KrOSs 0 Posted ... Hi, i am having a tls key negotation problem with android, this is the log generated by Openvpn for android: 2014-06-19 23:22:35 Corriendo sobre GT-I9195 (MSM8960) samsung, API Android 19, versión 0.6.11, versión oficial2014-06-19 23:22:38 Construyendo configuracion…2014-06-19 23:22:40 started Socket Thread2014-06-19 23:22:40 P:Initializing Google Breakpad!2014-06-19 23:22:40 Current Parameter Settings:2014-06-19 23:22:40 config = '/data/data/de.blinkt.openvpn/cache/android.conf'2014-06-19 23:22:40 mode = 02014-06-19 23:22:40 show_ciphers = DISABLED2014-06-19 23:22:40 show_digests = DISABLED2014-06-19 23:22:40 show_engines = DISABLED2014-06-19 23:22:40 genkey = DISABLED2014-06-19 23:22:40 key_pass_file = '[uNDEF]'2014-06-19 23:22:40 show_tls_ciphers = DISABLED2014-06-19 23:22:40 connect_retry_max = 52014-06-19 23:22:40 Connection profiles [0]:2014-06-19 23:22:40 proto = udp2014-06-19 23:22:40 local = '[uNDEF]'2014-06-19 23:22:40 local_port = '[uNDEF]'2014-06-19 23:22:40 remote = '199.21.149.44'2014-06-19 23:22:40 remote_port = '53'2014-06-19 23:22:40 remote_float = DISABLED2014-06-19 23:22:40 bind_defined = DISABLED2014-06-19 23:22:40 bind_local = DISABLED2014-06-19 23:22:40 bind_ipv6_only = DISABLED2014-06-19 23:22:40 connect_retry_seconds = 52014-06-19 23:22:40 connect_timeout = 102014-06-19 23:22:40 socks_proxy_server = '[uNDEF]'2014-06-19 23:22:40 socks_proxy_port = '[uNDEF]'2014-06-19 23:22:40 socks_proxy_retry = DISABLED2014-06-19 23:22:40 tun_mtu = 15002014-06-19 23:22:40 tun_mtu_defined = ENABLED2014-06-19 23:22:40 link_mtu = 15002014-06-19 23:22:40 link_mtu_defined = DISABLED2014-06-19 23:22:40 tun_mtu_extra = 02014-06-19 23:22:40 tun_mtu_extra_defined = DISABLED2014-06-19 23:22:40 mtu_discover_type = -12014-06-19 23:22:40 fragment = 02014-06-19 23:22:40 mssfix = 14502014-06-19 23:22:40 explicit_exit_notification = 52014-06-19 23:22:40 Connection profiles END2014-06-19 23:22:40 remote_random = DISABLED2014-06-19 23:22:40 ipchange = '[uNDEF]'2014-06-19 23:22:40 dev = 'tun'2014-06-19 23:22:40 dev_type = '[uNDEF]'2014-06-19 23:22:41 dev_node = '[uNDEF]'2014-06-19 23:22:41 lladdr = '[uNDEF]'2014-06-19 23:22:41 topology = 12014-06-19 23:22:41 tun_ipv6 = DISABLED2014-06-19 23:22:41 ifconfig_local = '[uNDEF]'2014-06-19 23:22:41 ifconfig_remote_netmask = '[uNDEF]'2014-06-19 23:22:41 ifconfig_noexec = DISABLED2014-06-19 23:22:41 ifconfig_nowarn = DISABLED2014-06-19 23:22:41 ifconfig_ipv6_local = '[uNDEF]'2014-06-19 23:22:41 ifconfig_ipv6_netbits = 02014-06-19 23:22:41 ifconfig_ipv6_remote = '[uNDEF]'2014-06-19 23:22:41 shaper = 02014-06-19 23:22:41 mtu_test = 02014-06-19 23:22:41 mlock = DISABLED2014-06-19 23:22:41 keepalive_ping = 02014-06-19 23:22:41 keepalive_timeout = 02014-06-19 23:22:41 inactivity_timeout = 02014-06-19 23:22:41 ping_send_timeout = 02014-06-19 23:22:41 ping_rec_timeout = 02014-06-19 23:22:41 ping_rec_timeout_action = 02014-06-19 23:22:41 ping_timer_remote = DISABLED2014-06-19 23:22:41 remap_sigusr1 = 02014-06-19 23:22:41 persist_tun = ENABLED2014-06-19 23:22:41 persist_local_ip = DISABLED2014-06-19 23:22:41 persist_remote_ip = DISABLED2014-06-19 23:22:41 persist_key = DISABLED2014-06-19 23:22:41 passtos = DISABLED2014-06-19 23:22:41 resolve_retry_seconds = 10000000002014-06-19 23:22:41 resolve_in_advance = ENABLED2014-06-19 23:22:41 username = '[uNDEF]'2014-06-19 23:22:41 groupname = '[uNDEF]'2014-06-19 23:22:41 chroot_dir = '[uNDEF]'2014-06-19 23:22:41 cd_dir = '[uNDEF]'2014-06-19 23:22:41 writepid = '[uNDEF]'2014-06-19 23:22:41 up_script = '[uNDEF]'2014-06-19 23:22:41 down_script = '[uNDEF]'2014-06-19 23:22:41 down_pre = DISABLED2014-06-19 23:22:41 up_restart = DISABLED2014-06-19 23:22:41 up_delay = DISABLED2014-06-19 23:22:41 daemon = DISABLED2014-06-19 23:22:41 inetd = 02014-06-19 23:22:41 log = DISABLED2014-06-19 23:22:41 suppress_timestamps = DISABLED2014-06-19 23:22:41 machine_readable_output = ENABLED2014-06-19 23:22:41 nice = 02014-06-19 23:22:41 verbosity = 42014-06-19 23:22:41 mute = 02014-06-19 23:22:41 gremlin = 02014-06-19 23:22:41 status_file = '[uNDEF]'2014-06-19 23:22:41 status_file_version = 12014-06-19 23:22:41 status_file_update_freq = 602014-06-19 23:22:41 occ = ENABLED2014-06-19 23:22:41 rcvbuf = 655362014-06-19 23:22:41 sndbuf = 655362014-06-19 23:22:41 sockflags = 02014-06-19 23:22:41 fast_io = DISABLED2014-06-19 23:22:41 comp.alg = 22014-06-19 23:22:41 comp.flags = 12014-06-19 23:22:41 route_script = '[uNDEF]'2014-06-19 23:22:41 route_default_gateway = '[uNDEF]'2014-06-19 23:22:41 route_default_metric = 02014-06-19 23:22:41 route_noexec = DISABLED2014-06-19 23:22:41 route_delay = 02014-06-19 23:22:41 route_delay_window = 302014-06-19 23:22:41 route_delay_defined = DISABLED2014-06-19 23:22:41 route_nopull = DISABLED2014-06-19 23:22:41 route_gateway_via_dhcp = DISABLED2014-06-19 23:22:41 allow_pull_fqdn = DISABLED2014-06-19 23:22:41 [redirect_default_gateway local=0]2014-06-19 23:22:41 management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'2014-06-19 23:22:41 management_port = 'unix'2014-06-19 23:22:41 management_user_pass = '[uNDEF]'2014-06-19 23:22:41 management_log_history_cache = 2502014-06-19 23:22:41 management_echo_buffer_size = 1002014-06-19 23:22:41 management_write_peer_info_file = '[uNDEF]'2014-06-19 23:22:41 management_client_user = '[uNDEF]'2014-06-19 23:22:41 management_client_group = '[uNDEF]'2014-06-19 23:22:41 management_flags = 43902014-06-19 23:22:41 shared_secret_file = '[uNDEF]'2014-06-19 23:22:41 key_direction = 22014-06-19 23:22:41 ciphername_defined = ENABLED2014-06-19 23:22:41 ciphername = 'AES-256-CBC'2014-06-19 23:22:41 authname_defined = ENABLED2014-06-19 23:22:41 authname = 'SHA1'2014-06-19 23:22:41 prng_hash = 'SHA1'2014-06-19 23:22:41 prng_nonce_secret_len = 162014-06-19 23:22:41 keysize = 02014-06-19 23:22:41 engine = DISABLED2014-06-19 23:22:41 replay = ENABLED2014-06-19 23:22:41 mute_replay_warnings = DISABLED2014-06-19 23:22:41 replay_window = 642014-06-19 23:22:41 replay_time = 152014-06-19 23:22:41 packet_id_file = '[uNDEF]'2014-06-19 23:22:41 use_iv = ENABLED2014-06-19 23:22:41 test_crypto = DISABLED2014-06-19 23:22:41 tls_server = DISABLED2014-06-19 23:22:41 tls_client = ENABLED2014-06-19 23:22:41 key_method = 22014-06-19 23:22:41 ca_file = '[[iNLINE]]'2014-06-19 23:22:41 ca_path = '[uNDEF]'2014-06-19 23:22:41 dh_file = '[uNDEF]'2014-06-19 23:22:41 cert_file = '[[iNLINE]]'2014-06-19 23:22:41 priv_key_file = '[[iNLINE]]'2014-06-19 23:22:41 pkcs12_file = '[uNDEF]'2014-06-19 23:22:41 cipher_list = '[uNDEF]'2014-06-19 23:22:41 tls_verify = '[uNDEF]'2014-06-19 23:22:41 tls_export_cert = '[uNDEF]'2014-06-19 23:22:41 verify_x509_type = 02014-06-19 23:22:41 verify_x509_name = '[uNDEF]'2014-06-19 23:22:41 crl_file = '[uNDEF]'2014-06-19 23:22:41 ns_cert_type = 02014-06-19 23:22:41 remote_cert_ku = 1602014-06-19 23:22:41 remote_cert_ku = 1362014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_ku = 02014-06-19 23:22:41 remote_cert_eku = 'TLS Web Server Authentication'2014-06-19 23:22:41 ssl_flags = 02014-06-19 23:22:41 tls_timeout = 22014-06-19 23:22:41 renegotiate_bytes = 02014-06-19 23:22:41 renegotiate_packets = 02014-06-19 23:22:41 renegotiate_seconds = 36002014-06-19 23:22:41 handshake_window = 602014-06-19 23:22:41 transition_window = 36002014-06-19 23:22:41 single_session = DISABLED2014-06-19 23:22:41 push_peer_info = DISABLED2014-06-19 23:22:41 tls_exit = DISABLED2014-06-19 23:22:41 tls_auth_file = '[[iNLINE]]'2014-06-19 23:22:41 client = ENABLED2014-06-19 23:22:41 pull = ENABLED2014-06-19 23:22:41 auth_user_pass_file = '[uNDEF]'2014-06-19 23:22:41 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [sSL (OpenSSL)] [LZO] [sNAPPY] [LZ4] [EPOLL] [MH] [iPv6] built on Mar 12 20142014-06-19 23:22:41 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket2014-06-19 23:22:41 MANAGEMENT: CMD 'hold release'2014-06-19 23:22:41 MANAGEMENT: CMD 'proxy NONE'2014-06-19 23:22:41 MANAGEMENT: CMD 'bytecount 2'2014-06-19 23:22:41 MANAGEMENT: CMD 'state on'2014-06-19 23:22:41 Estado de la red: CONNECTED HSPA+ to mobile bam.entelpcs.cl2014-06-19 23:22:42 Control Channel Authentication: tls-auth using INLINE static key file2014-06-19 23:22:42 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2014-06-19 23:22:42 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2014-06-19 23:22:42 LZO compression initializing2014-06-19 23:22:42 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]2014-06-19 23:22:42 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]2014-06-19 23:22:42 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'2014-06-19 23:22:42 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'2014-06-19 23:22:42 Local Options hash (VER=V4): '9e7066d2'2014-06-19 23:22:42 Expected Remote Options hash (VER=V4): '162b04de'2014-06-19 23:22:42 TCP/UDP: Preserving recently used remote address: [AF_INET]199.21.149.44:532014-06-19 23:22:42 Socket Buffers: R=[163840->131072] S=[163840->131072]2014-06-19 23:22:42 Protecting socket fd 42014-06-19 23:22:42 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'2014-06-19 23:22:42 UDP link local: (not bound)2014-06-19 23:22:42 UDP link remote: [AF_INET]199.21.149.44:532014-06-19 23:22:42 MANAGEMENT: >STATE:1403234562,WAIT,,,2014-06-19 23:22:42 MANAGEMENT: >STATE:1403234562,AUTH,,,2014-06-19 23:22:42 TLS: Initial packet from [AF_INET]199.21.149.44:53, sid=514a1a0d 9c192d642014-06-19 23:23:42 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)2014-06-19 23:23:42 TLS Error: TLS handshake failed2014-06-19 23:23:42 TCP/UDP: Closing socket2014-06-19 23:23:42 SIGUSR1[soft,tls-error] received, process