Jump to content
Not connected, Your IP: 44.205.2.188
Sign in to follow this  
sakmerlin37

Not able to connect after AirVPN upgrade

Recommended Posts

I have not been able to connect to the AirVPN server since changing my keys/certs according to the Notice posted 12 April 2014.  I created a .ovpn configuration as instructed and just replaced my keys/certs in the OpenVPN configuration for the Toastman Tomato firmware on my WRT54GL router.

 

The instructions are a little dated.  Here is what I have found:

 

  • There is no "Member Area" that points to "Access Without Our Client" anymore.  I went to:
    • Client Area --> Config Generator
  • Following instructions at: https://airvpn.org/tomato/
    • The first screen shot shows information added to EXTRA HMAC AUTHORIZATION (TLS-AUTH) that does not exist on my system so I have left it set to "DISABLED";
    • The second screen shot link is broken;
    • I have one file, a "AirVPN_[Country]_UDP-443.ovpn" file, which does not include USER.KEY, USER.CRT, or CA.CRT files;
    • So, in the one file, I took everything from the <ca> .... </ca> beginning with "-----BEGIN CERTIFICATE-----" and ending with "-----END CERTIFICATE-----" and put it in the CERTIFICATE AUTHORITY box in the OpenVPN configuration (this is the top box, the box titled STATIC KEY does not exist);
    • I took the certification beginning with "-----BEGIN CERTIFICATE-----" and ending with "-----END CERTIFICATE-----" in the <cert>....</cert> area and pasted it into the CLIENT CERTIFICATE box;
    • Finally, the <key>....</key> that starts with "-----BEGIN RSA PRIVATE KEY-----" and ends with "-----END RSA PRIVATE KEY-----" I put into the CLIENT KEY box in the OpenVPN area.

I did these steps originally and was able to connect; however, with the new information/configuration I am not able to connect; hopefully, I am missing something simple .

 

Note: I apologize if I seem confused; I have brain damage due to a medical condition and some days (like today) my ability to troubleshoot is limited...

Share this post


Link to post

I think I can help you with this. I am using toastman tomato on a R-N16. You must change two things in your router configuration after Air did their update. I left everything else the same besides pasting in the new keys generated.

 

First, on the basic page you must make sure the "Extra HMAC authorization" is set to Outgoing (1).

 

Second, on Keys page you must paste in the static key which you will find at the very end of the configuration file you generate where it says: -----BEGIN OpenVPN Static key V1-----

 

Edit: I added three screenshots of how your tomato should work.

Share this post


Link to post

Just a thought - Does my router need an updated (i.e., patched) version of toastman tomato to connect?  My client area shows a connection; however, AirVPN's connect check at the bottom of the web page shows that I am still unconnected.

Share this post


Link to post

Well, it seems to have taken!  Not sure what happened, but now it is working as intended... weird stuff :/.

 

Thank you VERY much for your help.

Share this post


Link to post

I'm having this same exact issue, my ac66u is reporting that I am connected but Airvpn says no way hose.  I've changed the keys etc, but will try what was mentioned here except my HMAC options are only static, TLS and custom.  I'll play around with it some.

Share this post


Link to post

Ok, so I realized after putting the static key in, that the option for "Extra HMAC authorization" is set to Outgoing (1) became availible after going through custom/static option that didn't work, and than tried back to TLC, which opened up HMAC auth etc.

 

Connected again, thanks op for the question and thanks Slyfox for the answer!

Share this post


Link to post

Ok, so I realized after putting the static key in, that the option for "Extra HMAC authorization" is set to Outgoing (1) became availible after going through custom/static option that didn't work, and than tried back to TLC, which opened up HMAC auth etc.

 

Connected again, thanks op for the question and thanks Slyfox for the answer!

 

Hello!

 

Ah yes, that's an important clarification, we apologize if this fact was not clear in the instructions for Tomato.

 

Kind regards

Share this post


Link to post

All good advice. If you still have big problems as I did even after putting in the right config, try upgrading your version of Toastman's Tomato to the latest. That should solve them. The only remaining problem I'm having is with the NVRAM on my N66U. There's nothing left. I can't even put in two VPN configs like I did before. Really frustrating.

Share this post


Link to post

I am an average user and am not using AirVPN through my router (ie. tomato), just through Ubuntu 10.04 network manager.

 

I too noticed that all the config files now have the certs and key embedded in the ovpn files.  I did as the original poster did and attempted to create new user.crt, ca.crt and user.key files from the associated *.ovpn files that were generated.

 

I have also attempted follow the limited and outdated instructions (before certs and keys were embedded in ovpn) in order to reset my OpenVPN settings.

