You are not logged in.
- Topics: Active | Unanswered
#1 2016-01-01 03:25:15
- rollypolio
- Member
- Registered: 2015-02-01
- Posts: 25
Openvpn - TLS Handshake Fails
I'm in China, and my ExpressVPN is no longer working. I had originally downloaded and built the openvpn package through github, as I was unable to use pacman. (The repositories may be blocked?) I downloaded the server configuration files from the ExpressVPN website and launched the vpn using:
# openvpn --config $PATH_TO_CONFIGAnd that was it. I had a working vpn for a couple of days. Suddenly, however, it stopped working. Here is a stream from the terminal:
$ sudo openvpn --config [$PATH_TO_CONFIG]
[sudo] password for [ME]:
Fri Jan 1 11:09:32 2016 DEPRECATED OPTION: --tls-remote, please update your configuration
Fri Jan 1 11:09:32 2016 OpenVPN 2.3_git [git:master/0e591a2fce325e2b] x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH] [IPv6] built on Dec 28 2015
Fri Jan 1 11:09:32 2016 library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.09
Fri Jan 1 11:09:32 2016 Control Channel Authentication: tls-auth using INLINE static key file
Fri Jan 1 11:09:32 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 1 11:09:32 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jan 1 11:09:32 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]93.46.8.89:1194
Fri Jan 1 11:09:32 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jan 1 11:09:32 2016 UDP link local: (not bound)
Fri Jan 1 11:09:32 2016 UDP link remote: [AF_INET]93.46.8.89:1194
Fri Jan 1 11:10:32 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 1 11:10:32 2016 TLS Error: TLS handshake failed
Fri Jan 1 11:10:32 2016 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 1 11:10:32 2016 Restart pause, 5 second(s)
Fri Jan 1 11:10:37 2016 TCP/UDP: Preserving recently used remote address: [AF_INET]93.46.8.89:1194
Fri Jan 1 11:10:37 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Jan 1 11:10:37 2016 UDP link local: (not bound)
Fri Jan 1 11:10:37 2016 UDP link remote: [AF_INET]93.46.8.89:1194Next, I went on ExpressVPN's website to ask for help. I was told the Great Firewall can penetrate openvpn connections, or some such, and that I should be using PPTP. The clerk pointed me to an ubuntu guide on their website, which was not applicable. I found this guide: https://wiki.archlinux.org/index.php/PPTP_server and followed it exactly. You can assume my configurations are identical. (I did not configure iptables or ufw, as I do not have a firewall.) Unfortunately, therein lies the problem I believe. I can't follow what I am supposed to be doing and am unable to change the configurations for my system. I realize this request to walk me through configuring a vpn is cosmic in scope. Please realize you are talking to a very sad linux user without access to Google, Facebook, Gmail, or Paypal before publicly berating me. I'm not in the least bit concerned about security. I just need unfiltered internet access.
Last edited by rollypolio (2016-01-01 03:26:48)
Offline
#2 2016-01-02 14:43:07
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,489
Re: Openvpn - TLS Handshake Fails
I'm in China, and my ExpressVPN is no longer working. I had originally downloaded and built the openvpn package through github, as I was unable to use pacman. (The repositories may be blocked?)
Without using pacman Arch Linux will be the wrong distro for you. There are *.cn repos (and likely a lot of happy Arch users in China). You should fix this first (/etc/pacman.d/mirrorlist).
Next, I went on ExpressVPN's website to ask for help. I was told the Great Firewall can penetrate openvpn connections, or some such, and that I should be using PPTP.
That's a terrible advice, don't follow it (see the warning in the article you followed). Though to connect your pc to your provider via pptp, you follow the wrong article. If you really want to use PPTP, https://wiki.archlinux.org/index.php/PP … pptpclient should be the one to follow.
More likely cause of your problem (than what the support says) is that the GF either blocks the VPN handshake to complete or your provider is simply overloaded.
While you are at it - something else to update (should not be the cause of your problem):
Fri Jan 1 11:09:32 2016 DEPRECATED OPTION: --tls-remote, please update your configurationOffline