Server poll timeout, please help

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
asvet
OpenVpn Newbie
Posts: 5
Joined: Sat Dec 04, 2021 11:20 am

Server poll timeout, please help

Post by asvet » Sat Dec 04, 2021 11:32 am

Hi all,

I configured OpenVPN 2.4 the the server (Linux, standart port, UDP),
configured client on Windows computer (works well),
but cannot connect from my Android mobile phone.

Log:

Code: Select all

10:32:58.255 -- OpenVPN core 3.git::662eae9a:Release android arm64 64-bit PT_PROXY

10:32:58.255 -- Frame=512/2048/512 mssfix-ctrl=1250

10:32:58.256 -- UNUSED OPTIONS
8 [tls-cipher] [TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-1...] 
11 [resolv-retry] [infinite] 
12 [auth-retry] [none] 
13 [nobind] 
14 [persist-key] 
15 [persist-tun] 
18 [verb] [3] 
19 [tls-client] 

10:32:58.257 -- EVENT: RESOLVE

10:32:58.265 -- Contacting <IP removed>:1194 via UDP

10:32:58.266 -- EVENT: WAIT

10:32:58.268 -- Connecting to [my-server]:1194 (<IP removed>) via UDPv4

10:33:08.257 -- Server poll timeout, trying next remote entry...

10:33:08.258 -- EVENT: RECONNECTING
config file:

Code: Select all

client
dev tun
proto udp
remote my-server 1194
ca ca.crt
cert andrey-phone.crt
key andrey-phone.key
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
remote-cert-tls server
comp-lzo
tls-auth pfs.key
Same configuratins was work well on old version of OpenVPN Connect on my old phone.
Connecting from same network as computer, which connected succcessfully.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server poll timeout, please help

Post by TinCanTech » Sat Dec 04, 2021 2:23 pm

asvet wrote:
Sat Dec 04, 2021 11:32 am
Connecting from same network as computer, which connected succcessfully
You mean from the same network as the server ?

asvet
OpenVpn Newbie
Posts: 5
Joined: Sat Dec 04, 2021 11:20 am

Re: Server poll timeout, please help

Post by asvet » Sat Dec 04, 2021 6:47 pm

TinCanTech wrote:
Sat Dec 04, 2021 2:23 pm
asvet wrote:
Sat Dec 04, 2021 11:32 am
Connecting from same network as computer, which connected succcessfully
You mean from the same network as the server ?
Thank you for you reply.
I mean phone in the same network as windows PC which successfully connected to OpenVPN. So no problems with routers, firewalls, etc. between mobile phone and OpenVPN server.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Server poll timeout, please help

Post by TinCanTech » Sat Dec 04, 2021 7:48 pm

See your server log for errors.

asvet
OpenVpn Newbie
Posts: 5
Joined: Sat Dec 04, 2021 11:20 am

Re: Server poll timeout, please help

Post by asvet » Sat Dec 04, 2021 8:03 pm

TinCanTech wrote:
Sat Dec 04, 2021 7:48 pm
See your server log for errors.
I can't find the log in /var/log.

server.conf:

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-crypt /etc/openvpn/pfs.key 0
cipher AES-256-CBC
auth SHA512
max-clients 3
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
openvpn-status.log:

Code: Select all

TITLE,OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 21 2021
TIME,Sat Dec  4 20:00:43 2021,1638648043
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
GLOBAL_STATS,Max bcast/mcast queue length,0
END

asvet
OpenVpn Newbie
Posts: 5
Joined: Sat Dec 04, 2021 11:20 am

Re: Server poll timeout, please help

Post by asvet » Sat Dec 04, 2021 8:18 pm

asvet wrote:
Sat Dec 04, 2021 8:03 pm
TinCanTech wrote:
Sat Dec 04, 2021 7:48 pm
See your server log for errors.
Server log.