 

All my connection attempts time out.

 

Can someone please direct me as to how to fix my connectivity issues?  Or better yet, instruct me on the specific steps I should go through to update my AirVPN ubuntu network manager settings.

 

Apologies if this post is slightly off the original topic:  This thread came closest to any relevant information on my issue and I have had zero luck finding any official documentation on how to proceed after the heartbleed update.

 

Thank you in advance for any help

Share this post


Link to post

I am an average user and am not using AirVPN through my router (ie. tomato), just through Ubuntu 10.04 network manager.

 

I too noticed that all the config files now have the certs and key embedded in the ovpn files.  I did as the original poster did and attempted to create new user.crt, ca.crt and user.key files from the associated *.ovpn files that were generated.

 

I have also attempted follow the limited and outdated instructions (before certs and keys were embedded in ovpn) in order to reset my OpenVPN settings.

 

All my connection attempts time out.

 

Can someone please direct me as to how to fix my connectivity issues?  Or better yet, instruct me on the specific steps I should go through to update my AirVPN ubuntu network manager settings.

 

Apologies if this post is slightly off the original topic:  This thread came closest to any relevant information on my issue and I have had zero luck finding any official documentation on how to proceed after the heartbleed update.

 

Thank you in advance for any help

 

UPDATE:

 

I reran the config generating, this time selecting the 'separate keys and certs' in the Advanced tab.  install through network manager was smoother (all keys and certs were automatically associated in appropriated fields).  Rebooted and tried to connect.  My connection attempts still time out.

 

Thoughts?

Share this post


Link to post

first you will need to re download your new cert's and keys. after the latest major update.

 

goto AirVPN's OpenVPN Configuration Generator
-select the select servers you want
-choose your connection mode
--..or click 'Advanced Mode'
--..Click Direct, protocol UDP, port 53 (*)
-On the lower right under where it sais 'Proxy' and 'Advanced' be sure to Only check the Option "Separate keys/certs from .ovpn file"
-download your tar or tar.gz etc
-extract to whichever directory

(you should now have all your servers in .ovpn files, seperated from certs and keys in that directory)
-open network-manager, goto VPN tab, click 'Import' and then choose a '.ovpn' file.
It should load all the new settings correctly.
-next just type in your password where it sais 'Private Key Password'


..save..connect

Share this post


Link to post

first you will need to re download your new cert's and keys. after the latest major update.

 

goto AirVPN's OpenVPN Configuration Generator

-select the select servers you want

-choose your connection mode

--..or click 'Advanced Mode'

--..Click Direct, protocol UDP, port 53 (*)

-On the lower right under where it sais 'Proxy' and 'Advanced' be sure to Only check the Option "Separate keys/certs from .ovpn file"

-download your tar or tar.gz etc

-extract to whichever directory

(you should now have all your servers in .ovpn files, seperated from certs and keys in that directory)

-open network-manager, goto VPN tab, click 'Import' and then choose a '.ovpn' file.

It should load all the new settings correctly.

-next just type in your password where it sais 'Private Key Password'

 

 

..save..connect

 

Thank you for the assist!

 

I followed the steps you provided.  the one change I noted was the move from port 443 to 53.  

 

I chose servers by country and not individually (at least 5-6).  

 

separate key/cert and ovpn option was selected.  Nothing else was checked.

 

I imported all the ovpn files and all certs and keys appeared to be correctly associated in their respective fields within the network manager setup.

 

typed my AirVPN password into the "private key password" field.

 

I rebooted and attempted to connect to various country servers.

 

All attempts timed out.

 

 

... any ideas?

Share this post


Link to post

 

typed my AirVPN password into the "private key password" field.

 

 

Hello,

 

that's a mistake. Where did you read to do that (we ask because if there are forum posts telling to do that we need to fix them)?

 

Kind regards

Share this post


Link to post

...

-next just type in your password where it sais 'Private Key Password'

 

 

..save..connect

 

 

My interpretation of this was to type in the AirVPN password.

Share this post


Link to post

 

...

-next just type in your password where it sais 'Private Key Password'

 

 

..save..connect

 

 

My interpretation of this was to type in the AirVPN password.

 

Thanks! Your interpretation is correct but that step suggested in the message is wrong. Getting back to network-manager, try to follow our instructions precisely. All of our tests end up with a fully working configuration. Anyway we are going to deprecate network-manager usage because it invokes OpenVPN in a way for which OpenVPN does not verify the server certificate and this is a security hazard. We recommend to run OpenVPN directly as long as we do not release Eddie for Linux.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...