Jump to content
Not connected, Your IP: 3.133.147.193
Sign in to follow this  
wasteemail

Could not connect to AirVPN by any means

Recommended Posts

Hi,

Yesterday i subscribed for a 3 day AIRVPN plan. I installed "openvpn-install-2.3.4-I002-x86_64.exe" and generated config files with USA and UK servers having ports TCP 443 alone. Everytime i try connecting it gives a TLS handshake error. My PC is connected to our organisation's firewall, Fortiguard which filters our Internet connection. It has only port 80(TCP) and 443(TCP) opened [ checked it through Nmap tool ]. All other ports are closed. OS- windows 7 64 bit. Here is my log,

 

Fri Oct 03 13:13:10 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\AirVPN_United-States_TCP-443.log: Access is denied.   (errno=5)
Fri Oct 03 13:13:10 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Jun  5 2014
Fri Oct 03 13:13:10 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Fri Oct 03 13:13:10 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343
Fri Oct 03 13:13:10 2014 Need hold release from management interface, waiting...
Fri Oct 03 13:13:10 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343
Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'state on'
Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'log all on'
Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'hold off'
Fri Oct 03 13:13:10 2014 MANAGEMENT: CMD 'hold release'
Fri Oct 03 13:13:10 2014 Control Channel Authentication: tls-auth using INLINE static key file
Fri Oct 03 13:13:10 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 03 13:13:10 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Oct 03 13:13:10 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Oct 03 13:13:10 2014 MANAGEMENT: >STATE:1412322190,RESOLVE,,,
Fri Oct 03 13:13:11 2014 Attempting to establish TCP connection with [AF_INET]149.255.33.154:443
Fri Oct 03 13:13:11 2014 MANAGEMENT: >STATE:1412322191,TCP_CONNECT,,,
Fri Oct 03 13:13:11 2014 TCP connection established with [AF_INET]149.255.33.154:443
Fri Oct 03 13:13:11 2014 TCPv4_CLIENT link local: [undef]
Fri Oct 03 13:13:11 2014 TCPv4_CLIENT link remote: [AF_INET]149.255.33.154:443
Fri Oct 03 13:13:11 2014 MANAGEMENT: >STATE:1412322191,WAIT,,,
Fri Oct 03 13:14:11 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Oct 03 13:14:11 2014 TLS Error: TLS handshake failed
Fri Oct 03 13:14:11 2014 Fatal TLS error (check_tls_errors_co), restarting
Fri Oct 03 13:14:11 2014 SIGUSR1[soft,tls-error] received, process restarting
Fri Oct 03 13:14:11 2014 MANAGEMENT: >STATE:1412322251,RECONNECTING,tls-error,,
Fri Oct 03 13:14:11 2014 Restart pause, 5 second(s)
Fri Oct 03 13:14:16 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Oct 03 13:14:16 2014 MANAGEMENT: >STATE:1412322256,RESOLVE,,,
Fri Oct 03 13:14:16 2014 Attempting to establish TCP connection with [AF_INET]149.255.33.154:443
Fri Oct 03 13:14:16 2014 MANAGEMENT: >STATE:1412322256,TCP_CONNECT,,,
Fri Oct 03 13:14:16 2014 TCP connection established with [AF_INET]149.255.33.154:443
Fri Oct 03 13:14:16 2014 TCPv4_CLIENT link local: [undef]
Fri Oct 03 13:14:16 2014 TCPv4_CLIENT link remote: [AF_INET]149.255.33.154:443
Fri Oct 03 13:14:16 2014 MANAGEMENT: >STATE:1412322256,WAIT,,,

and this repeats..

What i found out is, i opened Ultrasurf Proxy [which is the only proxy software that works bypassing Fortiguard in my organisation] and connected to its proxy and then tried connecting AirVPN and voila, it got connected without an problem to an USA server. After i disconnected Ultrasurf, AirVPN couldn't connect back. !!! I also installed Eddie 2.6 and tried connecting with "protocol TCP 443" selected from preferences, but couldn't connect. I even tried SSL 443 but couldn't connect here is my log,

 