Code: Select all

Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal systemd[1]: Starting OpenVPN service for server...
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: OpenVPN 2.4.11 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal systemd[1]: Started OpenVPN service for server.
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Diffie-Hellman initialized with 2048 bit key
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: ROUTE_GATEWAY 172.31.16.1/255.255.240.0 IFACE=eth0 HWADDR=06:64:98:78:6b:d8
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: TUN/TAP device tun0 opened
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: TUN/TAP TX queue length set to 100
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: /sbin/ip link set dev tun0 up mtu 1500
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: /sbin/ip addr add dev tun0 local 10.8.0.1 peer 10.8.0.2
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: UDPv4 link local (bound): [AF_INET][undef]:1194
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: UDPv4 link remote: [AF_UNSPEC]
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: GID set to nobody
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: UID set to nobody
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: MULTI: multi_init called, r=256 v=256
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: IFCONFIG POOL LIST
Dec 04 07:40:46 ip-xxx.us-east-2.compute.internal openvpn[22042]: Initialization Sequence Completed
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 TLS: Initial packet from [AF_INET]<ip removed>:64465, sid=c07a37eb 7d4ff2d7
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 VERIFY OK: depth=1, CN=Easy-RSA CA
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 VERIFY OK: depth=0, CN=andrey-laptop
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_VER=2.4.8
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_PLAT=win
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_PROTO=2
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_NCP=2
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_LZ4=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_LZ4v2=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_LZO=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_COMP_STUB=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_COMP_STUBv2=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_TCPNL=1
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 peer info: IV_GUI_VER=OpenVPN_GUI_11
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: <ip removed>:64465 [andrey-laptop] Peer Connection Initiated with [AF_INET]<ip removed>:64465
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 MULTI: Learn: 10.8.0.6 -> andrey-laptop/<ip removed>:64465
Dec 04 08:07:42 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 MULTI: primary virtual IP for andrey-laptop/<ip removed>:64465: 10.8.0.6
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 PUSH: Received control message: 'PUSH_REQUEST'
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 SENT CONTROL [andrey-laptop]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dh
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 04 08:07:43 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 04 08:12:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 [andrey-laptop] Inactivity timeout (--ping-restart), restarting
Dec 04 08:12:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-laptop/<ip removed>:64465 SIGUSR1[soft,ping-restart] received, client-instance restarting
...
*** connection from mobile started ***
Dec 04 20:34:02 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:02 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:03 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:03 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:04 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:05 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:05 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:06 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:06 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:07 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:07 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:08 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:08 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:09 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:09 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:10 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:10 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:11 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:11 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33030
Dec 04 20:34:12 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:12 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:13 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:13 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:14 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:14 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:15 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:15 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:16 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:16 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:17 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:17 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:18 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:18 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:19 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:19 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:20 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:20 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:21 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:21 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:52518
Dec 04 20:34:22 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:22 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33484
Dec 04 20:34:23 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:23 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33484
Dec 04 20:34:24 ip-xxx.us-east-2.compute.internal openvpn[22042]: tls-crypt unwrap error: packet authentication failed
Dec 04 20:34:24 ip-xxx.us-east-2.compute.internal openvpn[22042]: TLS Error: tls-crypt unwrapping failed from [AF_INET]<ip removed>:33484
Thank you, I found issue: tls-crypt on the server and tls-auth on the client
changed last line in mobile .ovpn to tls-crypt pfs.key 1
connected, but no internet
In server log:

Code: Select all

Dec 04 20:43:28 ip-xxx.us-east-2.compute.internal openvpn[22042]: andrey-phone/<ip removed>:47019 IP packet with unknown IP version=15 seen

asvet
OpenVpn Newbie
Posts: 5
Joined: Sat Dec 04, 2021 11:20 am

Re: Server poll timeout, please help

Post by asvet » Sat Dec 04, 2021 8:59 pm

Removed

Code: Select all

comp-lzo
Everything is working! Thank you a lot!

Post Reply