Can no longer connect today? "Connection timeout"

Official client software for OpenVPN Access Server and OpenVPN Cloud.
mangogo
OpenVpn Newbie
Posts: 1
Joined: Wed Jun 01, 2016 1:15 pm

Can no longer connect today? "Connection timeout"

Post by mangogo » Wed Jun 01, 2016 1:21 pm

Anyone else sudeenly experiencing " connection timeout " ?
It was fine until a few hours ago , but now no matter what configurations i try, i get the timeout in the openvpn app.
It started happening after i saw the app reload/refresh (i dont know what you call it.. Like when the app icon has clock like animation for a few seconds ) on my home screen .

DareyoutolaughDareyoutolaugh
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 01, 2016 2:23 pm

Re: Can no longer connect today? "Connection timeout"

Post by DareyoutolaughDareyoutolaugh » Wed Jun 01, 2016 2:28 pm

I also updated my app yesterday only to have my VPN stop working. I am using an OVPN generated by my Asus wireless router. The error I get from my OpenVPN on iOS is:

Client exception in transport_recv_excode: PolarSSL: SSL read error : SSL - Processing of the ServerKeyExchange handshake message failed

blinkingbee
OpenVpn Newbie
Posts: 5
Joined: Wed Jun 01, 2016 2:59 pm

Re: Can no longer connect today? "Connection timeout"

Post by blinkingbee » Wed Jun 01, 2016 3:11 pm

I am getting "OpenVPN error:PolarSSL:error parsing cert certificate:X509 - The data tag or value is invalid"
using OpenVPN Connect v 1.0.7 on iOS and v 1.1.17 on Android.

When reverting to v 1.1.16 in Android all works without error. I am unable to re-install iOS v 1.0.6

This error only presents when using my commercial VPN provider Witopia. I can connect to my own OpenVPN servers without error.

The release notes for iOS v 1.0.7 say "updated MbedTLS (formerly PolarSSL)" so maybe this is where the problem lies.

rhanneken
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 01, 2016 4:59 pm

Re: Can no longer connect today? "Connection timeout"

Post by rhanneken » Wed Jun 01, 2016 5:06 pm

I too am getting connection timeouts with OpenVPN Connect 1.0.7. (I don't see any issues with SSL.) I have another iOS device still running 1.0.5, and it's still able to connect. Both devices are running iOS 9.3.2, and both devices have the same OpenVPN configuration.

rhanneken
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 01, 2016 4:59 pm

Re: Can no longer connect today? "Connection timeout"

Post by rhanneken » Wed Jun 01, 2016 6:05 pm

Just noticed these two items in the release notes for the iOS version of OpenVPN Connect 1.0.7:
  • The OpenVPN Setting "Force AES-CBC ciphersuites" is now off by default. If you experience connection issues with this change, you can easily turn it back on in the Settings App under OpenVPN.
  • Added "Minimum TLS version" setting. If you experience connection issues with this option, try setting it to "Disabled" in the Settings App under OpenVPN.
For me, setting "Force AES-CBC ciphersuites" to on fixed my problem. Those of you with SSL issues might be interested in the second item above.

anthonyc17
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 01, 2016 8:36 pm

Re: Can no longer connect today? "Connection timeout"

Post by anthonyc17 » Wed Jun 01, 2016 8:45 pm

I tried forcing AES-CBC cipher suites on but it still did not work. I then deleted and reinstalled the app and re-imported my configuration. Now if you go to Settings--> OpenVPN, its blank!!!!!! Running iOS 9.3.2. Now not only can I not log in, I no longer have any settings!!! The previous version worked fine. HELP!!!!!!!!!!!!! The previous version worked JUST FINE!!!!!!!!!

anthonyc17
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 01, 2016 8:36 pm

Re: Can no longer connect today? "Connection timeout"

Post by anthonyc17 » Wed Jun 01, 2016 8:58 pm

I just performed a hard reboot on my iPhone and now I have OpenVPN settings, but I still cannot connect (PolarSSL: error parsing cert certificate : X509 - The date tag or value is invalid).

rhanneken
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 01, 2016 4:59 pm

Re: Can no longer connect today? "Connection timeout"

Post by rhanneken » Wed Jun 01, 2016 10:38 pm

anthonyc17 wrote:I just performed a hard reboot on my iPhone and now I have OpenVPN settings, but I still cannot connect (PolarSSL: error parsing cert certificate : X509 - The date tag or value is invalid).
Did you try setting "Minimum TLS version" to "Disabled?"

