You are not logged in.

#1 2016-12-25 17:42:32

arbacle
Member
Registered: 2015-11-16
Posts: 22

[SOLVEDish] OpenVPN client not connecting

Hey!

I have trouble connecting to my OpenVPN server. About two months ago I was able to connect, but now I get an error. It's also not working from the network manager (again it was working previously).

This is what I am getting (at verb 3):

[user@box galaxy]$ openvpn galaxy.ovpn 
Sun Dec 25 19:29:47 2016 OpenVPN 2.3.14 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  7 2016
Sun Dec 25 19:29:47 2016 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
Sun Dec 25 19:29:47 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Dec 25 19:29:47 2016 UDPv4 link local: [undef]
Sun Dec 25 19:29:47 2016 UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:1194
Sun Dec 25 19:29:47 2016 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:1194, sid=01671101 bdce4075
Sun Dec 25 19:30:47 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Dec 25 19:30:47 2016 TLS Error: TLS handshake failed
Sun Dec 25 19:30:47 2016 SIGUSR1[soft,tls-error] received, process restarting
Sun Dec 25 19:30:47 2016 Restart pause, 2 second(s)

This config is copied from my phone, and works fine (my phone connects without issues).

# The hostname/IP and port of the server. You can have multiple remote entries to load balance between the servers.
remote my_host_goes_here 1194
# Specify that we are a client and that we will be pulling certain config file directives from the server.
client
ns-cert-type server
# On most systems, the VPN will not function unless you partially or fully disable the firewall for the TUN/TAP interface.
dev tun0
# Are we connecting to a TCP or UDP server?
proto udp
# Keep trying indefinitely to resolve the host name of the OpenVPN server.  Useful for machines which are not permanently connected to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to a specific local port number.
nobind
# The persist options will try to avoid accessing certain resources on restart that may no longer be accessible because of the privilege downgrade.
persist-key
persist-tun
float
# SSL/TLS parms.
ca ca.crt
cert galaxy.crt
key galaxy.key

I haven't changed anything regarding my network setup (firewalls, etc).

Last edited by arbacle (2016-12-26 15:50:47)

Offline

#2 2016-12-25 19:06:16

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: [SOLVEDish] OpenVPN client not connecting

This

Sun Dec 25 19:30:47 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Dec 25 19:30:47 2016 TLS Error: TLS handshake failed

points to some kind of firewall getting in the way. Make sure you don't have any firewalls or DPS/IDS systems getting in the way.


R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

#3 2016-12-26 12:07:13

arbacle
Member
Registered: 2015-11-16
Posts: 22

Re: [SOLVEDish] OpenVPN client not connecting

It shouldn't be something like that, because I haven't set up any firewalls. I checked to be sure, but iptables is empty.

Things I've checked:
- tun module is loaded
- no difference if I try to connect as root
- iptables are empty

Something that I'm not sure is a hint, but when I start openvpn, while it is trying to connect, ifconfig is not listing the tun0 interface, and the route is not changed.

Offline

#4 2016-12-26 12:43:17

cmdrsweeper
Member
Registered: 2015-09-05
Posts: 12

Re: [SOLVEDish] OpenVPN client not connecting

Well by firewalls there isn't just Firewalls running on your client box or your server box.
Remember you will also have to contend with the routers at both ends, and some behave very very strangely and really cause a mess with OpenVPN packets.
So double check your network topology, if you have an ISP box, it may be worth finding out if it has gotten an update pushed to it and requires some maintenance.

Offline

#5 2016-12-26 13:01:06

arbacle
Member
Registered: 2015-11-16
Posts: 22

Re: [SOLVEDish] OpenVPN client not connecting

The thing is that my phone connects okay (with the same profile). So the issue is with my Arch laptop.

I am currently downloading a live image of a different distro. Will report a bit later.

- EDIT -

After testing on another distro (Debian), it turned out that it's a version issue.

The last working version for me (both in Debian and in Arch) is 2.3.10. The strangest thing is that I'm keeping stuff up to date, so that means that my issues should've started at around May, when 2.3.11 was released, but it was in September.

Anyhow, the issue is kinda solved, so I'll mark it as such. And I'll go ask around in the OpenVPN forum for some insight smile

Last edited by arbacle (2016-12-26 15:50:18)

Offline

Board footer

Powered by FluxBB