Problem connecting to a OpenVPN server

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
GKap
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 19, 2021 12:35 pm

Problem connecting to a OpenVPN server

Post by GKap » Fri Nov 19, 2021 1:02 pm

Hi!

I want to make connections to a GIRA X1 device. This device has an embedded OpenVPN server, there are 2 profiles available:
profile user

remote xxxx.giradns.com 1195
client
dev tun
proto udp
nobind
persist-key
persist-tun
verb 3
resolv-retry 60
remote-cert-tls server
auth-user-pass
comp-lzo
auth-nocache
cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
</key>


Profile installer

remote xxxx.giradns.com 1194
client
dev tap
proto udp
nobind
persist-key
persist-tun
verb 3
resolv-retry 60
remote-cert-tls server
auth-user-pass
comp-lzo
auth-nocache
cipher AES-256-CBC

<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
</key>


I'm able to connect with profile user, the connection works. But there is no connection possible with profile installer! Here is the Log from a connection attempt as installer:
installer Log

2021-11-19 12:16:06 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-11-19 12:16:06 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-11-19 12:16:06 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
2021-11-19 12:16:06 Windows version 6.1 (Windows 7) 64bit
2021-11-19 12:16:06 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-11-19 12:16:06 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2021-11-19 12:16:06 Need hold release from management interface, waiting...
2021-11-19 12:16:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2021-11-19 12:16:07 MANAGEMENT: CMD 'state on'
2021-11-19 12:16:07 MANAGEMENT: CMD 'log all on'
2021-11-19 12:16:07 MANAGEMENT: CMD 'echo all on'
2021-11-19 12:16:07 MANAGEMENT: CMD 'bytecount 5'
2021-11-19 12:16:07 MANAGEMENT: CMD 'hold off'
2021-11-19 12:16:07 MANAGEMENT: CMD 'hold release'
2021-11-19 12:16:09 MANAGEMENT: CMD 'username "Auth" "Administrator"'
2021-11-19 12:16:09 MANAGEMENT: CMD 'password [...]'
2021-11-19 12:16:09 MANAGEMENT: >STATE:1637320569,RESOLVE,,,,,,
2021-11-19 12:16:09 TCP/UDP: Preserving recently used remote address: [AF_INET]46.124.70.14:1194
2021-11-19 12:16:09 Socket Buffers: R=[8192->8192] S=[8192->8192]
2021-11-19 12:16:09 UDP link local: (not bound)
2021-11-19 12:16:09 UDP link remote: [AF_INET]46.124.70.14:1194
2021-11-19 12:16:09 MANAGEMENT: >STATE:1637320569,WAIT,,,,,,
2021-11-19 12:16:09 MANAGEMENT: >STATE:1637320569,AUTH,,,,,,
2021-11-19 12:16:09 TLS: Initial packet from [AF_INET]46.124.70.14:1194, sid=d2db3894 d76f9682
2021-11-19 12:16:09 VERIFY OK: depth=1, CN=GSRVKX02-000ab3297c95 CA
2021-11-19 12:16:09 VERIFY KU OK
2021-11-19 12:16:09 Validating certificate extended key usage
2021-11-19 12:16:09 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-11-19 12:16:09 VERIFY EKU OK
2021-11-19 12:16:09 VERIFY OK: depth=0, CN=GSRVKX02-000ab3297c95 CA
2021-11-19 12:16:09 WARNING: 'dev-type' is used inconsistently, local='dev-type tap', remote='dev-type tun'
2021-11-19 12:16:09 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1590', remote='link-mtu 1542'
2021-11-19 12:16:09 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2021-11-19 12:16:09 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2021-11-19 12:16:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2021-11-19 12:16:09 [GSRVKX02-000ab3297c95 CA] Peer Connection Initiated with [AF_INET]46.124.70.14:1194
2021-11-19 12:16:10 MANAGEMENT: >STATE:1637320570,GET_CONFIG,,,,,,
2021-11-19 12:16:10 SENT CONTROL [GSRVKX02-000ab3297c95 CA]: 'PUSH_REQUEST' (status=1)
2021-11-19 12:16:11 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 10.8.13.1,topology net30,ping 10,ping-restart 60,ifconfig 10.8.13.10 10.8.13.9,peer-id 1,cipher AES-256-GCM'
2021-11-19 12:16:11 OPTIONS IMPORT: timers and/or timeouts modified
2021-11-19 12:16:11 OPTIONS IMPORT: --ifconfig/up options modified
2021-11-19 12:16:11 OPTIONS IMPORT: route options modified
2021-11-19 12:16:11 OPTIONS IMPORT: peer-id set
2021-11-19 12:16:11 OPTIONS IMPORT: adjusting link_mtu to 1657
2021-11-19 12:16:11 OPTIONS IMPORT: data channel crypto options modified
2021-11-19 12:16:11 Data Channel: using negotiated cipher 'AES-256-GCM'
2021-11-19 12:16:11 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-11-19 12:16:11 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-11-19 12:16:11 WARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. (silence this warning with --ifconfig-nowarn)
2021-11-19 12:16:11 interactive service msg_channel=392
2021-11-19 12:16:11 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2021-11-19 12:16:11 OpenVPN ROUTE: failed to parse/resolve route for host/network: 10.8.13.1
2021-11-19 12:16:11 OpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options
2021-11-19 12:16:11 OpenVPN ROUTE: failed to parse/resolve route for host/network: 192.168.1.0
2021-11-19 12:16:11 open_tun
2021-11-19 12:16:11 tap-windows6 device [OpenVPN TAP-Windows6] opened
2021-11-19 12:16:11 TAP-Windows Driver Version 9.24
2021-11-19 12:16:11 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.13.10/10.8.13.9 on interface {F4F6B314-BF80-4A0C-89A3-F1B192491757} [DHCP-serv: 10.8.13.8, lease-time: 31536000]
2021-11-19 12:16:11 Successful ARP Flush on interface [20] {F4F6B314-BF80-4A0C-89A3-F1B192491757}
2021-11-19 12:16:11 MANAGEMENT: >STATE:1637320571,ASSIGN_IP,,10.8.13.10,,,,
2021-11-19 12:16:11 IPv4 MTU set to 1500 on interface 20 using service
2021-11-19 12:16:16 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:16 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:21 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:21 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:22 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:22 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:23 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:23 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:24 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:24 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:25 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:25 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:26 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:26 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:27 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:27 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:28 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:28 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:29 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:29 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:30 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:30 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:31 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:31 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:32 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:32 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:33 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:33 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:34 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:34 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:35 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:35 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:36 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:36 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:37 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:37 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:38 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:38 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:39 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:39 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:40 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:40 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:41 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:41 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:42 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:42 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:43 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:43 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:44 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:44 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:45 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
2021-11-19 12:16:45 Route: Waiting for TUN/TAP interface to come up...
2021-11-19 12:16:46 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
SYSTEM ROUTING TABLE
0.0.0.0 0.0.0.0 192.168.0.200 p=0 i=11 t=4 pr=3 a=1204 h=0 m=10/0/0/0/0
127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
192.168.0.0 255.255.255.0 192.168.0.26 p=0 i=11 t=3 pr=3 a=1204 h=0 m=266/0/0/0/0
192.168.0.26 255.255.255.255 192.168.0.26 p=0 i=11 t=3 pr=3 a=1204 h=0 m=266/0/0/0/0
192.168.0.255 255.255.255.255 192.168.0.26 p=0 i=11 t=3 pr=3 a=1204 h=0 m=266/0/0/0/0
224.0.0.0 240.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
224.0.0.0 240.0.0.0 192.168.0.26 p=0 i=11 t=3 pr=3 a=1207 h=0 m=266/0/0/0/0
224.0.0.0 240.0.0.0 0.0.0.0 p=0 i=20 t=3 pr=3 a=1052 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=3 a=1218 h=0 m=306/0/0/0/0
255.255.255.255 255.255.255.255 192.168.0.26 p=0 i=11 t=3 pr=3 a=1207 h=0 m=266/0/0/0/0
255.255.255.255 255.255.255.255 0.0.0.0 p=0 i=20 t=3 pr=3 a=1052 h=0 m=266/0/0/0/0
SYSTEM ADAPTER LIST
TAP-Windows Adapter V9
Index = 20
GUID = {F4F6B314-BF80-4A0C-89A3-F1B192491757}
IP = 0.0.0.0/0.0.0.0
MAC = 00:ff:f4:f6:b3:14
GATEWAY = 0.0.0.0/255.255.255.255
DHCP SERV = 0.0.0.0/255.255.255.255
DHCP LEASE OBTAINED = 2021-11-19 12:16:46
DHCP LEASE EXPIRES = 2021-11-19 12:16:46
DNS SERV =
Wintun Userspace Tunnel
Index = 19
GUID = {617B47D6-785B-451B-95CC-0D91B49DACF8}
IP = 0.0.0.0/0.0.0.0
MAC =
GATEWAY = 0.0.0.0/255.255.255.255
DNS SERV =
Intel(R) PRO/1000 MT-Netzwerkverbindung
Index = 11
GUID = {1C239BCB-0CBE-4C87-8131-729C451D0DC1}
IP = 192.168.0.26/255.255.255.0
MAC = 00:0c:29:00:00:26
GATEWAY = 192.168.0.200/255.255.255.255
DHCP SERV = 192.168.0.101/255.255.255.255
DHCP LEASE OBTAINED = 2021-11-19 11:56:41
DHCP LEASE EXPIRES = 2021-11-19 15:56:41
PRI WINS = 192.168.0.101/255.255.255.255
SEC WINS =
DNS SERV = 192.168.0.101/255.255.255.255
2021-11-19 12:16:46 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv )
2021-11-19 12:16:46 MANAGEMENT: >STATE:1637320606,CONNECTED,ERROR,10.8.13.10,46.124.70.14,1194,,
[oconf]

