Use OpenVPN behind a server give me error

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Mitro
OpenVpn Newbie
Posts: 1
Joined: Fri Nov 27, 2015 8:26 am

Use OpenVPN behind a server give me error

Post by Mitro » Fri Nov 27, 2015 8:46 am

Goodmorning all, I'm a newbie of VPN and as soon as I found OpenVPN I thought it was the right choice. Well, almost everything works.
I configured my Raspberry Pi with OpenVPN using ssh from remote (because my home is quite far from where I live now). I connect to internet either by phone hotspot or by company network.
Everything is ok when I use hotspot, while if I'm behind my company network I get this error:

Code: Select all

Fri Nov 27 08:33:08 2015 Control Channel Authentication: tls-auth using INLINE static key file
Fri Nov 27 08:33:08 2015 UDPv4 link local: [undef]
Fri Nov 27 08:33:08 2015 UDPv4 link remote: [AF_INET]2.237.31.192:443
Fri Nov 27 08:34:08 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Nov 27 08:34:08 2015 TLS Error: TLS handshake failed
Fri Nov 27 08:34:08 2015 SIGUSR1[soft,tls-error] received, process restarting
I tried both UDP and TCP connection. I have to use port 443 since the ones that are open are 80,443,8080.

I use a Mac and this is his configuration:

Code: Select all

client 
dev tun 
proto tcp
remote RASPBERRY_PUBLIC_IP 443
resolv-retry infinite 
nobind 
persist-key 
persist-tun 
mute-replay-warnings 
ns-cert-type server
key-direction 1 
cipher AES-128-CBC 
comp-lzo 
verb 1 
mute 20 
ca /Users/Mitro/ca.crt #change this
cert /Users/Mitro/xxx.crt #change this
key /Users/Mitro/xxx.key #change this

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

</tls-auth>
while on Raspberry the server conf is

Code: Select all

dev tun
proto tcp
port 443
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Raspberry256.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Raspberry256.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you kept 1024, change it to dh1024.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.1.65 255.255.255.0" # Enter PI LAN PI
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.1.254" 
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
What could be the problem?
Top
Post Reply

Return to “Installation Help”