Configuration OpenVPN Client

KevinF · Post by **KevinF** » Wed Jul 13, 2011 8:05 am

Hello,

I have installed OpenVPN on my server, and I would like to connect via the OpenVPN client.

From home, it's working fine.

From work, it doesn't work. It seems that TCP is blocked.

I'm trying to connect via TCP on 443 port.

Error message

Tue Jul 12 17:58:44 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jul 12 17:58:44 2011 TCPv4_CLIENT link local: [undef]
Tue Jul 12 17:58:44 2011 TCPv4_CLIENT link remote: xx.xx:443
Tue Jul 12 17:59:45 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jul 12 17:59:45 2011 TLS Error: TLS handshake failed
Tue Jul 12 17:59:45 2011 Fatal TLS error (check_tls_errors_co), restarting
Tue Jul 12 17:59:45 2011 TCP/UDP: Closing socket
Tue Jul 12 17:59:45 2011 SIGUSR1[soft,tls-error] received, process restarting
Tue Jul 12 17:59:45 2011 Restart pause, 5 second(s)
Tue Jul 12 17:59:50 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jul 12 17:59:50 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jul 12 17:59:50 2011 Re-using SSL/TLS context
Tue Jul 12 17:59:50 2011 LZO compression initialized
Tue Jul 12 17:59:50 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Jul 12 17:59:50 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jul 12 17:59:50 2011 Local Options hash (VER=V4): '69109d17'
Tue Jul 12 17:59:50 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Tue Jul 12 17:59:50 2011 Attempting to establish TCP connection with xx.xx:443

Thank you for your help.

Post by **maikcat** » Wed Jul 13, 2011 8:12 am

hi there,

can you post server logs as well?

if you dont see anything logged on your server then
you probably dont reach it..

Michael.

KevinF · Post by **KevinF** » Wed Jul 13, 2011 9:25 am

Here is server logs.

Wed Jul 13 10:50:01 2011 us=84663 MULTI: multi_create_instance called
Wed Jul 13 10:50:01 2011 us=84850 Re-using SSL/TLS context
Wed Jul 13 10:50:01 2011 us=84975 LZO compression initialized
Wed Jul 13 10:50:01 2011 us=85308 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Jul 13 10:50:01 2011 us=85438 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 13 10:50:01 2011 us=85548 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysi$
Wed Jul 13 10:50:01 2011 us=85581 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth $
Wed Jul 13 10:50:01 2011 us=85627 Local Options hash (VER=V4): 'c0103fa8'
Wed Jul 13 10:50:01 2011 us=85659 Expected Remote Options hash (VER=V4): '69109d17'
Wed Jul 13 10:50:01 2011 us=85760 TCP connection established with 82.225.199.227:60178
Wed Jul 13 10:50:01 2011 us=85806 Socket Buffers: R=[131072->131072] S=[131072->131072]
Wed Jul 13 10:50:01 2011 us=85846 TCPv4_SERVER link local: [undef]
Wed Jul 13 10:50:01 2011 us=85888 TCPv4_SERVER link remote: 82.225.199.227:60178
Wed Jul 13 10:50:11 2011 us=750587 93.20.168.124:56773 VERIFY OK: depth=1, /C=FR/ST=Nc/L=Paris/O=Kevinf-studio/CN=Kevinf-studio_CA/emailAddress=sysadmin@kevi$
Wed Jul 13 10:50:11 2011 us=751155 93.20.168.124:56773 VERIFY OK: depth=0, /C=FR/ST=Nc/L=Paris/O=Kevinf-studio/CN=pchl/emailAddress=sysadmin@kevinf-studio.com
Wed Jul 13 10:50:13 2011 us=776782 93.20.168.124:56773 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 13 10:50:13 2011 us=776961 93.20.168.124:56773 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 13 10:50:13 2011 us=777057 93.20.168.124:56773 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 13 10:50:13 2011 us=777095 93.20.168.124:56773 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 13 10:50:14 2011 us=855668 93.20.168.124:56773 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul 13 10:50:14 2011 us=855821 93.20.168.124:56773 [pchl] Peer Connection Initiated with 93.20.168.124:56773
Wed Jul 13 10:50:14 2011 us=856007 pchl/93.20.168.124:56773 MULTI: Learn: 10.18.0.6 -> pchl/93.20.168.124:56773
Wed Jul 13 10:50:14 2011 us=856054 pchl/93.20.168.124:56773 MULTI: primary virtual IP for pchl/93.20.168.124:56773: 10.18.0.6
Wed Jul 13 10:50:16 2011 us=967812 pchl/93.20.168.124:56773 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jul 13 10:50:16 2011 us=968086 pchl/93.20.168.124:56773 SENT CONTROL [pchl]: 'PUSH_REPLY,dhcp-option WINS 10.18.0.1,route 10.18.0.0 255.255.255.0,topolog$
Wed Jul 13 10:51:01 2011 us=504988 82.225.199.227:60178 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 13 10:51:01 2011 us=505134 82.225.199.227:60178 TLS Error: TLS handshake failed
Wed Jul 13 10:51:01 2011 us=505358 82.225.199.227:60178 Fatal TLS error (check_tls_errors_co), restarting
Wed Jul 13 10:51:01 2011 us=505442 82.225.199.227:60178 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Jul 13 10:51:01 2011 us=505552 TCP/UDP: Closing socket

KevinF · Post by **KevinF** » Sat Jul 16, 2011 10:04 am

Any ideas ?

Post by **maikcat** » Sat Jul 16, 2011 4:03 pm

hi there,

i noticed this

Wed Jul 13 10:50:16 2011 us=968086 pchl/93.20.168.124:56773 SENT CONTROL [pchl]: 'PUSH_REPLY,dhcp-option WINS 10.18.0.1,route 10.18.0.0 255.255.255.0,topolog$
Wed Jul 13 10:51:01 2011 us=504988 82.225.199.227:60178 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 13 10:51:01 2011 us=505134 82.225.199.227:60178 TLS Error: TLS handshake failed
Wed Jul 13 10:51:01 2011 us=505358 82.225.199.227:60178 Fatal TLS error (check_tls_errors_co), restarting
Wed Jul 13 10:51:01 2011 us=505442 82.225.199.227:60178 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Jul 13 10:51:01 2011 us=505552 TCP/UDP: Closing socket

is your client changed ip?

can you try adding float directive into your server conf?

Michael.

KevinF · Post by **KevinF** » Mon Jul 18, 2011 12:50 pm

can you try adding float directive into your server conf?

Yes I can, but how ?

Thank you

Post by **maikcat** » Mon Jul 18, 2011 12:58 pm

>Yes I can, but how ?

easy,

add the following line to your server config

float

save and restart the service

Michael.

KevinF · Post by **KevinF** » Mon Jul 18, 2011 3:58 pm

Done, nothing changed.

By the way, this configuration works on a network, but on this one. So I guess it come from the network and not my server.

KevinF · Post by **KevinF** » Tue Jul 19, 2011 5:45 pm

And I think it's related, but TeamViewer isn't working neither, only LAN allowed.

OpenVPN Support Forum

Configuration OpenVPN Client

Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client

Re: Configuration OpenVPN Client