TLS Error in OpenWRT

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Yeyo53
OpenVpn Newbie
Posts: 2
Joined: Tue Oct 20, 2015 1:02 pm

TLS Error in OpenWRT

Post by Yeyo53 » Tue Oct 20, 2015 1:10 pm

Hi there,

I'm trying to run openVPN in a OpenWRT router, I'm out of my country and I need to navigate like I'm in my home, I have follow some tutorials and my head is a mess now, but this are my config files:

Server config:

Code: Select all

config 'openvpn' 'lan'
        option 'enable' '1'
        option 'port' '1194'
        option 'proto' 'udp'
        option 'dev' 'tun'
        option 'ca' '/etc/openvpn/ca.crt'
        option 'cert' '/etc/openvpn/server.crt'
        option 'key' '/etc/openvpn/server.key'
        option 'dh' 'dh1024.pem'
        option 'tls-auth' '/etc/openvpn/ta.key 0'
        option 'ifconfig_pool_persist' '/tmp/ipp.txt'
        option 'keepalive' '10 120'
        option 'comp_lzo' 'no'
        option 'persist_key' '1'
        option 'persist_tun' '1'
        option 'status' '/var/log/openvpn-status.log' 
        option 'verb' '9'
        option 'server' '10.0.0.0 255.255.255.0'
        option 'client_to_client' '1'
        list 'push' 'redirect-gateway def1'
        list 'push' 'dhcp-option DNS 192.168.0.1'
	list 'push' 'route 192.168.0.0 255.255.255.0'
Client config:

Code: Select all

client
dev tun
proto udp
remote myserver 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
comp-lzo
verb 9
And this is the error I'm getting:

Code: Select all

daemon.notice openvpn(lan)[16465]: MULTI: multi_create_instance called
daemon.notice openvpn(lan)[16465]: X.X.X.X:59560 Re-using SSL/TLS context
daemon.notice openvpn(lan)[16465]: X.X.X.X:59560 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
daemon.notice openvpn(lan)[16465]: X.X.X.X:59560 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
daemon.notice openvpn(lan)[16465]: X.X.X.X:59560 UDPv4 READ [42] from X.X.X.X:59560: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f189317b 51b86847 [ 4216079658 4158251462 1871985208 2938466926 2954037248 342 641054208 0 ]
daemon.notice openvpn(lan)[16465]: X.X.X.X:59560 TLS: Initial packet from X.X.X.X:59560, sid=f189317b 51b86847
daemon.err openvpn(lan)[16465]: X.X.X.X:59560 TLS Error: reading acknowledgement record from packet
I have generate my keys like 4 times, changes the directories, modify the config files... I don't know where is it the error.May you could help.

Thanks in advance.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: TLS Error in OpenWRT

Post by Traffic » Thu Oct 22, 2015 11:17 am

Does your client log show any errors ?

Also, from your log files, please post OpenVPN version information.

A quick google finds this:
http://www.f15ijp.com/2010/08/openvpn-t ... om-packet/

Check that you have used the correct ta.key on your client.
Top
Yeyo53
OpenVpn Newbie
Posts: 2
Joined: Tue Oct 20, 2015 1:02 pm

Re: TLS Error in OpenWRT

Post by Yeyo53 » Thu Oct 22, 2015 1:45 pm

Hi, I'm using 'Tunnelblick' for MacOS (https://tunnelblick.net), and its log is:

Code: Select all

2015-10-22 15:40:51 *Tunnelblick: Established communication with OpenVPN
2015-10-22 15:40:51 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2015-10-22 15:40:51 MANAGEMENT: CMD 'pid'
2015-10-22 15:40:51 MANAGEMENT: CMD 'state on'
2015-10-22 15:40:51 MANAGEMENT: CMD 'state'
2015-10-22 15:40:51 MANAGEMENT: CMD 'bytecount 1'
2015-10-22 15:40:51 MANAGEMENT: CMD 'hold release'
2015-10-22 15:40:51 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2015-10-22 15:40:51 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2015-10-22 15:40:51 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
2015-10-22 15:40:51 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-10-22 15:40:51 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2015-10-22 15:40:51 Socket Buffers: R=[196724->65536] S=[9216->65536]
2015-10-22 15:40:51 MANAGEMENT: >STATE:1445521251,RESOLVE,,,
2015-10-22 15:40:51 UDPv4 link local: [undef]
2015-10-22 15:40:51 UDPv4 link remote: [AF_INET]X.X.X.X:1194
2015-10-22 15:40:51 MANAGEMENT: >STATE:1445521251,WAIT,,,
The version of my OpenVPN for OpenWRT version is 2.2.2-2 (also the same for the openvpn-easy-rsa)

I have also checked and changed a lot of times my ta.key thinking of that after googled it, but still the same problem.

Thanks for your help
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: TLS Error in OpenWRT

Post by Traffic » Tue Nov 24, 2015 2:21 pm

For testing, try disabling tls-auth in your server & client.
Top
Post Reply

Return to “Configuration”