You are not logged in.
Hi everyone,
I've got a problem with the configuration of my new VPN. Everytime I try to connect to my commercial VPN-Server (to get access to BBC, Hulu etc.), I get the error
# openvpn test.conf
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 7 08:58:13 2010 us=944286 TLS Error: TLS handshake failed
Fri May 7 08:58:13 2010 us=944416 TCP/UDP: Closing socket
Something similar is happening if I use PPTP with kvpnc
debug: Preserving network environment
debug: pppd: /usr/sbin/pppd
debug: Loading of module "ip_gre" was successful.
error: Unable to start proc (getting IP address from interface).
debug: pppd peer script: /etc/ppp/peers/kvpnc.blackVPN_UK_PPTP
debug: pppd: /usr/sbin/pppd
debug: Trying to connect to server "pptp.blackVPN.co.uk" with user "b5278540"...
debug: Setting DNS_UPDATE "NO".
debug: "pppd" started.
info: Connection has been terminated.
debug: There is a reason to stop connecting, terminating "pppd" process.
debug: Disconnect requested
debug: Disconnect requested, status connecting
debug: Killing process while connecting.
success: Successful connect try canceled.
debug: Disconnected.
OpenVPN client.conf (mostly from the Arch-Wiki)
client
dev tap
proto udp
remote openvpn.blackVPN.co.uk 1194
resolv-retry infinite
nobind
persist-tun
comp-lzo
verb 5
auth-user-pass passwd
ca ca.crt
What really kills me is, that both options (OpenVPN + PPTP) work under a parallel installed Windows Vista (PPTP) / and a Windows 7 virtual machine under virtualbox running as guest in my Arch system (installed OpenVPN). So I can eliminate any problems with my router and the server. I figured, that I might be missing some configuration options for my static IP-configuration, but even going back to DHCP doesn't take me any further. The problem remains.
I hope someone might have a clue for me. I'd really appreciate it.
Thx in advance,
Ronnie
Last edited by ewigkeit (2010-05-07 13:04:52)
Offline
Please try to add 'tls-client' to your client.conf:
client
tls-client
dev tap
proto udp
remote openvpn.blackVPN.co.uk 1194
resolv-retry infinite
nobind
persist-tun
comp-lzo
verb 5
auth-user-pass passwd
ca ca.crt
Website: andrwe.org
Repository: repo.andrwe.org/<archtiecture>
Offline
Thx for the tip, but the problem remains.
In the meantime, I think, I made some progress with PPTP instead. I checked the wiki, configured pptp with pptpsetup and got it working, I guess. In some way. The only problem is, that I might be connected over ppp0, but all my traffic is still going the wrong way, because my (outside) IP is still the same (which I check with http://www.wieistmeineip.de/). I think, I'm missing something here, sorry, network stuff always gives me headaches and I don't see the obvious :
pon blackvpn_uk
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
Warning - secret file /etc/ppp/chap-secrets has world and/or group access
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
Cannot determine ethernet address for proxy ARP
local IP address 172.16.8.18
remote IP address 172.16.8.1
ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:172.16.8.18 P-t-P:172.16.8.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:60 (60.0 b) TX bytes:66 (66.0 b)
route
83.170.117.117 fritz.box 255.255.255.255 UGH 0 0 0 wlan0
172.16.8.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0
default fritz.box 0.0.0.0 UG 0 0 0 wlan0
Offline
What is the result after adding tls-client?
Which subnet do you want to reach using pptp?
Because there is only one route using your ppp0 device and that is the route to your remote site of the tunnel.
Website: andrwe.org
Repository: repo.andrwe.org/<archtiecture>
Offline
After adding the line tls-client, the error mentioned in my first post still occured (negotioation / handshake failed).
After a little playing around, I got it working.
Working conf for openVPN:
client
dev tun
fast-io
persist-key
persist-tun
nobind
remote vpn.blackvpn.co.uk 1194
pull
comp-lzo
tls-client
tls-remote server
ns-cert-type server
tls-auth ta.key 1
ca ca.crt
cipher AES-256-CBC
verb 3
auth-user-pass passwd
I guess changing from tap to tun and the pull command make the difference. I tried that yesterday with kvpnc but it failed me. Now it works from the konsole. Maybe I play another round with kvpnc, but for now, I'm glad it works.
Offline