Hi,
I'm using openvpn 2.4 with --tls_crypt. OpenVPN client gets connected successfully but unfortunately user is not able to access any website.
Following is client config :
client
dev tun
proto tcp
remote <server_ip> 443
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
verb 3
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
------------------------------------------------------------------------------------------------------
Server configuration below :
port 443
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-crypt ta.key
auth SHA512
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4
Any help in how to debug?
--tls_crypt does not work in Dubai
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Apr 30, 2018 12:01 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: --tls_crypt does not work in Dubai
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Apr 30, 2018 12:01 pm
Re: --tls_crypt does not work in Dubai
peer info: IV_GUI_VER="net.tunnelblick.tunnelblick_5011_3.7.5a__build_5011)"
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Peer Connection Initiated with [AF_INET]
PUSH: Received control message: 'PUSH_REQUEST'
'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.30 10.8.0.29,peer-id 0,cipher AES-256-GCM' (status=1)
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Peer Connection Initiated with [AF_INET]
PUSH: Received control message: 'PUSH_REQUEST'
'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.30 10.8.0.29,peer-id 0,cipher AES-256-GCM' (status=1)
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: --tls_crypt does not work in Dubai
--tls-crypt clearly works properly, even in Dubai ..
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Apr 30, 2018 12:01 pm
Re: --tls_crypt does not work in Dubai
Can you please share your configuration details? Also which openvpn client are you using?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: --tls_crypt does not work in Dubai
I asked you to share your log; The tiny snippet you chose to share clearly shows you have a connection.
Therefore, --tls-crypt is working properly .. I presume you are in Dubai ..
Therefore, --tls-crypt is working properly .. I presume you are in Dubai ..
-
- OpenVPN User
- Posts: 39
- Joined: Thu Apr 26, 2018 2:45 pm
Re: --tls_crypt does not work in Dubai
Problems getting out to the Internet are often caused by network set-up and firewalls rather than OpenVPN itself.