OpenVPN Support Forum

Posted: **Mon Jan 06, 2014 6:30 pm**

Hello thanks for your great software but I have an issue on Linux, it's a setup with SOCKS that works fine on Windows for me.

A normal connection without socks works fine on Linux too but when i try over TOR, that is, a SOCKS5 proxy it doesn't work.
The initialization sequence completes but after a short period of time this happens:

Mon Jan 6 19:10:09 2014 [redacted] Inactivity timeout (--ping-restart), restarting
Mon Jan 6 19:10:09 2014 TCP/UDP: Closing socket
Mon Jan 6 19:10:09 2014 SIGUSR1[soft,ping-restart] received, process restarting

I've test this on Openvpn 2.2.1-3 on Debian 7 and the latest Ubuntu. Same issue. Is this related to this issue?
https://community.openvpn.net/openvpn/ticket/328

If so, is my only option to wait for a fix and if so is there any ETA? I'll attach some logs.

Thanks for any kind of assistance,

config:

Code: Select all

client
dev tun0
proto tcp
socks-proxy 127.0.0.1 9050
remote vpnsite.something 1194
resolv-retry infinite
nobind

auth-user-pass /etc/openvpn/auth.auth
auth-retry nointeract
ca [inline]

tls-client
tls-auth [inline]
ns-cert-type server

keepalive 10 30
cipher AES-256-CBC
tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH
persist-key
persist-tun
comp-lzo
tun-mtu 1500
mssfix
passtos
verb 3

<ca>
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
REDACTED
-----END OpenVPN Static key V1-----
</tls-auth>

connection log

Code: Select all

Mon Jan  6 18:36:23 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013
Mon Jan  6 18:36:23 2014 WARNING: file '/etc/openvpn/IPredator.auth' is group or others accessible
Mon Jan  6 18:36:23 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jan  6 18:36:23 2014 Control Channel Authentication: tls-auth using INLINE static key file
Mon Jan  6 18:36:23 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan  6 18:36:23 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan  6 18:36:23 2014 LZO compression initialized
Mon Jan  6 18:36:23 2014 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Jan  6 18:36:23 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Mon Jan  6 18:36:23 2014 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jan  6 18:36:23 2014 Local Options hash (VER=V4): 'd6e4d6ac'
Mon Jan  6 18:36:23 2014 Expected Remote Options hash (VER=V4): '308ee575'
Mon Jan  6 18:36:23 2014 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9050 [nonblock]
Mon Jan  6 18:36:23 2014 TCP connection established with [AF_INET]127.0.0.1:9050
Mon Jan  6 18:36:24 2014 TCPv4_CLIENT link local: [undef]
Mon Jan  6 18:36:24 2014 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:9050
Mon Jan  6 18:36:25 2014 TLS: Initial packet from [AF_INET]127.0.0.1:9050, sid=16f42144 2671ec6e
Mon Jan  6 18:36:25 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Jan  6 18:36:27 2014 VERIFY OK: depth=1, /C=REDACTED
Mon Jan  6 18:36:27 2014 VERIFY OK: nsCertType=SERVER
Mon Jan  6 18:36:27 2014 VERIFY OK: depth=0, /C=REDACTED
Mon Jan  6 18:36:29 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jan  6 18:36:29 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan  6 18:36:29 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Jan  6 18:36:29 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan  6 18:36:29 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Jan  6 18:36:29 2014 [pw.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]127.0.0.1:9050
Mon Jan  6 18:36:31 2014 SENT CONTROL [pw.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Mon Jan  6 18:36:32 2014 PUSH: Received control message: 'PUSH_REPLY,route REDACTED.37.130 255.255.255.255 net_gateway,route-gateway REDACTED.37.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS REDACTED.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,auth-retry nointeract,ifconfig REDACTED.37.247 255.255.255.0'
Mon Jan  6 18:36:32 2014 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.2.1)
Mon Jan  6 18:36:32 2014 Options error: option 'auth-retry' cannot be used in this context
Mon Jan  6 18:36:32 2014 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jan  6 18:36:32 2014 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jan  6 18:36:32 2014 OPTIONS IMPORT: route options modified
Mon Jan  6 18:36:32 2014 OPTIONS IMPORT: route-related options modified
Mon Jan  6 18:36:32 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Jan  6 18:36:32 2014 ROUTE default_gateway=192.168.1.1
Mon Jan  6 18:36:32 2014 TUN/TAP device tun0 opened
Mon Jan  6 18:36:32 2014 TUN/TAP TX queue length set to 100
Mon Jan  6 18:36:32 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Jan  6 18:36:32 2014 /sbin/ifconfig tun0 REDACTED.37.247 netmask 255.255.255.0 mtu 1500 broadcast REDACTED.37.255
Mon Jan  6 18:36:32 2014 /sbin/route add -net 127.0.0.1 netmask 255.255.255.255 gw 192.168.1.1
Mon Jan  6 18:36:32 2014 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw REDACTED.37.1
Mon Jan  6 18:36:32 2014 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw REDACTED.37.1
Mon Jan  6 18:36:32 2014 /sbin/route add -net REDACTED.37.130 netmask 255.255.255.255 gw 192.168.1.1
Mon Jan  6 18:36:32 2014 Initialization Sequence Completed

OpenVPN Support Forum

Openvpn on Linux over SOCKS fails

Openvpn on Linux over SOCKS fails