I do not understand the Log, are there any hints to solve the problem?

GKap

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem connecting to a OpenVPN server

Post by TinCanTech » Fri Nov 19, 2021 2:33 pm

You cannot use --dev tap until you configure your server correctly. Use the --dev tun profile.

GKap
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 19, 2021 12:35 pm

Re: Problem connecting to a OpenVPN server

Post by GKap » Sat Nov 20, 2021 2:22 pm

"user" and "installer" are predefined profiles, which are downloadable from the GIRA X1 and they should not be edited. There is no way to configure the OpenVPN server in the GIRA X1, it can be only activated or deactivated. (A GIRA X1 is a piece of hardware for building automation, where an OpenVPN server is embedded for remote access.)

Nevertheless I tried def tun for "installer". Connection was possible, but not all services of the GIRA X1 were available. Only the service which is available as "user" was available in this case.
The profile "installer" is intended for programming the GIRA X1 from remote.

GKap

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Problem connecting to a OpenVPN server

Post by TinCanTech » Sat Nov 20, 2021 2:28 pm

Better ask GIRA.

GKap
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 19, 2021 12:35 pm

Re: Problem connecting to a OpenVPN server

Post by GKap » Mon Dec 06, 2021 10:09 am

The problem is solved. It was a typing error in the port forwarding of the firewall - several times checked, but not seen.... Unfortiunaltely the error messages gave no hint where to search the problem!

GKap

Post Reply