restarting2014-06-19 23:23:42 MANAGEMENT: >STATE:1403234622,RECONNECTING,tls-error,,2014-06-19 23:23:42 MANAGEMENT: CMD 'hold release'2014-06-19 23:23:42 MANAGEMENT: CMD 'bytecount 2'2014-06-19 23:23:42 MANAGEMENT: CMD 'state on'2014-06-19 23:23:42 MANAGEMENT: CMD 'proxy NONE'2014-06-19 23:23:43 Control Channel Authentication: tls-auth using INLINE static key file2014-06-19 23:23:43 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2014-06-19 23:23:43 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2014-06-19 23:23:43 LZO compression initializing2014-06-19 23:23:43 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]2014-06-19 23:23:43 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]2014-06-19 23:23:43 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'2014-06-19 23:23:43 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'2014-06-19 23:23:43 Local Options hash (VER=V4): '9e7066d2'2014-06-19 23:23:43 Expected Remote Options hash (VER=V4): '162b04de'2014-06-19 23:23:43 TCP/UDP: Preserving recently used remote address: [AF_INET]199.21.149.44:532014-06-19 23:23:43 Socket Buffers: R=[163840->131072] S=[163840->131072]2014-06-19 23:23:43 Protecting socket fd 42014-06-19 23:23:43 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'2014-06-19 23:23:43 UDP link local: (not bound)2014-06-19 23:23:43 UDP link remote: [AF_INET]199.21.149.44:532014-06-19 23:23:43 MANAGEMENT: >STATE:1403234623,WAIT,,,2014-06-19 23:23:43 MANAGEMENT: >STATE:1403234623,AUTH,,,2014-06-19 23:23:43 TLS: Initial packet from [AF_INET]199.21.149.44:53, sid=595d26f9 6811b8b9 I don't know what could be, pls help. Quote Share this post Link to post
OpenSourcerer 1441 Posted ... Tried to connect to earth.vpn.airdns.org via TCP/443, resolved to the same IP like you. Similar results. 2014-06-20 13:06:17 Modell GT-I8160 (montblanc) samsung, Android API 19, version 0.6.11, F-Droid built and signed version 2014-06-20 13:06:19 Generiere OpenVPN Konfiguration… 2014-06-20 13:06:22 started Socket Thread [...] 2014-06-20 13:06:22 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Mar 20 2014 [...] 2014-06-20 13:07:52 Attempting to establish TCP connection with [AF_INET]199.21.149.44:443 [nonblock] 2014-06-20 13:07:52 MANAGEMENT: >STATE:1403262472,TCP_CONNECT,,, 2014-06-20 13:07:52 Protecting socket fd 4 2014-06-20 13:07:52 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2014-06-20 13:08:02 TCP: connect to [AF_INET]199.21.149.44:443 failed: Connection timed out 2014-06-20 13:08:02 SIGUSR1[connection failed(soft),init_instance] received, process restarting [...] Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
dnesecure 1 Posted ... I have been having a similar problem. I often get the error "Error Rendering Cert" and have to try a couple times before i finally connect on my android device. It didn't used to be like this, my guess is the openVPN software has a bug. I started noticing this ever since the last openVPN update. The closest solution i found was this https://forums.openvpn.net/topic16162.html#p42681 but doesn't look like we can do the same. I'm still trying to find a solution... 1 kaukg reacted to this Quote Share this post Link to post