT[0,0] fd=13 rev=0x00000005 rwflags=0x0003 arg=0x00078680 
16-01-08 19:46:13 <1> OpenVPN:  event_wait returned 1
16-01-08 19:46:13 <1> OpenVPN: I/O WAIT status=0x0003
16-01-08 19:46:13 <1> OpenVPN: UDPv4 WRITE [22] to 193.239.xxx.yyy:61194: P_ACK_V1 kid=0 sid=1ab4467a cf5b10eb [ 5 sid=3657e419 20a08372 ]
16-01-08 19:46:13 <1> OpenVPN: UDPv4 write returned 22
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=1ab4467a cf5b10eb, stored-sid=3657e419 20a08372, stored-ip=193.239.xxx.yyy:61194
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
16-01-08 19:46:13 <1> OpenVPN: ACK reliable_can_send active=0 current=0 : [4]
16-01-08 19:46:13 <1> OpenVPN: ACK reliable_send_timeout 604800 [4]
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_process: timeout set to 60
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=164a65a6 797e425a, stored-sid=00000000 00000000, stored-ip=[undef]
16-01-08 19:46:13 <1> OpenVPN: TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
16-01-08 19:46:13 <1> OpenVPN: PO_CTL rwflags=0x0001 ev=13 arg=0x00078680
16-01-08 19:46:13 <1> OpenVPN: I/O WAIT T?|T?|SR|Sw [1/184729]
16-01-08 19:46:13 <1> OpenVPN: PO_WAIT[0,0] fd=13 rev=0x00000001 rwflags=0x0001 arg=0x00078680 
16-01-08 19:46:13 <1> OpenVPN:  event_wait returned 1
16-01-08 19:46:13 <1> OpenVPN: I/O WAIT status=0x0001
in the router log, there is this line with

Code: Select all

16-01-08 19:46:13 <1> OpenVPN: TLS: tls_process: timeout set to 60
and the server complains about

Code: Select all

Fri Jan  8 19:34:54 2016 37.76.108.55:42178 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
could be this the error?

unfortunatelly, I cannot set this parameter, the only settings I can change in the router, are these:
Image

can anyone please give me a hint, what I can do to make the connection work?

Thanks a lot in advance!

bbking
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 08, 2016 6:42 pm

Re: connection problem on a 4G router

Post by bbking » Sat Jan 09, 2016 1:55 pm

folks, this was an easy one. Changed tun to tap and it works.

Now the only thing is, the router uses 192.168.160.1 as its IP, but this is the IP of the opneVPN Server as well. Already contacted Robustel, due to the weekend there will only be an answer next week.

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: connection problem on a 4G router

Post by Traffic » Sat Jan 09, 2016 2:19 pm

OpenVPN default cipher (encryption) is Blowfish .. your client is using AES-128-CBC .. what does your server use ?

bbking
OpenVpn Newbie
Posts: 3
Joined: Fri Jan 08, 2016 6:42 pm

Re: connection problem on a 4G router

Post by bbking » Sat Jan 09, 2016 2:47 pm

Traffic wrote:OpenVPN default cipher (encryption) is Blowfish .. your client is using AES-128-CBC .. what does your server use ?
Blowfish! :) Thanks, this did the job!

I posted earlier (maybe it needs approval), that I changed tun to tap and then I could connect

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: connection problem on a 4G router

Post by Traffic » Sun Jan 10, 2016 1:22 pm

Thanks for letting us know your solution 8-)

Locked