Sat Oct 04 13:04:27 2014 OpenVPN 2.3.4 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Jun  5 2014
Sat Oct 04 13:04:27 2014 library versions: OpenSSL 1.0.1h 5 Jun 2014, LZO 2.05
Enter Management Password:
Sat Oct 04 13:04:27 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Oct 04 13:04:27 2014 Need hold release from management interface, waiting...
Sat Oct 04 13:04:28 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'state on'
Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'log all on'
Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'hold off'
Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'hold release'
Sat Oct 04 13:04:28 2014 MANAGEMENT: CMD 'proxy NONE  '
Sat Oct 04 13:04:29 2014 Control Channel Authentication: tls-auth using INLINE static key file
Sat Oct 04 13:04:29 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Oct 04 13:04:29 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Oct 04 13:04:29 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Oct 04 13:04:29 2014 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413
Sat Oct 04 13:04:29 2014 MANAGEMENT: >STATE:1412408069,TCP_CONNECT,,,
Sat Oct 04 13:04:30 2014 TCP: connect to [AF_INET]127.0.0.1:1413 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Sat Oct 04 13:04:30 2014 SIGUSR1[soft,init_instance] received, process restarting
Sat Oct 04 13:04:30 2014 MANAGEMENT: >STATE:1412408070,RECONNECTING,init_instance,,
Sat Oct 04 13:04:30 2014 Restart pause, 5 second(s)
Sat Oct 04 13:04:35 2014 MANAGEMENT: CMD 'proxy NONE  '
Sat Oct 04 13:04:36 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Oct 04 13:04:36 2014 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413
Sat Oct 04 13:04:36 2014 MANAGEMENT: >STATE:1412408076,TCP_CONNECT,,,
Sat Oct 04 13:04:37 2014 TCP: connect to [AF_INET]127.0.0.1:1413 failed, will try again in 5 seconds: Connection refused (WSAECONNREFUSED)
Sat Oct 04 13:04:37 2014 SIGUSR1[soft,init_instance] received, process restarting
Sat Oct 04 13:04:37 2014 MANAGEMENT: >STATE:1412408077,RECONNECTING,init_instance,,
Sat Oct 04 13:04:37 2014 Restart pause, 5 second(s)

 

I did raise a support ticket and their reply was,

 

There is no communication between your node and the VPN servers.

You are maybe behind a proxy. If so, OpenVPN can connect over a proxy. You need to know proxy type, proxy listening port and IP address (or reachable host name), authentication type (if any), authentication credentials (if any). Then you can generate a configuration file with such parameters (tick "Advanced Mode" in the Configuration Generator and fill in the proxy parameters).

If you think you are not behind a proxy, try a connection of OpenVPN over SSL. In our client Eddie you can quickly test OpenVPN over SSL by clicking "AirVPN" button, selecting "Preferences", clicking "Protocols" tab,  selecting "SSL Tunnel - Port 443" and clicking "Save". Eddie supports OpenVPN connections  over a proxy as well (they can be configured in the "Proxy" tab).

Kind regards
AirVPN Support Team

 

But i would like to point out that, i could communicate with AirVPN servers when using Ultrasurf and my internet connection dowsn't go through a proxy.

 

Kindly can anyone help me out.

Share this post


Link to post

Hello!

 

Since Ultrasurf employs HTTP proxies, probably your company Fortigate firewall allows those packets. Additionally, your solution (OpenVPN over Ultrasurf if we understand it correctly) is quite elegant. There is widespread concern about Ultrasurf, the addition of a further OpenVPN tunnel potentially solves any risk, because data are still encrypted by OpenVPN when they pass through Ultrasurf servers. See for example https://en.wikipedia.org/wiki/Ultrasurf#Evaluation in particular Appelbaum's concerns and criticism.

 

Kind regards

Share this post


Link to post

Hello,

Is there anyway where AirVPN can work. This is the only VPN whose website is not blocked by our company [meaning without any proxy i could directly load up your airvpn page whereas other VPN websites get blocked under proxy avoidance category] but it's software whether be it openvpn or eddie gets blocked from communicating to your servers.

Share this post


Link to post

Ask your network admin to allow OpenVPN through. (Yes, I realize that might not be an option.)

 

It might be possible to circumvent the firewall, but if your network people are competent then I would expect Air's servers to be blocked soon enough anyway when they see what is going on.

Share this post


Link to post

Ask your network admin to allow OpenVPN through. (Yes, I realize that might not be an option.)

 

It might be possible to circumvent the firewall, but if your network people are competent then I would expect Air's servers to be blocked soon enough anyway when they see what is going on.

 

Yes the first option is not really going to work. Regarding your second option, if it might be possible to circumvent the firewall, then do enlighten me. Our network team dont do any deep packet inspection or analyze data 24X7. From a base of what has been provided by Fortiguard firewall, they add up sites to their filter when they come to know of it mostly through rumours or chit-chats circulating inside our organisation. And even if they block airvpn servers after a certain period of time,say 6 months, given that time i would say it is more than enough for me. Alas, let me give a try.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...