[Solved] VPN - PPTP + OpenVPN not working

ewigkeit · 2010-05-07 07:27:59

Hi everyone,

I've got a problem with the configuration of my new VPN. Everytime I try to connect to my commercial VPN-Server (to get access to BBC, Hulu etc.), I get the error

# openvpn test.conf

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May  7 08:58:13 2010 us=944286 TLS Error: TLS handshake failed
Fri May  7 08:58:13 2010 us=944416 TCP/UDP: Closing socket

Something similar is happening if I use PPTP with kvpnc

debug: Preserving network environment
debug: pppd: /usr/sbin/pppd
debug: Loading of module "ip_gre" was successful.
error: Unable to start proc (getting IP address from interface).
debug: pppd peer script: /etc/ppp/peers/kvpnc.blackVPN_UK_PPTP 
debug: pppd: /usr/sbin/pppd 
debug: Trying to connect to server "pptp.blackVPN.co.uk" with user "b5278540"... 
debug: Setting DNS_UPDATE "NO".
debug: "pppd" started.
info: Connection has been terminated.
debug: There is a reason to stop connecting, terminating "pppd" process.
debug: Disconnect requested
debug: Disconnect requested, status connecting
debug: Killing process while connecting. 
success: Successful connect try canceled.
debug: Disconnected.

OpenVPN client.conf (mostly from the Arch-Wiki)

client
dev tap
proto udp
remote openvpn.blackVPN.co.uk 1194
resolv-retry infinite
nobind
persist-tun
comp-lzo
verb 5
auth-user-pass passwd
ca ca.crt

What really kills me is, that both options (OpenVPN + PPTP) work under a parallel installed Windows Vista (PPTP) / and a Windows 7 virtual machine under virtualbox running as guest in my Arch system (installed OpenVPN). So I can eliminate any problems with my router and the server. I figured, that I might be missing some configuration options for my static IP-configuration, but even going back to DHCP doesn't take me any further. The problem remains.

I hope someone might have a clue for me. I'd really appreciate it.

Thx in advance,

Ronnie

Last edited by ewigkeit (2010-05-07 13:04:52)

Andrwe · 2010-05-07 08:56:40

Please try to add 'tls-client' to your client.conf:

client
tls-client
dev tap
proto udp
remote openvpn.blackVPN.co.uk 1194
resolv-retry infinite
nobind
persist-tun
comp-lzo
verb 5
auth-user-pass passwd
ca ca.crt

ewigkeit · 2010-05-07 11:25:56

Thx for the tip, but the problem remains.

In the meantime, I think, I made some progress with PPTP instead. I checked the wiki, configured pptp with pptpsetup and got it working, I guess. In some way. The only problem is, that I might be connected over ppp0, but all my traffic is still going the wrong way, because my (outside) IP is still the same (which I check with http://www.wieistmeineip.de/). I think, I'm missing something here, sorry, network stuff always gives me headaches and I don't see the obvious :

pon blackvpn_uk

Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
Warning - secret file /etc/ppp/chap-secrets has world and/or group access
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
Cannot determine ethernet address for proxy ARP
local  IP address 172.16.8.18
remote IP address 172.16.8.1

ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:172.16.8.18  P-t-P:172.16.8.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:60 (60.0 b)  TX bytes:66 (66.0 b)

route

83.170.117.117  fritz.box       255.255.255.255 UGH   0      0        0 wlan0
172.16.8.1      *               255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     *               255.255.255.0   U     0      0        0 wlan0
default         fritz.box       0.0.0.0         UG    0      0        0 wlan0

Andrwe · 2010-05-07 12:29:09

What is the result after adding tls-client?

Which subnet do you want to reach using pptp?
Because there is only one route using your ppp0 device and that is the route to your remote site of the tunnel.

ewigkeit · 2010-05-07 13:04:23

After adding the line tls-client, the error mentioned in my first post still occured (negotioation / handshake failed).

After a little playing around, I got it working.

Working conf for openVPN:

client
dev tun
fast-io
persist-key
persist-tun
nobind
remote vpn.blackvpn.co.uk 1194
pull
comp-lzo
tls-client
tls-remote server
ns-cert-type server
tls-auth ta.key 1
ca ca.crt
cipher AES-256-CBC
verb 3
auth-user-pass passwd

I guess changing from tap to tun and the pull command make the difference. I tried that yesterday with kvpnc but it failed me. Now it works from the konsole. Maybe I play another round with kvpnc, but for now, I'm glad it works.

Arch Linux

#1 2010-05-07 07:27:59

[Solved] VPN - PPTP + OpenVPN not working

#2 2010-05-07 08:56:40

Re: [Solved] VPN - PPTP + OpenVPN not working

#3 2010-05-07 11:25:56

Re: [Solved] VPN - PPTP + OpenVPN not working

#4 2010-05-07 12:29:09

Re: [Solved] VPN - PPTP + OpenVPN not working

#5 2010-05-07 13:04:23

Re: [Solved] VPN - PPTP + OpenVPN not working

Board footer