OpenVPN + PrivateInternetAccessVpn TLS ERROR:

robby · 2016-11-22 07:24:47

Here is the guide I am following. https://wiki.archlinux.org/index.php/Pr … Access_VPN
Here is the error I recieve.

[rob@archpc ~]$ sudo openvpn --config /etc/openvpn/'US New York City.ovpn'
Tue Nov 22 02:07:44 2016 OpenVPN 2.3.13 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov  3 2016
Tue Nov 22 02:07:44 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Enter Auth Username: ******** 
Enter Auth Password: **********
Tue Nov 22 02:08:05 2016 UDPv4 link local: [undef]
Tue Nov 22 02:08:05 2016 UDPv4 link remote: [AF_INET]209.95.50.22:1198
Tue Nov 22 02:09:05 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Nov 22 02:09:05 2016 TLS Error: TLS handshake failed
Tue Nov 22 02:09:05 2016 SIGUSR1[soft,tls-error] received, process restarting

Here is a link to a gist of this output https://gist.github.com/robbyjj/f284403 … cbdfe258d5

I looked up the specific error which led me to this OpenVPN page https://openvpn.net/index.php/open-sour … ivity.html

I understand the causes of the problem I am getting. Does anyone have some suggestions on how I could start figuring out what the cause in my particular case is? I don't know if everything in that OpenVPN page applies to me.

jasonwryan · 2016-11-22 07:35:15

Make sure 1194 is NAT'ed on your router (assuming you aren't running a firewall on your local machine): https://portforward.com/help/portforwarding.htm

# edit: that shouldn't be necessary. Have you tried another endpoint? Do you get the same error?

robby · 2016-11-22 14:34:42

jasonwryan wrote:

Make sure 1194 is NAT'ed on your router (assuming you aren't running a firewall on your local machine): https://portforward.com/help/portforwarding.htm
# edit: that shouldn't be necessary. Have you tried another endpoint? Do you get the same error?

Hi, thanks for the quick response. I am at a college so I don't have any way to port foward. Is there a way to check what ports are open and closed? Also, yes all servers I connect to give the same error.

Last edited by robby (2016-11-22 14:38:40)

jasonwryan · 2016-11-22 15:18:36

Your college may be blocking that port.

R00KIE · 2016-11-22 15:27:42

jasonwryan wrote:

Your college may be blocking that port.

I might add that it is possible that all udp ports might be blocked/filtered to curb torrent usage. The only way to be sure would be to have access to a machine outside or the openvpn server logs.

Or you could ask your school's IT department why your vpn isn't working.

robby · 2016-11-22 15:36:27

R00KIE wrote:

jasonwryan wrote:
Your college may be blocking that port.
I might add that it is possible that all udp ports might be blocked/filtered to curb torrent usage. The only way to be sure would be to have access to a machine outside or the openvpn server logs.
Or you could ask your school's IT department why your vpn isn't working.

My school doesn't offer help with Linux, or VPN's. How can I check if My college is blocking a specific port? Also, I just tried to set up PIA on my windows desktop on the same network and it worked fine.

R00KIE · 2016-11-22 16:17:14

robby wrote:

Also, I just tried to set up PIA on my windows desktop on the same network and it worked fine.

If it is exactly the same network, then this points to a configuration problem, either with openvpn or any firewall you may have configured in your linux box.

robby · 2016-11-22 16:50:21

R00KIE wrote:

robby wrote:
Also, I just tried to set up PIA on my windows desktop on the same network and it worked fine.
If it is exactly the same network, then this points to a configuration problem, either with openvpn or any firewall you may have configured in your linux box.

Alright well that sounds like good news to me. But I haven't set up any firewall to my knowledge unless some settings come default with network manager or arch linux in general. How can I check my current firewall configuration?

R00KIE · 2016-11-22 21:57:34

With Arch Linux if you didn't set it up then you have none, but you should know this, how did you install Arch?

robby · 2016-11-23 01:17:25

R00KIE wrote:

With Arch Linux if you didn't set it up then you have none, but you should know this, how did you install Arch?

