Re: [Openvpn-users] (no subject)
On 9 Oct 2013, at 20:15 , Krishna Murthy wrote: Hi isp wraping openvpn data How to fix this How to fix an ISP? Use a better one. --maarten signature.asc Description: Message signed with OpenPGP using GPGMail -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] OpenVPN with auth-user-pass disconnects after 1hr
Hi, Michael Ludvig wrote: Hi we use OpenVPN 2.3.2 without client certificate and with auth-user-pass instead. What we observe is that the connection always drops pretty much exactly after 1 hour, regardless of whether any traffic flows through or not. It's perfectly reproducible - I've just set up a test server and test client (both Windows and Linux) and it behaves the same. 1 hour and it drops: can you try adding reneg-sec 120 to both sides and reconnect - if the connection is now dropped after 2 minutes then it's the renegotation that is failing; if not, it's something else. Based on that info we can investigate further. also, is 2.3.2 used on both sides? HTH, JJK _Client:__ _Tue Oct 8 23:07:04 2013 OpenVPN 2.3.2 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on May 31 2013 Enter Auth Username:vpn1 Enter Auth Password: Tue Oct 8 23:08:37 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. [...] Tue Oct 8 23:08:40 2013 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2001:...::1001/64 2001:...::1,tun-ipv6,route-gateway 172.31.173.129,topology subnet,ping 10,ping-restart 60,ifconfig 172.31.173.131 255.255.255.128' Tue Oct 8 23:08:40 2013 OPTIONS IMPORT: timers and/or timeouts modified Tue Oct 8 23:08:40 2013 OPTIONS IMPORT: --ifconfig/up options modified Tue Oct 8 23:08:40 2013 OPTIONS IMPORT: route-related options modified [...] Tue Oct 8 23:08:40 2013 Initialization Sequence Completed Wed Oct 9 00:08:38 2013 TLS: soft reset sec=0 bytes=38258/0 pkts=718/0 Enter Auth Username:^C _Server:__ _Oct 8 23:08:38 localhost openvpn[3194]: :::172.31.172.123 [vpn1] Peer Connection Initiated with [AF_INET6]:::172.31.172.123:43346 Oct 8 23:08:38 localhost openvpn[3194]: vpn1/:::172.31.172.123 MULTI_sva: pool returned IPv4=172.31.173.131, IPv6=2001:...::1001 Oct 8 23:08:40 localhost openvpn[3194]: vpn1/:::172.31.172.123 send_push_reply(): safe_cap=940 Oct 9 00:09:38 localhost openvpn[3194]: vpn1/:::172.31.172.123 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Oct 9 00:09:38 localhost openvpn[3194]: vpn1/:::172.31.172.123 TLS Error: TLS handshake failed Oct 9 00:10:38 localhost openvpn[3194]: vpn1/:::172.31.172.123 [UNDEF] Inactivity timeout (--ping-restart), restarting Why is it happening? There is no firewall in between the hosts, nothing on the network level that should cause it. _The server config is here:__ _lport 1194 proto udp6 dev tunTrUDP tun-ipv6 status /var/log/openvpn-status.log server 172.31.173.128 255.255.255.128 server-ipv6 2001:...::/64 client-cert-not-required username-as-common-name plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn float keepalive 10 60 topology subnet key /etc/openvpn/trimslice.pem cert /etc/openvpn/trimslice.pem ca /etc/openvpn/logixCA.pem dh /etc/openvpn/dh2048.pem _The client config is here:_ remote 172.31.172.125 1194 dev tunTrimslice tun-ipv6 pull ping-exit 60 auth-nocache auth-user-pass auth-retry none ca /etc/openvpn/logix-ca.pem verb 3 client float nobind In the prod setup we use a one-time-password hence the auth-nocache and auth-retry none directives. But for the test OTP is not needed, this connection drop after 1 hour happens just as well with system username and password. Any idea why is it happening? Especially with OTP it's very annoying. -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] (no subject)
hi wrapping connection TLSv1 SSLv2 how to fix this problem pls help me my isp provider is AIRTEL WRAPPING MY ALL OPENVPN CONNECTION YOUR FREEDOM Pls see below Oct 10, 2013 11:15:35 PM 0: rc port initialized Oct 10, 2013 11:16:53 PM 0: Will use server m.airtellive.com and connection type https/ssl (port 443) Oct 10, 2013 11:16:53 PM 0: Tweaks: none Oct 10, 2013 11:16:54 PM 3: Connection to host m.airtellive.com failed, proxy denied connection: 594 Cannot connect to m.airtellive.com port 443, reason: connect exception Oct 10, 2013 11:17:12 PM 1: STOP, reason: stop button pressed Oct 10, 2013 11:17:12 PM 1: stopping connection Oct 10, 2013 11:17:12 PM 0: connection stopped Oct 10, 2013 11:17:15 PM 0: Will use server m.airtellive.com and connection type https/ssl (port 