Ubuntu Networking :: OpenVPN Woes - TLS Handshake Fails To Complete Within 60 Seconds?
Oct 19, 2010
I have OpenVPN set up on my server at home to allow me into my home network when I'm away from home. When I set it up, I tested it using my friend's wifi so I know it works on a local geographic scale.Now I'm away from home, the TLS handshake fails to complete within 60 seconds. I assume it's timing out, as I can tracepath to the server on port 1194 successfully.From reading the OpenVPN documentation, I thought that adding "tls-timeout=120" to the client's config file would double the time allowed,but the handshake still fails with the same error message:
Code:
Tue Oct 19 10:45:17 2010 us=930956 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Oct 19 10:45:17 2010 us=931012 TLS Error: TLS handshake failed
Why is the option not being read correctly from the file - does it need to be in the server's config file also?
i have installed nagios in centos 64 bit. but i get this error CHECK_NRPE: Error - Could not complete SSL handshake. i have totally 10 hostgroup definitions. but i'm getting error for only 3 hostgroup definitions other 7 are working fine.
I know there are hundreds of similar questions about suspend on Ubuntu, but none of the fixes they use work for me. This bug is the only thing that stops me from using Ubuntu - I put computer to sleep (suspend to ram) and after resume I have no network. The only way to get network back is to restart.
Looking at the logs, it seems that NetworkManager starts, finds the device and then fails to complete DHCP transaction. I don't know what causes the problem, probably this line: "via-rhine: Reset not complete yet. Trying harder." Does anyone know possible reason for this? Here is the log:
Quote: Feb 7 14:30:21 tulskiy-desktop NetworkManager: <info> Activation (eth0) starting connection 'Auto eth0' Feb 7 14:30:21 tulskiy-desktop NetworkManager: <info> (eth0): device state change: 3 -> 4 (reason 0) Feb 7 14:30:21 tulskiy-desktop NetworkManager: <info> Activation (eth0) Stage 1 of 5 (Device Prepare) scheduled... Feb 7 14:30:21 tulskiy-desktop NetworkManager: <info> Activation (eth0) Stage 1 of
I have openvpn server configured with bridged interface on my openwrt router. The client is running ubuntu 9.10 with config:
Client dev tap proto udp remote x.x.x.x 1194 resolv-retry infinite nobind persist-key persist-tun ca /home/blwegrzyn/openvpn/ca.crt cert /home/blwegrzyn/openvpn/client1.crt key /home/blwegrzyn/openvpn/client1.key comp-lzo verb 5 (x.x.x.x was hidden)
When the client connects the log says: WRRRWRSat Jan 9 20:16:03 2010 us=332404 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway,dhcp-option DNS 192.168.1.241,route-gateway 192.168.1.254,ping 10,ping-restart 120' ..... Sat Jan 9 20:16:03 2010 us=343906 ERROR: Linux route add command failed: external program exited with error status: 7
The server is trying to push default gateway 192.168.1.254 to the client and the client is on 192.168.2.0 network as you can see the route addition fails with SIOCADDRT: No such process. This is because the tap interface does not have any ip and the route addition is not possible. The tap interface is not getting the dhcp address through the tunnel, not sure why (this works on XP). To fix the problem I must manually add the ip to the tap interface, and the default gateway, but then i must add dhcp server to resolv.conf to make it work and once I disconnect the computer does not know the old valid dhcp anymore and cannot communicate. Why openvpn cannot get the ip automatically? Why it cannot grab the dhcp from the tunnel? Is it related to the wireless card being managed by the network manager? This works perfect on windows machine (xp sp3).
i have some problems with configuring openvpn tunnel connection to my openvpn server. I'm using static-key tcp connection. Network manager always said to me that connection could not be established. Also, when i try to run openvpn from terminal, i got some strange permissions problem:
Code:
openvpn --config config.ovpn Mon Apr 5 15:48:37 2010 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009 Mon Apr 5 15:48:37 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Mon Apr 5 15:48:37 2010 /usr/sbin/openvpn-vulnkey -q moj.key
I'm having a problem with Subversion. When I try an "svn up" it gives me this error message: SSL handshake failed: Secure connection truncated I'm running Ubuntu 10/4 but I also had this problem with 9/10. Does anyone know what this error message means? It appears to be an SSL problem but it's not clear to me what exactly the problem is. I do not have this problem with svn on my other office computer, nor my home computer. FYI, I'm running subversion on the Regina project.
