Jump to content
Not connected, Your IP: 34.204.179.0
KrOSs

tls key negotation failed (Android)

Recommended Posts

Hi, i am having a tls key negotation problem with android, this is the log generated by Openvpn for android:

 

 

2014-06-19 23:22:35 Corriendo sobre GT-I9195 (MSM8960) samsung, API Android 19, versión 0.6.11, versión oficial

2014-06-19 23:22:38 Construyendo configuracion…
2014-06-19 23:22:40 started Socket Thread
2014-06-19 23:22:40 P:Initializing Google Breakpad!
2014-06-19 23:22:40 Current Parameter Settings:
2014-06-19 23:22:40   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
2014-06-19 23:22:40   mode = 0
2014-06-19 23:22:40   show_ciphers = DISABLED
2014-06-19 23:22:40   show_digests = DISABLED
2014-06-19 23:22:40   show_engines = DISABLED
2014-06-19 23:22:40   genkey = DISABLED
2014-06-19 23:22:40   key_pass_file = '[uNDEF]'
2014-06-19 23:22:40   show_tls_ciphers = DISABLED
2014-06-19 23:22:40   connect_retry_max = 5
2014-06-19 23:22:40 Connection profiles [0]:
2014-06-19 23:22:40   proto = udp
2014-06-19 23:22:40   local = '[uNDEF]'
2014-06-19 23:22:40   local_port = '[uNDEF]'
2014-06-19 23:22:40   remote = '199.21.149.44'
2014-06-19 23:22:40   remote_port = '53'
2014-06-19 23:22:40   remote_float = DISABLED
2014-06-19 23:22:40   bind_defined = DISABLED
2014-06-19 23:22:40   bind_local = DISABLED
2014-06-19 23:22:40   bind_ipv6_only = DISABLED
2014-06-19 23:22:40   connect_retry_seconds = 5
2014-06-19 23:22:40   connect_timeout = 10
2014-06-19 23:22:40   socks_proxy_server = '[uNDEF]'
2014-06-19 23:22:40   socks_proxy_port = '[uNDEF]'
2014-06-19 23:22:40   socks_proxy_retry = DISABLED
2014-06-19 23:22:40   tun_mtu = 1500
2014-06-19 23:22:40   tun_mtu_defined = ENABLED
2014-06-19 23:22:40   link_mtu = 1500
2014-06-19 23:22:40   link_mtu_defined = DISABLED
2014-06-19 23:22:40   tun_mtu_extra = 0
2014-06-19 23:22:40   tun_mtu_extra_defined = DISABLED
2014-06-19 23:22:40   mtu_discover_type = -1
2014-06-19 23:22:40   fragment = 0
2014-06-19 23:22:40   mssfix = 1450
2014-06-19 23:22:40   explicit_exit_notification = 5
2014-06-19 23:22:40 Connection profiles END
2014-06-19 23:22:40   remote_random = DISABLED
2014-06-19 23:22:40   ipchange = '[uNDEF]'
2014-06-19 23:22:40   dev = 'tun'
2014-06-19 23:22:40   dev_type = '[uNDEF]'
2014-06-19 23:22:41   dev_node = '[uNDEF]'
2014-06-19 23:22:41   lladdr = '[uNDEF]'
2014-06-19 23:22:41   topology = 1
2014-06-19 23:22:41   tun_ipv6 = DISABLED
2014-06-19 23:22:41   ifconfig_local = '[uNDEF]'
2014-06-19 23:22:41   ifconfig_remote_netmask = '[uNDEF]'
2014-06-19 23:22:41   ifconfig_noexec = DISABLED
2014-06-19 23:22:41   ifconfig_nowarn = DISABLED
2014-06-19 23:22:41   ifconfig_ipv6_local = '[uNDEF]'
2014-06-19 23:22:41   ifconfig_ipv6_netbits = 0
2014-06-19 23:22:41   ifconfig_ipv6_remote = '[uNDEF]'
2014-06-19 23:22:41   shaper = 0
2014-06-19 23:22:41   mtu_test = 0
2014-06-19 23:22:41   mlock = DISABLED
2014-06-19 23:22:41   keepalive_ping = 0
2014-06-19 23:22:41   keepalive_timeout = 0
2014-06-19 23:22:41   inactivity_timeout = 0
2014-06-19 23:22:41   ping_send_timeout = 0
2014-06-19 23:22:41   ping_rec_timeout = 0
2014-06-19 23:22:41   ping_rec_timeout_action = 0
2014-06-19 23:22:41   ping_timer_remote = DISABLED
2014-06-19 23:22:41   remap_sigusr1 = 0
2014-06-19 23:22:41   persist_tun = ENABLED
2014-06-19 23:22:41   persist_local_ip = DISABLED
2014-06-19 23:22:41   persist_remote_ip = DISABLED
2014-06-19 23:22:41   persist_key = DISABLED
2014-06-19 23:22:41   passtos = DISABLED
2014-06-19 23:22:41   resolve_retry_seconds = 1000000000
2014-06-19 23:22:41   resolve_in_advance = ENABLED
2014-06-19 23:22:41   username = '[uNDEF]'
2014-06-19 23:22:41   groupname = '[uNDEF]'
2014-06-19 23:22:41   chroot_dir = '[uNDEF]'
2014-06-19 23:22:41   cd_dir = '[uNDEF]'
2014-06-19 23:22:41   writepid = '[uNDEF]'
2014-06-19 23:22:41   up_script = '[uNDEF]'
2014-06-19 23:22:41   down_script = '[uNDEF]'