Well that's what I assumed. I didn't install one, so I don't have one. That being said, until I think of some other way to test what ports are open. My answer must be in between these pages.

https://wiki.archlinux.org/index.php/OpenVPN
https://wiki.archlinux.org/index.php/Pr … Access_VPN

Also, this is what I used to install Arch Linux. https://wiki.archlinux.org/index.php/Installation_guide

robby · 2016-11-28 16:06:02

Still unable to find why my VPN is unable to connect on Linux. I was thinking of changing the OpenVPN port and trying again. Does anyone have some suggestions for a port I could use?

robby · 2016-12-02 14:39:35

Had no success changing the port. IS there anywhere I could go for more help on the subject?

robby · 2016-12-12 06:06:02

Still no success. Bumping for help, or any information where I could go for help.

jasonwryan · 2016-12-12 06:11:08

Paste your config.

robby · 2016-12-12 14:14:23

jasonwryan wrote:

Paste your config.

client
dev tun
proto udp
remote us-east.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass /etc/private-internet-access/login.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
auth-nocache
script-security 2
up /etc/openvpn/update-resolv-conf.sh
down /etc/openvpn/update-resolv-conf.sh

jasonwryan · 2016-12-12 15:25:30

Remove the authentication options that don't ship with PIA's config to test.

robby · 2016-12-12 16:56:07

jasonwryan wrote:

Remove the authentication options that don't ship with PIA's config to test.

That config did ship with PIA
I have ran extensive tests hopefully this will help.

Config: https://www.privateinternetaccess.com/o … ip-tcp.zip

client
dev tun
proto tcp
remote 108.61.122.158 443
resolv-retry infinite
nobind
persist-key
persist-tun
cipher bf-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem
ca ca.crt
disable-occ

Output:

sudo openvpn France.ovpn
Mon Dec 12 11:50:59 2016 OpenVPN 2.3.14 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  7 2016
Mon Dec 12 11:50:59 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Enter Auth Username: ********
Enter Auth Password: **********
Mon Dec 12 11:51:15 2016 Attempting to establish TCP connection with [AF_INET]108.61.122.158:443 [nonblock]
Mon Dec 12 11:51:16 2016 TCP connection established with [AF_INET]108.61.122.158:443
Mon Dec 12 11:51:16 2016 TCPv4_CLIENT link local: [undef]
Mon Dec 12 11:51:16 2016 TCPv4_CLIENT link remote: [AF_INET]108.61.122.158:443
Mon Dec 12 11:51:16 2016 Connection reset, restarting [-1]
Mon Dec 12 11:51:16 2016 SIGUSR1[soft,connection-reset] received, process restarting
Mon Dec 12 11:51:21 2016 Attempting to establish TCP connection with [AF_INET]108.61.122.158:443 [nonblock]
Mon Dec 12 11:51:22 2016 TCP connection established with [AF_INET]108.61.122.158:443
Mon Dec 12 11:51:22 2016 TCPv4_CLIENT link local: [undef]
Mon Dec 12 11:51:22 2016 TCPv4_CLIENT link remote: [AF_INET]108.61.122.158:443
Mon Dec 12 11:51:22 2016 Connection reset, restarting [-1]
Mon Dec 12 11:51:22 2016 SIGUSR1[soft,connection-reset] received, process restarting
Mon Dec 12 11:51:27 2016 Attempting to establish TCP connection with [AF_INET]108.61.122.158:443 [nonblock]
Mon Dec 12 11:51:28 2016 TCP connection established with [AF_INET]108.61.122.158:443
Mon Dec 12 11:51:28 2016 TCPv4_CLIENT link local: [undef]

It seems like when I use settings for TCP, I get a different output. (compared the output I posted in post #1.) Not sure what any of this means or what I can learn from this.

robby · 2016-12-26 04:37:04

bump

adamlau · 2016-12-26 06:37:32

Use their secure config which supports aes-256-cbc.

Arch Linux

#1 2016-11-22 07:24:47

OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#2 2016-11-22 07:35:15

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#3 2016-11-22 14:34:42

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#4 2016-11-22 15:18:36

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#5 2016-11-22 15:27:42

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#6 2016-11-22 15:36:27

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#7 2016-11-22 16:17:14

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#8 2016-11-22 16:50:21

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#9 2016-11-22 21:57:34

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#10 2016-11-23 01:17:25

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#11 2016-11-28 16:06:02

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#12 2016-12-02 14:39:35

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#13 2016-12-12 06:06:02

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#14 2016-12-12 06:11:08

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#15 2016-12-12 14:14:23

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#16 2016-12-12 15:25:30

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#17 2016-12-12 16:56:07

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#18 2016-12-26 04:37:04

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

#19 2016-12-26 06:37:32

Re: OpenVPN + PrivateInternetAccessVpn TLS ERROR:

Board footer