Jump to content
Not connected, Your IP: 52.15.109.209
YLwpLUbcf77U

Stuck on a cruise ship and AirVPN won't connect

Recommended Posts

Hey guys,

 

I'm on a cruise ship w/ WIFI for the next day and I can't seem to get AirVPN to connect to a server.

 

It always just hangs on the Authorization phase of logging in.

 

This is with the latest version of Eddie on Windows 8.1 64.

 

I tried various servers and ports both UDP, TCP, SSH, and SSL.

 

Any ideas or should I just be careful of using the internet for the next day?

Thanks.

Share this post


Link to post

If you're connecting over TCP:443 it should work, else the whole internet would be broken. Are you trying to bypass the Fortinet authorisation? You'll need to be granted network access before the VPN will connect regardless of the protocol and port you end up using. At least that was my experience in a similar situation recently. 

Share this post


Link to post

I'm not trying to bypass Fortinet's authorization.

 

Fortinet seems to have various things in place to prevent VPN usage.

 

I'm *pretty* sure (not 100% positive) that I tried TCP, but I'll try it again later.

 

The cruise internet is really slow now given the time and just loading this page off the VPN took several minutes.

Share this post


Link to post

I'm not trying to bypass Fortinet's authorization.

 

Fortinet seems to have various things in place to prevent VPN usage.

 

I'm *pretty* sure (not 100% positive) that I tried TCP, but I'll try it again later.

 

The cruise internet is really slow now given the time and just loading this page off the VPN took several minutes.

Share this post


Link to post

If you're already authorised to access the network then TCP:443 should work as it's the standard SSL port and required to be open on even the most restrictive firewall in order for the internet to work. You could also try UDP 53 (DNS port) and SSL tunnel over 443 (which again should easily work). If not maybe they have some kind of funky DPI going on, but it's unlikely.

Share this post


Link to post

Fortigate routers has a built in MITM SSL attack called "SSL Inspection" - I'm guessing that if it sees SSL traffic it's cant inspect, it just drops it.

Share this post


Link to post

OK, this is bizarre.

 

I'm at a hotel now with a similar Wifi Hotspot system (have to login first before you can use the internet).

 

AirVPN works fine on my Android (using OpenVPN for Android), but I can't get Eddie to work on my Windows laptop.

 

However, I downloaded the OpenVPN windows GUI and am logged in through it without issue.

 

Any idea why I can't use Eddie?  I'm having the same issue that I wrote way up above (doesn't go past the Authorization phase).

Share this post


Link to post

Hello!

 

Can you post the logs? In particular, the fact that Eddie fails where OpenVPN alone succeeds is particularly annoying and we need. to investigate. Our purpose with Eddie is to make connections easier, not harder.

 

Kind regards

Share this post


Link to post

Hello,

 

first are the logs w/ AirVPN trying to connect to Alkes on UDP 443

 