2014-06-19 23:22:41   down_pre = DISABLED
2014-06-19 23:22:41   up_restart = DISABLED
2014-06-19 23:22:41   up_delay = DISABLED
2014-06-19 23:22:41   daemon = DISABLED
2014-06-19 23:22:41   inetd = 0
2014-06-19 23:22:41   log = DISABLED
2014-06-19 23:22:41   suppress_timestamps = DISABLED
2014-06-19 23:22:41   machine_readable_output = ENABLED
2014-06-19 23:22:41   nice = 0
2014-06-19 23:22:41   verbosity = 4
2014-06-19 23:22:41   mute = 0
2014-06-19 23:22:41   gremlin = 0
2014-06-19 23:22:41   status_file = '[uNDEF]'
2014-06-19 23:22:41   status_file_version = 1
2014-06-19 23:22:41   status_file_update_freq = 60
2014-06-19 23:22:41   occ = ENABLED
2014-06-19 23:22:41   rcvbuf = 65536
2014-06-19 23:22:41   sndbuf = 65536
2014-06-19 23:22:41   sockflags = 0
2014-06-19 23:22:41   fast_io = DISABLED
2014-06-19 23:22:41   comp.alg = 2
2014-06-19 23:22:41   comp.flags = 1
2014-06-19 23:22:41   route_script = '[uNDEF]'
2014-06-19 23:22:41   route_default_gateway = '[uNDEF]'
2014-06-19 23:22:41   route_default_metric = 0
2014-06-19 23:22:41   route_noexec = DISABLED
2014-06-19 23:22:41   route_delay = 0
2014-06-19 23:22:41   route_delay_window = 30
2014-06-19 23:22:41   route_delay_defined = DISABLED
2014-06-19 23:22:41   route_nopull = DISABLED
2014-06-19 23:22:41   route_gateway_via_dhcp = DISABLED
2014-06-19 23:22:41   allow_pull_fqdn = DISABLED
2014-06-19 23:22:41   [redirect_default_gateway local=0]
2014-06-19 23:22:41   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
2014-06-19 23:22:41   management_port = 'unix'
2014-06-19 23:22:41   management_user_pass = '[uNDEF]'
2014-06-19 23:22:41   management_log_history_cache = 250
2014-06-19 23:22:41   management_echo_buffer_size = 100
2014-06-19 23:22:41   management_write_peer_info_file = '[uNDEF]'
2014-06-19 23:22:41   management_client_user = '[uNDEF]'
2014-06-19 23:22:41   management_client_group = '[uNDEF]'
2014-06-19 23:22:41   management_flags = 4390
2014-06-19 23:22:41   shared_secret_file = '[uNDEF]'
2014-06-19 23:22:41   key_direction = 2
2014-06-19 23:22:41   ciphername_defined = ENABLED
2014-06-19 23:22:41   ciphername = 'AES-256-CBC'
2014-06-19 23:22:41   authname_defined = ENABLED
2014-06-19 23:22:41   authname = 'SHA1'
2014-06-19 23:22:41   prng_hash = 'SHA1'
2014-06-19 23:22:41   prng_nonce_secret_len = 16
2014-06-19 23:22:41   keysize = 0
2014-06-19 23:22:41   engine = DISABLED
2014-06-19 23:22:41   replay = ENABLED
2014-06-19 23:22:41   mute_replay_warnings = DISABLED
2014-06-19 23:22:41   replay_window = 64
2014-06-19 23:22:41   replay_time = 15
2014-06-19 23:22:41   packet_id_file = '[uNDEF]'
2014-06-19 23:22:41   use_iv = ENABLED
2014-06-19 23:22:41   test_crypto = DISABLED
2014-06-19 23:22:41   tls_server = DISABLED
2014-06-19 23:22:41   tls_client = ENABLED
2014-06-19 23:22:41   key_method = 2
2014-06-19 23:22:41   ca_file = '[[iNLINE]]'
2014-06-19 23:22:41   ca_path = '[uNDEF]'
2014-06-19 23:22:41   dh_file = '[uNDEF]'
2014-06-19 23:22:41   cert_file = '[[iNLINE]]'
2014-06-19 23:22:41   priv_key_file = '[[iNLINE]]'
2014-06-19 23:22:41   pkcs12_file = '[uNDEF]'
2014-06-19 23:22:41   cipher_list = '[uNDEF]'
2014-06-19 23:22:41   tls_verify = '[uNDEF]'
2014-06-19 23:22:41   tls_export_cert = '[uNDEF]'
2014-06-19 23:22:41   verify_x509_type = 0
2014-06-19 23:22:41   verify_x509_name = '[uNDEF]'
2014-06-19 23:22:41   crl_file = '[uNDEF]'
2014-06-19 23:22:41   ns_cert_type = 0
2014-06-19 23:22:41   remote_cert_ku = 160
2014-06-19 23:22:41   remote_cert_ku = 136
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_ku = 0
2014-06-19 23:22:41   remote_cert_eku = 'TLS Web Server Authentication'
2014-06-19 23:22:41   ssl_flags = 0
2014-06-19 23:22:41   tls_timeout = 2
2014-06-19 23:22:41   renegotiate_bytes = 0
2014-06-19 23:22:41   renegotiate_packets = 0
2014-06-19 23:22:41   renegotiate_seconds = 3600
2014-06-19 23:22:41   handshake_window = 60
2014-06-19 23:22:41   transition_window = 3600
