Forums

Resolved
0 votes
Hi Team ClearOS ,


My Version : ClearOS release 7.8.1 (Final)

I have issues with VPN.
I'm using a Static IP.

<blockquote>Error Log</blockquote>

Fri Aug 21 12:13:41 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Fri Aug 21 12:13:41 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Aug 21 12:13:41 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Enter Management Password:
Fri Aug 21 12:13:41 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342
Fri Aug 21 12:13:41 2020 Need hold release from management interface, waiting...
Fri Aug 21 12:13:42 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342
Fri Aug 21 12:13:42 2020 MANAGEMENT: CMD 'state on'
Fri Aug 21 12:13:42 2020 MANAGEMENT: CMD 'log all on'
Fri Aug 21 12:13:42 2020 MANAGEMENT: CMD 'echo all on'
Fri Aug 21 12:13:42 2020 MANAGEMENT: CMD 'bytecount 5'
Fri Aug 21 12:13:42 2020 MANAGEMENT: CMD 'hold off'
Fri Aug 21 12:13:42 2020 MANAGEMENT: CMD 'hold release'
Fri Aug 21 12:13:58 2020 MANAGEMENT: CMD 'username "Auth" "lalatendu"'
Fri Aug 21 12:13:58 2020 MANAGEMENT: CMD 'password [...]'
Fri Aug 21 12:13:58 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Aug 21 12:13:58 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]my-public-ip:1194
Fri Aug 21 12:13:58 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Aug 21 12:13:58 2020 UDP link local: (not bound)
Fri Aug 21 12:13:58 2020 UDP link remote: [AF_INET]my-public-ip:1194
Fri Aug 21 12:13:58 2020 MANAGEMENT: >STATE:1597992238,WAIT,,,,,,
Fri Aug 21 12:14:58 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Aug 21 12:14:58 2020 TLS Error: TLS handshake failed
Fri Aug 21 12:14:58 2020 SIGUSR1[soft,tls-error] received, process restarting
Fri Aug 21 12:14:58 2020 MANAGEMENT: >STATE:1597992298,RECONNECTING,tls-error,,,,,
Fri Aug 21 12:14:58 2020 Restart pause, 5 second(s)
Fri Aug 21 12:15:03 2020 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Aug 21 12:15:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]my-public-ip:1194
Fri Aug 21 12:15:03 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Aug 21 12:15:03 2020 UDP link local: (not bound)
Fri Aug 21 12:15:03 2020 UDP link remote: [AF_INET]my-public-ip:1194
Fri Aug 21 12:15:03 2020 MANAGEMENT: >STATE:1597992303,WAIT,,,,,,
Fri Aug 21 12:15:30 2020 SIGTERM[hard,] received, process exiting
Fri Aug 21 12:15:30 2020 MANAGEMENT: >STATE:1597992330,EXITING,SIGTERM,,,,,



<blockquote>My Client OVPN Config File Details</blockquote>

client
remote xx-xx-xx-xx 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-lalatendu-cert.pem
key client-lalatendu-key.pem
ns-cert-type server
verb 3
float
auth-user-pass
comp-lzo
tls-cipher "DEFAULT:@SECLEVEL=0"


<blockquote>Server Clients.conf Details</blockquote>

# Tip - if you are using this as a template for configuring other VPNs:
# - the ifconfig-pool-persist file must be unique
# - the port/protocol combination must be unique
# - the status file must be unique
# - different server IPs are recommended
# - don't forget about the firewall
port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
compress stub-v2
push "compress stub-v2"
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
status /var/lib/openvpn/openvpn-status.log
plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
verb 3
push "dhcp-option DNS 192.10.10.2"
push "dhcp-option WINS 192.10.10.2"
push "dhcp-option DOMAIN my domain.com"
push "route 192.10.10.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
client-to-client
push "block-outside-dns"



Regards
Lalatendu
Friday, August 21 2020, 07:11 AM
Share this post:
Responses (1)
  • Accepted Answer

    Friday, August 21 2020, 08:26 AM - #Permalink
    Resolved
    0 votes
    Normally that is a connectivity error. Firstly, why have you added "tls-cipher"? Current certificates seem to be issued with SHA256. Some of the older ones are SHA1 (including a lot of mine).

    Please can you check that you have opened the firewall to UDP:1194, OpenVPN is actually running in ClearOS (I think it defaults to stopped) and that xx-xx-xx-xx resolves to your WAN IP.
    The reply is currently minimized Show
Your Reply