The full error message is this: Code: svn up svn: OPTIONS of '[URL]': SSL handshake failed: Secure connection truncated [URL]. Although I don't think there's anything specific to Regina about this svn problem, as I mentioned, I can "svn up" from home, or from my other office computer.
so i have installed compiz 9 and it didn't quite work for me, then i have reverted to compiz 8 and things where fine, but after a while my desktop started slowing down for no apparent reason, so i decided to install the nVIDIA drivers from the manufacturer's site, good, i typed in:
Code: sudo /etc/init.d/gdm stop and then i installed the drivers with the sh command, stuff went right, but i could not
I've configured an openvpn server on a wrt54g using dd-wrt firmware. I can connect from the command line...at least it appears to connect, but I am unable to access any resources. Trying to use networkmanager's openvpn client fails every time. Everything I find googling relates to Ubuntu, so just for kicks I booted into my Ubuntu partition for the first time in months....and the wireless lan disappeared when I restarted network manager, which is why I don't use Ubuntu in the first place, so much for the "easier distros". I'm assuming there are people successfully connecting to openvpn servers from Slack. I could definitely use a pointer.
Installed clean new 11.2-32 bit. Followed the restricted formats post. Kaffeine, vlc, and Mplayer present a blue screen with sound or shutdown immediately. Recommended diagnostic steps as follows:-
linux-yeq6:/home/ingrid # LC_ALL=C zypper ve Retrieving repository 'Updates for openSUSE 11.2-0' metadata [done] Building repository 'Updates for openSUSE 11.2-0' cache [done] Loading repository data... Reading installed packages... Dependencies of all installed packages are satisfied. code....
i recently purchased a new custom-built computer and thought i would give ubuntu a shot (read: i'm a linux noob). i'm running 11.04. anyway, i can't get my pci wireless card to work. i downloaded the rt3562 driver from ralink's site, followed the directions in this tutorial url?t=1608095 and i keep getting an error message when i try to do "sudo make":
I have downloaded the Wheezy DVD 1 and started the istallation process. The installation time is strangely very short in respect to the Squeeze release, anyway
The GRUB installation step fails. I terminated the installation without a bootloader and rebooted from DVD with the rescue boot option.
Now I asked for a console to try to manually install the bootloader but the following command:
# grub-install /dev/sda1 [where sda1 is my root partition]
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File dev tun 0 ifconfig 192.168.0.1 192.168.0.2 cd /etc/openvpn secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
I'm trying to connect to a webdav server with very poor luck. My preference would be to mount it to my file system, but simply connecting with Cadaver would be fine too.
I've tried:
Code: mparks@mparks:~$ sudo mount -t davfs https://<host>:<port>/<path> /media/webdrives/<mount-dir> [sudo] password for mparks: Please enter the username to authenticate with server
I am having a problem with my Revo 3610 which is connected to my TV via HDMI.
For some reason it will not do the HDMI handshake with the TV, so my TV does not think that there is anything in the HDMIport.
I have tested the TV and it works fine with my laptop and DVD player.
It does work sometimes, but this time it's failed for two days in a row. I've tried rebooting and turning the TV off and on, but nothing helps.
I can trick the TV to listen to the HDMI by connecting with my laptop and then changing the HDMI back to my revo; this results in the image going through nicely but there is a big fat "Check signal cable." message on the screen.
I have also tried changing the resolution in the revo but this does not help either.
I need to trust a new Verisign Root cert, I have uploaded it to the /etc/ssl/certs store but I am still getting the Handshake failure error when WorldPay call back to my site..
Quote:
I believe I still need to create a sym link? So I followed this article but I get an error..
I have been trying to set up openVPN on a Virtual Machine running Ubuntu 10.04 with the eventual intention of having a closed VPN in the workspace I'm at, and a bridged internet connection out through the server.My initial process/instinct was to go through Webmin. After a fair bit of tooling around making eys/certificates, I was able to get a response (and that's all it was, really) from my windows machine accessing the VPN server. However, in my attempt to bridge the network, I have lost all internet/networking capabilities from the server.Fortunately I am able to access the server directly from the hardware underneath (i.e. I don't need to SSH in or anything), and so I've been attempting to restore the server's networking back to default. I have returned the /etc/network/interfaces file to it's original state (just the loop, and an eth0 on dhcp) and restarted the networking. A check with ifconfig returns what seems to be a working eth0, and the loop (noting else) however I am unable to ping any outside server. When I do, I am given the message:From XXX.XXX.XXX.XXX icmp_seq=1 Destination Host Unreachable(where of course XXX is my IP address).nother VM on the server is able to access the internet just fine, so it's not the overall server hardware...I guess at this point I'm just trying to take steps back,
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com (20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received. (20:27:14) oscar: unable to connect to FLAP server of type 0x0002 (20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
I have access to a VPN I use when having confidential instant messaging sessions. For the purposes of my work, essentially.I'm a command line kind of guy, and like to use Finch (the shell version of Pidgin) for those.However, when I turn on my OpenVPN connection it routes all traffic through the VPN. Web-browsing, IMing, and I can no longer access other machines on my home network.Can I set OpenVPN to only route traffic I ask through that connection (either by port number or application, or some way I haven't thought of), while other traffic flows through my usual home network?Some kind of local proxy perhaps? Or a dd-wrt box set up as a proxy, connected to OpenVPN?I've played around with the GUI environment too (I have a basic GUI I sometimes use on my main machine) and have installed the full desktop 10.10 on a second machine just to see if I can work it out.
