OpenVPN server easy and fast

setup
openvpn

#127

Quick and easy OpenVPN server the Foris web interface.

TLS key negotiation failed

Sat Mar 23 20:36:45 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Mar 23 20:36:45 2019 Need hold release from management interface, waiting…
Sat Mar 23 20:36:45 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Mar 23 20:36:46 2019 MANAGEMENT: CMD ‘state on’
Sat Mar 23 20:36:46 2019 MANAGEMENT: CMD ‘log all on’
Sat Mar 23 20:36:46 2019 MANAGEMENT: CMD ‘echo all on’
Sat Mar 23 20:36:46 2019 MANAGEMENT: CMD ‘bytecount 5’
Sat Mar 23 20:36:46 2019 MANAGEMENT: CMD ‘hold off’
Sat Mar 23 20:36:46 2019 MANAGEMENT: CMD ‘hold release’
Sat Mar 23 20:36:46 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]10.134.194.9:1194
Sat Mar 23 20:36:46 2019 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Mar 23 20:36:46 2019 UDP link local: (not bound)
Sat Mar 23 20:36:46 2019 UDP link remote: [AF_INET]10.134.194.9:1194
Sat Mar 23 20:36:46 2019 MANAGEMENT: >STATE:1553369806,WAIT,
Sat Mar 23 20:37:47 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Mar 23 20:37:47 2019 TLS Error: TLS handshake failed
Sat Mar 23 20:37:47 2019 SIGUSR1[soft,tls-error] received, process restarting
Sat Mar 23 20:37:47 2019 MANAGEMENT: >STATE:1553369867,RECONNECTING,tls-error,
Sat Mar 23 20:37:47 2019 Restart pause, 5 second(s)


#129

Hi,

May I ask you, if you try to generate a new CA and try to connect it to your server? If it doesn’t help, may you uninstall and install OpenVPN on the latest release of Turris OS and try it again?

We would appreciate if you can reach us on tech.support@turris.cz with diagnostics, which you can generate in Foris. I’m sending you the article for Error reporting, which you can find here.


#130

I have the same issue, it was working before, I dont know exactly when, but stopped working.
What package you want us to uninstall and reinstall, the openvpn-openssl (vers.:2.4.6-2)?


#131

I have e-mailed the requested diagnostics to support. Lets hope this gets resolved.

Life without a vpn is getting really tedious. Online banking only at home, more cash in my fysical wallet…


#132

well actually I made some test. that while openvpn seems to be running and listening when checking it locally form the router itself, but I cannot see the port opened from the same subnet from my PC:

router# ps |grep -i vpn
3313 root 3132 S /usr/sbin/openvpn --syslog openvpn(server_turris)

router# netstat -tulpn|grep 1194
udp 0 0 0.0.0.0:1194 0.0.0.0:* 3313/openvpn

pc# telnet 192.168.1.1 1194
Trying 192.168.1.1…
telnet: Unable to connect to remote host: Connection refused

I guess it is not normal or is it? should it only listen from the outside?


#133

This is perfectly fine. It’s blocked by Firewall (VPN has its zone).


#135

… just some notes
If you are running openvpn-server and client on same subnet (or from router it self), you have to a bit change the options on both sides to make it working. You have to make some changes in firewall zone configuration as well. So it is easier to test connection using different isp (mobile phone, after export of user config, just rename it from xxxx.conf to xxxx.ovpn and import it to phone/openvpn app … and connect :slight_smile: …,).

Also just note, TLS is a bit tricky, you have to set “tls-client” in client config only, remove tls related options/values from server config. There is no any ta.key generated by default.
Aside if windows/android client is used for testing connection, having “mssfix 0” , “fragment 0” and “float” options in client config is recommended.


#136

Thank you very much :grinning:


#137

1 month later, no news about my incident report from support. Is this normal?