2014-06-19 23:22:41   single_session = DISABLED
2014-06-19 23:22:41   push_peer_info = DISABLED
2014-06-19 23:22:41   tls_exit = DISABLED
2014-06-19 23:22:41   tls_auth_file = '[[iNLINE]]'
2014-06-19 23:22:41   client = ENABLED
2014-06-19 23:22:41   pull = ENABLED
2014-06-19 23:22:41   auth_user_pass_file = '[uNDEF]'
2014-06-19 23:22:41 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [sSL (OpenSSL)] [LZO] [sNAPPY] [LZ4] [EPOLL] [MH] [iPv6] built on Mar 12 2014
2014-06-19 23:22:41 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
2014-06-19 23:22:41 MANAGEMENT: CMD 'hold release'
2014-06-19 23:22:41 MANAGEMENT: CMD 'proxy NONE'
2014-06-19 23:22:41 MANAGEMENT: CMD 'bytecount 2'
2014-06-19 23:22:41 MANAGEMENT: CMD 'state on'
2014-06-19 23:22:41 Estado de la red: CONNECTED HSPA+ to mobile bam.entelpcs.cl
2014-06-19 23:22:42 Control Channel Authentication: tls-auth using INLINE static key file
2014-06-19 23:22:42 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:22:42 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:22:42 LZO compression initializing
2014-06-19 23:22:42 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-06-19 23:22:42 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
2014-06-19 23:22:42 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2014-06-19 23:22:42 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2014-06-19 23:22:42 Local Options hash (VER=V4): '9e7066d2'
2014-06-19 23:22:42 Expected Remote Options hash (VER=V4): '162b04de'
2014-06-19 23:22:42 TCP/UDP: Preserving recently used remote address: [AF_INET]199.21.149.44:53
2014-06-19 23:22:42 Socket Buffers: R=[163840->131072] S=[163840->131072]
2014-06-19 23:22:42 Protecting socket fd 4
2014-06-19 23:22:42 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-06-19 23:22:42 UDP link local: (not bound)
2014-06-19 23:22:42 UDP link remote: [AF_INET]199.21.149.44:53
2014-06-19 23:22:42 MANAGEMENT: >STATE:1403234562,WAIT,,,
2014-06-19 23:22:42 MANAGEMENT: >STATE:1403234562,AUTH,,,
2014-06-19 23:22:42 TLS: Initial packet from [AF_INET]199.21.149.44:53, sid=514a1a0d 9c192d64
2014-06-19 23:23:42 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2014-06-19 23:23:42 TLS Error: TLS handshake failed
2014-06-19 23:23:42 TCP/UDP: Closing socket
2014-06-19 23:23:42 SIGUSR1[soft,tls-error] received, process restarting
2014-06-19 23:23:42 MANAGEMENT: >STATE:1403234622,RECONNECTING,tls-error,,
2014-06-19 23:23:42 MANAGEMENT: CMD 'hold release'
2014-06-19 23:23:42 MANAGEMENT: CMD 'bytecount 2'
2014-06-19 23:23:42 MANAGEMENT: CMD 'state on'
2014-06-19 23:23:42 MANAGEMENT: CMD 'proxy NONE'
2014-06-19 23:23:43 Control Channel Authentication: tls-auth using INLINE static key file
2014-06-19 23:23:43 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:23:43 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2014-06-19 23:23:43 LZO compression initializing
2014-06-19 23:23:43 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
2014-06-19 23:23:43 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:395 ET:0 EL:0 ]
2014-06-19 23:23:43 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2014-06-19 23:23:43 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2014-06-19 23:23:43 Local Options hash (VER=V4): '9e7066d2'
2014-06-19 23:23:43 Expected Remote Options hash (VER=V4): '162b04de'
2014-06-19 23:23:43 TCP/UDP: Preserving recently used remote address: [AF_INET]199.21.149.44:53
2014-06-19 23:23:43 Socket Buffers: R=[163840->131072] S=[163840->131072]
2014-06-19 23:23:43 Protecting socket fd 4
2014-06-19 23:23:43 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2014-06-19 23:23:43 UDP link local: (not bound)
2014-06-19 23:23:43 UDP link remote: [AF_INET]199.21.149.44:53
2014-06-19 23:23:43 MANAGEMENT: >STATE:1403234623,WAIT,,,
2014-06-19 23:23:43 MANAGEMENT: >STATE:1403234623,AUTH,,,
2014-06-19 23:23:43 TLS: Initial packet from [AF_INET]199.21.149.44:53, sid=595d26f9 6811b8b9