I am running Fedora 8. Each time I run a YUM command, I get the message that there are unfinished transactions, and to run yum-complete-transaction. Upon running yum-complete-transaction, it fails with this error. How can I remove this uncompleted transaction so I can finish the last one?
We use Openvpn for remote access to the office network. It would be nice to keep this running and automatically connect to the office at all times.Once started, it does this anyway. The problem lies when the user comes into the office. Openvpn connects as usual to the vpn gateway, but this causes weird routing loops.Is there a way to say to Openvpn "Always connect to the gateway unless you are on network 10.10.10.0/24" ?
I'm facing a problem when I establish VPN connections using OpenVPN to Your Freedom Server. " you can see their documentation here ", I've installed OpenVPN from synaptic and I used the client to connect through VPN and it works !! but there is no traffic in FF or any application !!I tired to insert some HTTP proxy also belongs to the same server and it works. What really wonders me is that OpenVPN seems to work only when I'm connecting to streams sites "e.g. ustream, justin.tv" Is there anyway to force the whole traffic to use OpenVPN " I'm using Mobile modem and it works fine with OpenVPN in win7
I am trying to connect to an existing VPN server that I have been using for years now. I am moving my develpment environment over to a Ubuntu box and I must have openvpn working in order to access SVN. It has been a few years since I have been setting up linux boxes. And networking is a soft spot for me. But
The server has been running without problem for a LONG time. A windows computer I have been using connects to it fine and I can access the network on this machine. I am setting up a new computer, but when trying to connect openvpn starts the initialization sequence completes but I cannot ping the network I am trying to connect to.
I use a second VPN connection to connect to an alternative network and it works fine. The difference between these two is that the working vpn connection is a routed IP tunnel and the one that is not working is a bridged connection.
The VPN that is working on this box brings up tun0 while the bridged connection connects but does not bring up a network tun device. The server logs look normal, it just looks like the client is not setting itself up to use the network once connected. (The key/cert pair work find when on a windows box) Just not on this new ubuntu build.
My current client config
Quote:
cert eric@home.crt key eric@home.key client dev tap
[Code]....
The server is using tap, as well as the working windows client uses "dev tap"
It has been a long time since I have been maintaining linux boxes but its coming back slowly.
I have an OpenVPN setup at work, and windows clients are able to connect fine. On my dual-boot system (Windows XP 64-bit and Ubuntu 10.10 64-bit) I'm able to connect on Windows but not Ubuntu. I use the same files for each. The network manager wasn't working, so I'm doing it via the command line right now:
Below is the output (sanitized)
Code:
Does this mean it's connected? If so, I'm not able to ping anything on the remote network, not even the OpenVPN server.
I've seen this issue and it never seems to get resolved maybe this time I can find a fix.I'm currently using ubuntu 11.04 although i've had this issue since 10.04 and 10.10When using openvpn in windows it works perfectly fine but when using openvpn on ubuntu that's a completely different story I import my .ovpn file from clearos it loads the keys just fine but when it tries to connect it say's "no valid vpn secrets"
On clearos it gives you 3 certs and a .ovpn file the file sets it to use password with tls certs but it still comes up with this error, i've been quite stumped and it would be nice to possibly shed some light on this so I can finally get ubuntu to work with openvpn if possible.
I have set up OpenVPN for my connection. I'm using this to connect to the internet from different locations using tunnelling.
Right now I have a few IP's : on eth0 I have IP from my ISP, on eth0:1 I have my own IP.I set up MASQUERADE to eth0 - but in this case when I try to access my restricted resources IP address from ISP is visible. What I want is to use my own IP address from eth0:1 - could somebody help me to build good working redirect entry for that? I want to redirect all connections to that IP assigned on eth0:1... - just to access Internet using my IP.