I 2015.08.27 10:21:30 - AirVPN client version: 2.10.3 / x64, System: Windows, Name: Microsoft Windows NT 6.2.9200.0 / x64
. 2015.08.27 10:21:30 - Reading options from C:\Program Files\AirVPN\AirVPN.xml
. 2015.08.27 10:21:30 - Data Path: C:\Program Files\AirVPN
. 2015.08.27 10:21:30 - App Path: C:\Program Files\AirVPN
. 2015.08.27 10:21:30 - Executable Path: C:\Program Files\AirVPN\AirVPN.exe
. 2015.08.27 10:21:30 - Command line arguments (0):
. 2015.08.27 10:21:30 - Operating System: Microsoft Windows NT 6.2.9200.0
. 2015.08.27 10:21:30 - Updating systems & servers data ...
. 2015.08.27 10:21:32 - Systems & servers data update completed
I 2015.08.27 10:21:32 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.1
I 2015.08.27 10:21:32 - OpenVPN - Version: OpenVPN 2.3.8 (C:\Program Files\AirVPN\openvpn.exe)
I 2015.08.27 10:21:32 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe)
I 2015.08.27 10:21:32 - SSL - Version: stunnel 5.17 (C:\Program Files\AirVPN\stunnel.exe)
! 2015.08.27 10:21:32 - Ready
I 2015.08.27 10:22:33 - Session starting.
I 2015.08.27 10:22:33 - Network adapter DHCP switched to static (Intel® Dual Band Wireless-AC 7260)
I 2015.08.27 10:22:38 - IPv6 disabled.
I 2015.08.27 10:22:38 - Checking authorization ...
. 2015.08.27 10:22:38 - Checking authorization ..., 1° try failed (Length of the data to decrypt is invalid.)
. 2015.08.27 10:22:38 - Checking authorization ..., 2° try failed (Length of the data to decrypt is invalid.)
. 2015.08.27 10:22:38 - Checking authorization ..., 3° try failed (Length of the data to decrypt is invalid.)
. 2015.08.27 10:22:38 - Checking authorization ..., 4° try failed (Length of the data to decrypt is invalid.)
W 2015.08.27 10:22:38 - Authorization check failed, continue anyway ({1])
! 2015.08.27 10:22:38 - Connecting to Alkes (United States, Los Angeles)
. 2015.08.27 10:22:39 - OpenVPN > OpenVPN 2.3.8 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015
. 2015.08.27 10:22:39 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
. 2015.08.27 10:22:39 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2015.08.27 10:22:39 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2015.08.27 10:22:39 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.08.27 10:22:39 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.08.27 10:22:39 - OpenVPN > Socket Buffers: R=[65536->131072] S=[65536->131072]
. 2015.08.27 10:22:39 - OpenVPN > UDPv4 link local: [undef]
. 2015.08.27 10:22:39 - OpenVPN > UDPv4 link remote: [AF_INET]199.241.146.178:443
. 2015.08.27 10:23:11 - OpenVPN > [uNDEF] Inactivity timeout (--ping-exit), exiting
. 2015.08.27 10:23:11 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2015.08.27 10:23:17 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
! 2015.08.27 10:23:17 - Disconnecting
. 2015.08.27 10:23:17 - Connection terminated.
I 2015.08.27 10:23:20 - Checking authorization ...
. 2015.08.27 10:23:20 - Checking authorization ..., 1° try failed (Length of the data to decrypt is invalid.)
. 2015.08.27 10:23:30 - Checking authorization ..., 2° try failed (The operation has timed out)
. 2015.08.27 10:23:30 - Checking authorization ..., 3° try failed (Length of the data to decrypt is invalid.)
. 2015.08.27 10:23:30 - Checking authorization ..., 4° try failed (Length of the data to decrypt is invalid.)
W 2015.08.27 10:23:30 - Authorization check failed, continue anyway ({1])
! 2015.08.27 10:23:30 - Connecting to Alkes (United States, Los Angeles)
. 2015.08.27 10:23:30 - OpenVPN > OpenVPN 2.3.8 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Aug 13 2015
. 2015.08.27 10:23:30 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
. 2015.08.27 10:23:30 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2015.08.27 10:23:30 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2015.08.27 10:23:30 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.08.27 10:23:30 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.08.27 10:23:30 - OpenVPN > Socket Buffers: R=[65536->131072] S=[65536->131072]
. 2015.08.27 10:23:30 - OpenVPN > UDPv4 link local: [undef]
. 2015.08.27 10:23:30 - OpenVPN > UDPv4 link remote: [AF_INET]199.241.146.178:443
. 2015.08.27 10:24:02 - OpenVPN > [uNDEF] Inactivity timeout (--ping-exit), exiting
. 2015.08.27 10:24:02 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2015.08.27 10:24:07 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
! 2015.08.27 10:24:07 - Disconnecting
. 2015.08.27 10:24:07 - Connection terminated.
I 2015.08.27 10:24:10 - Cancel requested.
I 2015.08.27 10:24:10 - IPv6 restored.
I 2015.08.27 10:24:10 - DHCP of a network adapter restored to original settings (Intel® Dual Band Wireless-AC 7260)
! 2015.08.27 10:24:11 - Session terminated.

 

 

Now the same w/ OpenVPN:

 