443) Oct 10, 2013 11:17:15 PM 0: Tweaks: none Oct 10, 2013 11:17:16 PM 3: Connection to host m.airtellive.com failed, proxy denied connection: 594 Cannot connect to m.airtellive.com port 443, reason: connect exception Oct 10, 2013 11:17:25 PM 1: STOP, reason: stop button pressed Oct 10, 2013 11:17:25 PM 1: stopping connection Oct 10, 2013 11:17:25 PM 0: connection stopped Oct 10, 2013 11:17:52 PM 0: Will use server m.airtellive.com and connection type https/ssl (port 443) Oct 10, 2013 11:17:52 PM 0: Tweaks: none Oct 10, 2013 11:17:55 PM 1: wrapping connection in TLSv1 Oct 10, 2013 11:18:06 PM 0: SSL initial handshake completed Oct 10, 2013 11:18:07 PM 1: auth: sc*** *d2w+ Oct 10, 2013 11:18:07 PM 0: sending authentication as user sc*** Oct 10, 2013 11:18:07 PM 0: sending parameter: min_buffersize 1500 Oct 10, 2013 11:18:07 PM 0: sending min_buffersize=1500 Oct 10, 2013 11:18:07 PM 1: Server version: 20131003-01 Oct 10, 2013 11:18:07 PM 1: Received server identity: ems12.your-freedom.de:83.170.105.240 Oct 10, 2013 11:18:08 PM 0: notification: AUTH_OK Oct 10, 2013 11:18:08 PM 1: generating new TX key Oct 10, 2013 11:18:08 PM 0: --- Profile FreeFreedom bw_uplink 65536 bw_downlink 65536 bind_permitted true relay_permitted true openvpn_permitted true fairqueue true numports0 streams 15 streams_pending 50 streams_per_sec 20 ports none dst_acl permit any all --- Oct 10, 2013 11:18:08 PM 0: received profile information Oct 10, 2013 11:18:08 PM 1: starting ports Oct 10, 2013 11:18:18 PM 1: Current RTT: 188 ms Oct 10, 2013 11:23:09 PM 1: generating new TX key Oct 10, 2013 11:23:39 PM 1: STOP, reason: stop button pressed Oct 10, 2013 11:23:39 PM 1: stopping all ports Oct 10, 2013 11:23:39 PM 1: stopping connection Oct 10, 2013 11:23:40 PM 0: can't read from server connection 1 Oct 10, 2013 11:23:40 PM 0: connection stopped Oct 10, 2013 11:24:42 PM 0: Will use server m.airtellive.com and connection type https/ssl (port 443) Oct 10, 2013 11:24:42 PM 0: Tweaks: none Oct 10, 2013 11:24:42 PM 1: wrapping connection in TLSv1 Oct 10, 2013 11:24:53 PM 0: SSL initial handshake completed Oct 10, 2013 11:24:53 PM 1: auth: sc*** Oct 10, 2013 11:24:53 PM 0: sending authentication as user sc*** Oct 10, 2013 11:24:53 PM 0: sending parameter: min_buffersize 1500 Oct 10, 2013 11:24:53 PM 0: sending min_buffersize=1500 Oct 10, 2013 11:24:53 PM 1: Server version: 20131003-01 Oct 10, 2013 11:24:53 PM 1: Received server identity: ems12.your-freedom.de:83.170.105.240 Oct 10, 2013 11:24:53 PM 0: notification: AUTH_OK Oct 10, 2013 11:24:53 PM 1: generating new TX key Oct 10, 2013 11:24:53 PM 0: --- Profile FreeFreedom Oct 10, 2013 11:27:03 PM 0: received profile information Oct 10, 2013 11:28:29 PM 1: STOP, reason: stop button pressed Oct 10, 2013 11:28:29 PM 1: stopping all ports Oct 10, 2013 11:28:29 PM 1: stopping connection Oct 10, 2013 11:28:30 PM 0: can't read from server connection 1 Oct 10, 2013 11:28:30 PM 0: connection stopped Oct 10, 2013 11:28:44 PM 0: Will use server m.airtellive.com and connection type https/ssl (port 443) Oct 10, 2013 11:28:44 PM 0: Tweaks: none Oct 10, 2013 11:28:46 PM 1: wrapping connection in TLSv1 Oct 10, 2013 11:29:10 PM 4: SSLHandshakeException, maybe try other SSL protocol type Oct 10, 2013 11:29:17 PM 1: wrapping connection in TLSv1 Oct 10, 2013 11:29:22 PM 1: STOP, reason: stop button pressed Oct 10, 2013 11:29:22 PM 1: stopping connection Oct 10, 2013 11:29:37 PM 4: SSLHandshakeException, maybe try other SSL protocol type Oct 10, 2013 11:29:37 PM 0: connection stopped Oct 10, 2013 11:29:51 PM 0: Will use server m.airtellive.com and connection type https/ssl (port 443) Oct 10, 2013 11:29:51 PM 0: Tweaks: none Oct 10, 2013 11:29:52 PM 4: need to look up name in DNS and you have disabled it, cannot connect Oct 10, 2013 11:29:52 PM 0: could not bring up link (errcode=0), will try again in 5000 milliseconds Oct 10, 2013 11:29:57 PM 4: need to look up name in DNS and you have disabled it, cannot connect Oct 10, 2013 11:29:57 PM 0: could not bring up link (errcode=0), will try again in 5000 milliseconds Oct 10, 2013 11:30:02 PM 4: need to look
[Openvpn-users] (no subject)
Hi Tlsv1 wrapping isp How to Fix thanks -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
[Openvpn-users] (no subject)
Hi Tlsv1 wrapping isp How Fix thanks -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60134071iu=/4140/ostg.clktrk ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users