--tls_crypt does not work in Dubai

[pooja.jain9203]

Hi,

I'm using openvpn 2.4 with --tls_crypt. OpenVPN client gets connected successfully but unfortunately user is not able to access any website.

Following is client config :

client
dev tun
proto tcp
remote <server_ip> 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
auth SHA512

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>

------------------------------------------------------------------------------------------------------
Server configuration below :

port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-crypt ta.key
auth SHA512
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4


Any help in how to debug?

[TinCanTech]

Any help in how to debug?

How about your log files ..

Please see:
HOWTO: Request Help ! {2}

[pooja.jain9203]

peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5011_3.7.5a__build_5011)"
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Peer Connection Initiated with [AF_INET]
PUSH: Received control message: 'PUSH_REQUEST'
'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.30 10.8.0.29,peer-id 0,cipher AES-256-GCM' (status=1)
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)

[TinCanTech]

--tls-crypt clearly works properly, even in Dubai ..

[pooja.jain9203]

Can you please share your configuration details? Also which openvpn client are you using?

[TinCanTech]

I asked you to share your log; The tiny snippet you chose to share clearly shows you have a connection.

Therefore, --tls-crypt is working properly .. I presume you are in Dubai ..

[bbuckm]

Problems getting out to the Internet are often caused by network set-up and firewalls rather than OpenVPN itself.