Page 1 of 1
Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Tue Apr 19, 2022 9:01 pm
by nicozica
Hi! I've been running HestiaCP (a hosting panel) on a local Debian 10 virtual machine that is exposed to the internet using an OpenVPN server that runs on an Amazon Lightsail instance.
The other day I changed my ISP and they gave me new router which I configured using the exact same static IP for the Debian virtual machine.
My issue here is that I can't make the tunnel connection to work properly again. For some reason I get the following message when trying to retrieve the public IP from the OpenVPN server:
curl: (6) Could not resolve host: ifconfig.me
I tried connecting using the same client.ovpn file from my Windows machine and everything went fine.
Then I reinstalled the OpenVPN client on the virtual machine and since the autoconnect feature is gone, I got this info from the connection attempt which might be useful for you guys to help me troubleshoot:
Code: Select all
unable to resolve host server.blurfm.com: Temporary failure in name resolution
Tue Apr 19 17:48:58 2022 Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client/client.ovpn:19: block-outside-dns (2.4.7)
Tue Apr 19 17:48:58 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Apr 19 17:48:58 2022 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Tue Apr 19 17:48:58 2022 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Apr 19 17:48:58 2022 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Apr 19 17:48:58 2022 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Apr 19 17:48:58 2022 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Apr 19 17:48:58 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]34.231.47.189:1194
Tue Apr 19 17:48:58 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Apr 19 17:48:58 2022 UDP link local: (not bound)
Tue Apr 19 17:48:58 2022 UDP link remote: [AF_INET]34.231.47.189:1194
Tue Apr 19 17:49:58 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Apr 19 17:49:58 2022 TLS Error: TLS handshake failed
Tue Apr 19 17:49:58 2022 SIGUSR1[soft,tls-error] received, process restarting
Tue Apr 19 17:49:58 2022 Restart pause, 5 second(s)
Tue Apr 19 17:50:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]34.231.47.189:1194
Tue Apr 19 17:50:03 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Apr 19 17:50:03 2022 UDP link local: (not bound)
Tue Apr 19 17:50:03 2022 UDP link remote: [AF_INET]34.231.47.189:1194
Thanks in advance!
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Tue Apr 19, 2022 10:48 pm
by TinCanTech
Fix your DNS ..
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Wed Apr 20, 2022 12:49 am
by nicozica
Thanks Tin, I've done this back on quarantine after a lot of trial and error. I assume I must fix this on the HestiaCP panel. Will give it a try and let you know how it goes.
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Wed Apr 20, 2022 12:20 pm
by nicozica
Hi guys, I've tried connecting from a fresh install of Debian 11 and I get the following similar message:
Code: Select all
2022-04-20 09:12:35 Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client/client.ovpn:19: block-outside-dns (2.5.1)
2022-04-20 09:12:35 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2022-04-20 09:12:35 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2022-04-20 09:12:35 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-04-20 09:12:35 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-04-20 09:12:35 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-04-20 09:12:35 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-04-20 09:12:35 TCP/UDP: Preserving recently used remote address: [AF_INET]34.231.47.189:1194
2022-04-20 09:12:35 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-04-20 09:12:35 UDP link local: (not bound)
2022-04-20 09:12:35 UDP link remote: [AF_INET]34.231.47.189:1194
2022-04-20 09:13:35 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-04-20 09:13:35 TLS Error: TLS handshake failed
2022-04-20 09:13:35 SIGUSR1[soft,tls-error] received, process restarting
2022-04-20 09:13:35 Restart pause, 5 second(s)
Is there any configuration I should be running on the modem/router of my ISP or the virtual machine itself? As I said before, the same VPN tunnel works on Windows 10 and it used to work on Debian before changing my Internet provider.
Any help will be really appreaciated
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Wed Apr 20, 2022 12:22 pm
by TinCanTech
Now the problem is different.
viewtopic.php?t=22603
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Wed Apr 20, 2022 10:06 pm
by nicozica
Thanks Tin, will do my best to cope with the procedure. I wasn't able to pull some of the info as a I'm an enthusiast who mostly does everything "by instruction"
Server
Operating system:
Code: Select all
Linux ip-172-26-3-219 4.19.0-20-cloud-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000
link/ether 12:7e:0f:d8:7e:b5 brd ff:ff:ff:ff:ff:ff
inet 172.26.3.219/20 brd 172.26.15.255 scope global dynamic eth0
valid_lft 3352sec preferred_lft 3352sec
inet6 fe80::107e:fff:fed8:7eb5/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::17b2:1175:b623:a75d/64 scope link stable-privacy
valid_lft forever preferred_lft forever
Code: Select all
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
Code: Select all
OpenVPN CLIENT LIST
Updated,Wed Apr 20 21:35:58 2022
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,1
END
Code: Select all
Linux debian 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:7a:dd:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.50/24 brd 192.168.1.255 scope global dynamic enp0s3
valid_lft 28367sec preferred_lft 28367sec
inet6 2802:8010:1101:f301:a00:27ff:fe7a:dda8/64 scope global dynamic mngtmpaddr
valid_lft 86379sec preferred_lft 86379sec
inet6 fe80::a00:27ff:fe7a:dda8/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
client
proto udp
explicit-exit-notify
remote **.***.**.*** 1194 #public IP of the tunnel
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_Km5ObPaCPNHc79u1 name
auth SHA256
auth-nocache
cipher AES-256-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
The message from the failed connection attempt:
Code: Select all
2022-04-20 09:12:35 Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client/client.ovpn:19: block-outside-dns (2.5.1)
2022-04-20 09:12:35 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2022-04-20 09:12:35 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
2022-04-20 09:12:35 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-04-20 09:12:35 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-04-20 09:12:35 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-04-20 09:12:35 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-04-20 09:12:35 TCP/UDP: Preserving recently used remote address: [AF_INET]34.231.47.189:1194
2022-04-20 09:12:35 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-04-20 09:12:35 UDP link local: (not bound)
2022-04-20 09:12:35 UDP link remote: [AF_INET]34.231.47.189:1194
2022-04-20 09:13:35 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-04-20 09:13:35 TLS Error: TLS handshake failed
2022-04-20 09:13:35 SIGUSR1[soft,tls-error] received, process restarting
2022-04-20 09:13:35 Restart pause, 5 second(s)
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Wed Apr 20, 2022 10:42 pm
by TinCanTech
Guess what is missing from your post above ?
Re: Virtual Machine won't connect to OpenVPN server after changing ISP/modem
Posted: Wed Apr 20, 2022 10:47 pm
by nicozica
The Client log? Do you know where I could find it on Debian 10/11? I've searched and there are a couple of places, not sure exactly which is the useful one. I've searched at folder /var/log/openvpn/ and it was empty. Thanks in advance!