Thu Aug 27 10:30:23 2015 OpenVPN 2.3.8 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [PKCS11] [iPv6] built on Aug  4 2015
Thu Aug 27 10:30:23 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Management Password:
Thu Aug 27 10:30:23 2015 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Thu Aug 27 10:30:23 2015 Need hold release from management interface, waiting...
Thu Aug 27 10:30:23 2015 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Thu Aug 27 10:30:23 2015 MANAGEMENT: CMD 'state on'
Thu Aug 27 10:30:23 2015 MANAGEMENT: CMD 'log all on'
Thu Aug 27 10:30:23 2015 MANAGEMENT: CMD 'hold off'
Thu Aug 27 10:30:23 2015 MANAGEMENT: CMD 'hold release'
Thu Aug 27 10:30:23 2015 Control Channel Authentication: tls-auth using INLINE static key file
Thu Aug 27 10:30:23 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 27 10:30:23 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 27 10:30:23 2015 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Aug 27 10:30:23 2015 UDPv4 link local: [undef]
Thu Aug 27 10:30:23 2015 UDPv4 link remote: [AF_INET]199.241.146.178:443
Thu Aug 27 10:30:23 2015 MANAGEMENT: >STATE:1440639023,WAIT,,,
Thu Aug 27 10:30:23 2015 MANAGEMENT: >STATE:1440639023,AUTH,,,
Thu Aug 27 10:30:23 2015 TLS: Initial packet from [AF_INET]199.241.146.178:443, sid=da216ac5 01135f19
Thu Aug 27 10:30:24 2015 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Thu Aug 27 10:30:24 2015 Validating certificate key usage
Thu Aug 27 10:30:24 2015 ++ Certificate has key usage  00a0, expects 00a0
Thu Aug 27 10:30:24 2015 VERIFY KU OK
Thu Aug 27 10:30:24 2015 Validating certificate extended key usage
Thu Aug 27 10:30:24 2015 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Aug 27 10:30:24 2015 VERIFY EKU OK
Thu Aug 27 10:30:24 2015 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Thu Aug 27 10:30:27 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 27 10:30:27 2015 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 27 10:30:27 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Aug 27 10:30:27 2015 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 27 10:30:27 2015 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Aug 27 10:30:27 2015 [server] Peer Connection Initiated with [AF_INET]199.241.146.178:443
Thu Aug 27 10:30:28 2015 MANAGEMENT: >STATE:1440639028,GET_CONFIG,,,
Thu Aug 27 10:30:29 2015 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Aug 27 10:30:31 2015 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.0.75 255.255.0.0'
Thu Aug 27 10:30:31 2015 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 27 10:30:31 2015 OPTIONS IMPORT: LZO parms modified
Thu Aug 27 10:30:31 2015 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 27 10:30:31 2015 OPTIONS IMPORT: route options modified
Thu Aug 27 10:30:31 2015 OPTIONS IMPORT: route-related options modified
Thu Aug 27 10:30:31 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 27 10:30:31 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Aug 27 10:30:31 2015 MANAGEMENT: >STATE:1440639031,ASSIGN_IP,,10.4.0.75,
Thu Aug 27 10:30:31 2015 open_tun, tt->ipv6=0
Thu Aug 27 10:30:31 2015 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{4F0DF138-F74A-4767-9D50-39D280995541}.tap
Thu Aug 27 10:30:31 2015 TAP-Windows Driver Version 9.21
Thu Aug 27 10:30:31 2015 Set TAP-Windows TUN subnet mode network/local/netmask = 10.4.0.0/10.4.0.75/255.255.0.0 [sUCCEEDED]
Thu Aug 27 10:30:31 2015 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.4.0.75/255.255.0.0 on interface {4F0DF138-F74A-4767-9D50-39D280995541} [DHCP-serv: 10.4.255.254, lease-time: 31536000]
Thu Aug 27 10:30:31 2015 Successful ARP Flush on interface [10] {4F0DF138-F74A-4767-9D50-39D280995541}
Thu Aug 27 10:30:36 2015 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Aug 27 10:30:36 2015 C:\Windows\system32\route.exe ADD 199.241.146.178 MASK 255.255.255.255 78.64.88.1
Thu Aug 27 10:30:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Aug 27 10:30:36 2015 Route addition via IPAPI succeeded [adaptive]
Thu Aug 27 10:30:36 2015 C:\Windows\system32\route.exe ADD 78.64.88.1 MASK 255.255.255.255 78.64.88.1 IF 3
Thu Aug 27 10:30:36 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Thu Aug 27 10:30:36 2015 Route addition via IPAPI succeeded [adaptive]
Thu Aug 27 10:30:36 2015 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.0.1
Thu Aug 27 10:30:37 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Aug 27 10:30:37 2015 Route addition via IPAPI succeeded [adaptive]
Thu Aug 27 10:30:37 2015 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.0.1
Thu Aug 27 10:30:37 2015 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Aug 27 10:30:37 2015 Route addition via IPAPI succeeded [adaptive]
Thu Aug 27 10:30:37 2015 Initialization Sequence Completed
Thu Aug 27 10:30:37 2015 MANAGEMENT: >STATE:1440639037,CONNECTED,SUCCESS,10.4.0.75,199.241.146.178


 

Share this post


Link to post

I'm at another hotel now and Eddie works again!

 

Very strange.

 

Let's keep this open for now in case more issues turn up (we've another 7 or 8 hotels left!)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...