 

 
I don't know what could be, pls help.

Share this post


Link to post

Tried to connect to earth.vpn.airdns.org via TCP/443, resolved to the same IP like you. Similar results.

2014-06-20 13:06:17 Modell GT-I8160 (montblanc) samsung, Android API 19, version 0.6.11, F-Droid built and signed version 
2014-06-20 13:06:19 Generiere OpenVPN Konfiguration… 
2014-06-20 13:06:22 started Socket Thread
[...]
2014-06-20 13:06:22 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_70-078981e61dfdf105] android-14-armeabi-v7a [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Mar 20 2014
[...]
2014-06-20 13:07:52 Attempting to establish TCP connection with [AF_INET]199.21.149.44:443 [nonblock] 
2014-06-20 13:07:52 MANAGEMENT: >STATE:1403262472,TCP_CONNECT,,, 
2014-06-20 13:07:52 Protecting socket fd 4 
2014-06-20 13:07:52 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 
2014-06-20 13:08:02 TCP: connect to [AF_INET]199.21.149.44:443 failed: Connection timed out 
2014-06-20 13:08:02 SIGUSR1[connection failed(soft),init_instance] received, process restarting
[...]

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

I have been having a similar problem. I often get the error "Error Rendering Cert" and have to try a couple times before i finally connect on my android device. It didn't used to be like this, my guess is the openVPN software has a bug. I started noticing this ever since the last openVPN update.

 

The closest solution i found was this https://forums.openvpn.net/topic16162.html#p42681 but doesn't look like we can do the same.

 

I'm still trying to find a solution...

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...