Transport error upon connection

[dynek]

Hello all,

I have a running setup with OpenVPN 2.2.1 on DD-WRT routers. One is acting as server and the other one as client.
I also connect to the VPN using Tunnelblick on OS X.
Of course I know this is not the latest version of OpenVPN but for the moment I don't really have the choice as the DD-WRT version I am using is the most stable one in my situation.

When I connect using my iPhone here's the message I get. Note that I have replaced the IP and hostname.

Code: Select all

2013-05-20 20:32:59 ----- OpenVPN Start -----
2013-05-20 20:32:59 LZO-ASYM init swap=0 asym=0
2013-05-20 20:32:59 EVENT: RESOLVE
2013-05-20 20:33:02 Contacting 0.0.0.0:1194 via TCP
2013-05-20 20:33:02 EVENT: WAIT
2013-05-20 20:33:03 Connecting to host.domain.net:1194 (0.0.0.0) via TCPv4
2013-05-20 20:33:04 EVENT: CONNECTING
2013-05-20 20:33:04 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
2013-05-20 20:33:04 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2013-05-20 20:33:05 TCP recv EOF
2013-05-20 20:33:05 Transport Error: Transport error on 'host.domain.net: NETWORK_EOF_ERROR
2013-05-20 20:33:05 Client terminated, restarting in 2...
2013-05-20 20:33:07 EVENT: RECONNECTING
2013-05-20 20:33:07 LZO-ASYM init swap=0 asym=0
2013-05-20 20:33:07 EVENT: RESOLVE
2013-05-20 20:33:07 Contacting 0.0.0.0:1194 via TCP
2013-05-20 20:33:07 EVENT: WAIT
2013-05-20 20:33:07 Connecting to host.domain.net:1194 (0.0.0.0) via TCPv4
2013-05-20 20:33:07 EVENT: CONNECTING
2013-05-20 20:33:07 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
2013-05-20 20:33:07 Peer Info:
IV_VER=1.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

The config file on server:

Code: Select all

dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
keepalive 10 120
verb 4
mute 5
log-append /var/log/openvpn
writepid /var/log/openvpnd.pid
management 127.0.0.1 5002
management-log-cache 50
mtu-disc yes
topology subnet
client-config-dir /tmp/openvpn/ccd
script-security 2
port 1194
proto tcp-server
cipher aes-256-cbc
auth sha256
tls-server
ifconfig-pool-persist /tmp/openvpn/ip-pool 86400
comp-lzo yes
tls-cipher AES256-SHA
tcp-nodelay
server 10.10.0.0 255.255.255.0
dev tun0
passtos
route 10.5.0.0 255.255.255.0
push "route 10.0.0.0 255.255.255.0"
push "route 10.5.0.0 255.255.255.0"

The config file I created for the iPhone:

Code: Select all

proto tcp-client
dev tun
tls-client
remote host.domain.net 1194
pull
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert p_iphone.crt
key p_iphone.key
comp-lzo
verb 3
cipher aes-256-cbc
auth sha256
tls-cipher AES256-SHA

I couldn't find anything relevant on Google except one message that said 2.2.1 version contains a bug causing this issue but I am not sure it was applicable in my case and as updating DD-WRT is not a solution I would consider today I wanted to know if somebody would have an idea.

Thank you!

[dynek]

Hello,

After all these weeks/months I am still having the same issue.

Anyone has an idea ?

Thank you

[dynek]

Tue Dec 10 22:04:08 2013 us=550620 <IP>:16710 TLS: Initial packet from <IP>:16710, sid=f7a1a439 2ab1eae7
Tue Dec 10 22:04:08 2013 us=669848 <IP>:16710 TLS_ERROR: BIO read tls_read_plaintext error: error:1408A0C1:lib(20):func(138):reason(193)
Tue Dec 10 22:04:08 2013 us=669994 <IP>:16710 TLS Error: TLS object -> incoming plaintext read error
Tue Dec 10 22:04:08 2013 us=670072 <IP>:16710 TLS Error: TLS handshake failed
Tue Dec 10 22:04:08 2013 us=670543 <IP>:16710 Fatal TLS error (check_tls_errors_co), restarting
Tue Dec 10 22:04:08 2013 us=670709 <IP>:16710 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Dec 10 22:04:08 2013 us=670978 TCP/UDP: Closing socket

The other parameters set server-side I can check how to modify them but I'd guess DD-WRT will modify them on the fly.
Will give it a shot though.

Thank you for the hints, appreciated!