maschinencode
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 02, 2016 7:56 am

Re: Can no longer connect today? "Connection timeout"

Post by maschinencode » Thu Jun 02, 2016 8:00 am

After upgrading to version 1.0.7 I am also no longer able to log on to my VPN. Server reports the following:

Code: Select all

>LOG:1464852656,,80.187.100.154:13734 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:YYYY, sid=46f01bde 1547da2c
>LOG:1464852657,N,80.187.100.154:13734 TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
>LOG:1464852657,N,80.187.100.154:13734 TLS Error: TLS object -> incoming plaintext read error
>LOG:1464852657,N,80.187.100.154:13734 TLS Error: TLS handshake failed
>LOG:1464852657,,80.187.100.154:13734 SIGUSR1[soft,tls-error] received, client-instance restarting

maschinencode
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 02, 2016 7:56 am

Re: Can no longer connect today? "Connection timeout"

Post by maschinencode » Thu Jun 02, 2016 8:28 am

After adjusting the settings for the VPN Client software to force AES-CBC I am able to connect to the VPN server. But after the connection is established I am not able to access the network, because the server is puking lots of "Authenticate/Decrypt packet error: cipher final failed". I assume this is caused bay the following problem the server indicates:

Code: Select all

>LOG:1464855940,W, ... WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
>LOG:1464855940,W, ... WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

DareyoutolaughDareyoutolaugh
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 01, 2016 2:23 pm

Re: Can no longer connect today? "Connection timeout"

Post by DareyoutolaughDareyoutolaugh » Thu Jun 02, 2016 1:48 pm

Unfortunately, I've tried many combinations of the above settings with absolutely no luck. I'm sure the problem, for me at least is the MbedTLS. And since I'm using an OpenVPN server imbedded in my router, I don't have many options that can be changed server side.

anthonyc17
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 01, 2016 8:36 pm

Re: Can no longer connect today? "Connection timeout"

Post by anthonyc17 » Thu Jun 02, 2016 4:18 pm

rhanneken wrote:
anthonyc17 wrote:I just performed a hard reboot on my iPhone and now I have OpenVPN settings, but I still cannot connect (PolarSSL: error parsing cert certificate : X509 - The date tag or value is invalid).
Did you try setting "Minimum TLS version" to "Disabled?"
Yes. Still does not work.

anthonyc17
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 01, 2016 8:36 pm

Re: Can no longer connect today? "Connection timeout"

Post by anthonyc17 » Thu Jun 02, 2016 4:23 pm

Getting very frustrated!!!!!! Below is a portion of the log:

2016-06-02 11:16:57 ----- OpenVPN Start -----
OpenVPN core 3.0.11 ios arm64 64-bit built on Apr 15 2016 14:13:50
2016-06-02 11:16:57 Frame=512/2048/512 mssfix-ctrl=1250
2016-06-02 11:16:57 EVENT: CORE_ERROR PolarSSL: error parsing cert certificate : X509 - The date tag or value is invalid [ERR]
2016-06-02 11:16:57 Raw stats on disconnect:
2016-06-02 11:16:57 Performance stats on disconnect:
CPU usage (microseconds): 6752
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2016-06-02 11:16:57 EVENT: DISCONNECT_PENDING
2016-06-02 11:16:57 ----- OpenVPN Stop -----

User avatar
jamesyonan
OpenVPN Inc.
Posts: 169
Joined: Thu Jan 24, 2013 12:13 am

Re: Can no longer connect today? "Connection timeout"

Post by jamesyonan » Thu Jun 02, 2016 8:39 pm

anthonyc17 wrote:
rhanneken wrote:
anthonyc17 wrote:I just performed a hard reboot on my iPhone and now I have OpenVPN settings, but I still cannot connect (PolarSSL: error parsing cert certificate : X509 - The date tag or value is invalid).
Did you try setting "Minimum TLS version" to "Disabled?"
Yes. Still does not work.
For those of you having issues with certificates, if you can email a sample of a certificate (preferably the whole certificate chain), we will take a look at it.

email to: ios@openvpn.net

James

User avatar
jamesyonan
OpenVPN Inc.
Posts: 169
Joined: Thu Jan 24, 2013 12:13 am

Re: Can no longer connect today? "Connection timeout"

