You are not logged in.
- Topics: Active | Unanswered
#1 2024-08-18 17:07:44
- derFelix244
- Member
- Registered: 2024-08-18
- Posts: 2
Openvpn repeatedly restarting: Openvpn connection reset[0], restarting
Hi, I have exactly the same issue as listed in another topic, BUT hear me out: The provided solution is no longer working because the fallback cipher is no longer supported.
Does anyone have an idea how I can make this work? Funny enough, it is working perfectly fine on windows - so config and server are indeed working.
I'll post the client config in this post, I can post the server config in a later post or edit.
Client config:
Note: Pktriot is a port forwarding service capable of https and tcp. I use this because I can't get a public address. So no, the ports aren't mismatched between server and client, they are mapped on the server.
client
dev tun
proto tcp
remote [address].pktriot.net 22376
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
ignore-unknown-option block-outside-dns
verb 3
cipher AES-256-GCM
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
...
-----END OpenVPN Static key V1-----
</tls-crypt>Server config:
local 192.168.178.101
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "block-outside-dns"
keepalive 10 120
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
cipher AES-256-GCM
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHAEdits: First post, never used BBCode and added the server conf
Last Edit: paste the full server config this time with cipher and tls-cipher lines added -> solved the issue. Also added the lines to the client config.
Last edited by derFelix244 (2024-08-19 20:53:18)
Offline
#2 2024-08-19 07:33:19
- -thc
- Member
- Registered: 2017-03-15
- Posts: 639
Re: Openvpn repeatedly restarting: Openvpn connection reset[0], restarting
The server config is incomplete (ca,cert,protocol,port...).
Since you can provide the server config - can you change it?
The client config contains no obvious hiccups - a log snippet from journalctl containing the openvpn errors may illuminate the cause(s).
Offline
#3 2024-08-19 20:49:57
- derFelix244
- Member
- Registered: 2024-08-18
- Posts: 2
Re: Openvpn repeatedly restarting: Openvpn connection reset[0], restarting
Yes, I can change it, it is my own server.
Thank you for pointing that out. I am on the wiki right now and updating the server config.
What I also noticed: It looks like I didn't copy the config properly and the first few lines (of course with cert etc.) are missing from the first post.
I'll edit the initial post with the right config with the cipher added.
I tested it and everything is working properly now.
The culprit was the missing cipher and tls-cipher lines.
Last thing to do is writing a small script.
Thank you very much.
Offline