Post by jamesyonan » Thu Jun 02, 2016 8:44 pm

anthonyc17 wrote:I tried forcing AES-CBC cipher suites on but it still did not work. I then deleted and reinstalled the app and re-imported my configuration. Now if you go to Settings--> OpenVPN, its blank!!!!!! Running iOS 9.3.2. Now not only can I not log in, I no longer have any settings!!! The previous version worked fine. HELP!!!!!!!!!!!!! The previous version worked JUST FINE!!!!!!!!!
The vanishing settings appear to be a known iOS 9 issue:

https://forums.developer.apple.com/thread/9853

Suggested remedy:
The workaround I found is to quit Settings by double-tapping the home button, and then dragging Settings out of the list of apps. The next time you launch Settings, your app's settings ought to show up.
James

anthonyc17
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 01, 2016 8:36 pm

Re: Can no longer connect today? "Connection timeout"

Post by anthonyc17 » Thu Jun 02, 2016 9:37 pm

blinkingbee wrote:I am getting "OpenVPN error:PolarSSL:error parsing cert certificate:X509 - The data tag or value is invalid"
using OpenVPN Connect v 1.0.7 on iOS and v 1.1.17 on Android.

When reverting to v 1.1.16 in Android all works without error. I am unable to re-install iOS v 1.0.6

This error only presents when using my commercial VPN provider Witopia. I can connect to my own OpenVPN servers without error.

The release notes for iOS v 1.0.7 say "updated MbedTLS (formerly PolarSSL)" so maybe this is where the problem lies.
I'm also using Witopia as my VPN provider on iOs 9.3.2.

zippy50
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 03, 2016 4:14 am

Re: Can no longer connect today? "Connection timeout"

Post by zippy50 » Fri Jun 03, 2016 4:26 am

If you're using an ASUS Router and you see this:
Client exception in transport_recv_excode: PolarSSL: SSL read error : SSL - Processing of the ServerKeyExchange handshake message failed

Check your current version of Asus firmware.
I also was seeing this error, and I upgraded to the latest firmware version and OpenVPN 1.0.7 build 199 now works. I think that the older version of SSL on the ASUS router isn't compatible with the current PolarSSL version.
If you haven't upgraded your firmware before:
1) Allocate enough time (like a weekend, etc) to spend in case things wrong.
2) Take some time to REALLY learn how to restore your current firmware version. If you can afford two routers, you can experiment on one of them.
3) Export your current router settings, so you can restore it if needed.
4) Get all the information you need from the internet before starting this, because if this is your only router you won't have a way to access the
internet if things go wrong.
5) Download your current firmware version and platform (windows, mac, etc) utilities to download the firmware to the router from the Router's support site before upgrading.

Good Luck

norihc
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 06, 2016 11:24 am

Re: Can no longer connect today? "Connection timeout"

Post by norihc » Mon Jun 06, 2016 11:25 am

jamesyonan wrote:
anthonyc17 wrote:
rhanneken wrote:
Did you try setting "Minimum TLS version" to "Disabled?"
Yes. Still does not work.
For those of you having issues with certificates, if you can email a sample of a certificate (preferably the whole certificate chain), we will take a look at it.

email to: ios@openvpn.net

James
Is there some news on this issue? We're experiencing this problem as well.

joeonwork
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 07, 2016 2:26 pm

Re: Can no longer connect today? "Connection timeout"

Post by joeonwork » Tue Jun 07, 2016 2:36 pm

We are having the same issue since OpenVPN Client app Update for iOS on 1st of June.

EVENT: CORE_ERROR PolarSSL: error parsing cert certificate : X509 - The date tag ore value is invalid [ERR]

We are using Sophos XG Firewall in combination with Open Vpn client. The same ovpn profile is working well on Windows 7.
The error comes up only on ios, in my case on iOS 9.3.2

Is there any fix or workaround for this ?

anthonyc17
OpenVpn Newbie
Posts: 7
Joined: Wed Jun 01, 2016 8:36 pm

Re: Can no longer connect today? "Connection timeout"

Post by anthonyc17 » Tue Jun 07, 2016 2:57 pm

Folks,
Can we please get a status update on this? It's been several days now and there has been absolutely no feedback whatsoever from the OpenVPN developers on this issue. Can we please get some sort of response????????? Can you revert to the previous version of OpenVPN on Apple's App Store so we can at least function again? This is frustrating!

Post Reply