Troubles with client

organicrust

I cannot get the client to work for trying. Every time I try to log in to the airvpn client it tells me that I am already connected. When I try to open openvpn gui, I get an error message that it is already running.

What am I doing wrong and how do I get things to work?

Staff

I cannot get the client to work for trying. Every time I try to log in to the airvpn client it tells me that I am already connected. When I try to open openvpn gui, I get an error message that it is already running.
What am I doing wrong and how do I get things to work?

Hello!

Please launch Airvpn client only or OpenVPN only. You can connect either with the first or the second (the client is an OpenVPN wrapper with additional commodities) but you can't try a connection with them both at the same time.

About the "already connected" problem, can you please send us the connection logs?

Kind regards

Globespy

I get this exact same issue also. It's almost always after the computer is used out of sleep or hibernation.

Even killing AirVPN client from task manager and trying to re-launch will give the same "already connected" error.

Logging off and back in won't work either.

The only solution is a complete reboot of the computer.

I can replicate this probably 7 times out of every 10 when I start my computer after hibernation.

I'll try to remember to keep logs next time.

I'm using Win 7 (64-bit) Home Premium.

EDIT: Log Output Attached - It can be replicated EVERY time my computer boots out of hibernation

5/3/2012 - 5:39 PM Successful ARP Flush on interface [14] {4C7AAF82-3C5A-466D-A9E8-C5DE0F2FBE02}

5/3/2012 - 5:39 PM TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

5/3/2012 - 5:39 PM C:\WINDOWS\system32\route.exe ADD 69.163.36.66 MASK 255.255.255.255 192.168.1.1

5/3/2012 - 5:39 PM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=100 and dwForwardType=4

5/3/2012 - 5:39 PM Route addition via IPAPI succeeded [adaptive]

5/3/2012 - 5:39 PM C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.11.45

5/3/2012 - 5:39 PM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

5/3/2012 - 5:39 PM Route addition via IPAPI succeeded [adaptive]

5/3/2012 - 5:39 PM C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.11.45

5/3/2012 - 5:39 PM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

5/3/2012 - 5:39 PM Route addition via IPAPI succeeded [adaptive]

5/3/2012 - 5:39 PM C:\WINDOWS\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.11.45

5/3/2012 - 5:39 PM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

5/3/2012 - 5:39 PM Route addition via IPAPI succeeded [adaptive]

5/3/2012 - 5:39 PM Initialization Sequence Completed

5/3/2012 - 5:39 PM Starting Management Interface...

5/3/2012 - 5:39 PM Checking...

5/3/2012 - 5:40 PM Retrieve statistics...

5/3/2012 - 5:40 PM Connected.

5/3/2012 - 6:39 PM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/3/2012 - 6:39 PM VERIFY OK: nsCertType=SERVER

5/3/2012 - 6:39 PM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/3/2012 - 6:39 PM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 6:39 PM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 6:39 PM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 6:39 PM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 6:39 PM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/3/2012 - 7:39 PM TLS: tls_process: killed expiring key

5/3/2012 - 7:39 PM TLS: soft reset sec=0 bytes=26416464/0 pkts=64345/0

5/3/2012 - 7:39 PM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/3/2012 - 7:39 PM VERIFY OK: nsCertType=SERVER

5/3/2012 - 7:39 PM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/3/2012 - 7:39 PM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 7:39 PM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 7:39 PM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 7:39 PM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 7:39 PM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/3/2012 - 8:39 PM TLS: tls_process: killed expiring key

5/3/2012 - 8:39 PM TLS: soft reset sec=0 bytes=12443022/0 pkts=31964/0

5/3/2012 - 8:39 PM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/3/2012 - 8:39 PM VERIFY OK: nsCertType=SERVER

5/3/2012 - 8:39 PM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/3/2012 - 8:39 PM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 8:39 PM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 8:39 PM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 8:39 PM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 8:39 PM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/3/2012 - 9:39 PM TLS: tls_process: killed expiring key

5/3/2012 - 9:39 PM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/3/2012 - 9:39 PM VERIFY OK: nsCertType=SERVER

5/3/2012 - 9:39 PM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/3/2012 - 9:39 PM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 9:39 PM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 9:39 PM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 9:39 PM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 9:39 PM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/3/2012 - 10:39 PM TLS: tls_process: killed expiring key

5/3/2012 - 10:39 PM TLS: soft reset sec=0 bytes=3019671/0 pkts=16304/0

5/3/2012 - 10:39 PM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/3/2012 - 10:39 PM VERIFY OK: nsCertType=SERVER

5/3/2012 - 10:39 PM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/3/2012 - 10:39 PM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 10:39 PM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 10:39 PM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 10:39 PM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 10:39 PM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/3/2012 - 11:39 PM TLS: tls_process: killed expiring key

5/3/2012 - 11:39 PM TLS: soft reset sec=0 bytes=2479290/0 pkts=13052/0

5/3/2012 - 11:39 PM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/3/2012 - 11:39 PM VERIFY OK: nsCertType=SERVER

5/3/2012 - 11:39 PM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/3/2012 - 11:39 PM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 11:39 PM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 11:39 PM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/3/2012 - 11:39 PM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/3/2012 - 11:39 PM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/4/2012 - 5:54 AM [server] Inactivity timeout (--ping-restart), restarting

5/4/2012 - 5:54 AM TCP/UDP: Closing socket

5/4/2012 - 5:54 AM Re-connecting...

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe DELETE 10.4.0.1 MASK 255.255.255.255 10.4.11.45

5/4/2012 - 5:54 AM Warning: route gateway is not reachable on any active network adapters: 10.4.11.45

5/4/2012 - 5:54 AM Route deletion via IPAPI failed [adaptive]

5/4/2012 - 5:54 AM Route deletion fallback to route.exe

5/4/2012 - 5:54 AM OK!

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe DELETE 69.163.36.66 MASK 255.255.255.255 192.168.1.1

5/4/2012 - 5:54 AM Warning: route gateway is not reachable on any active network adapters: 192.168.1.1

5/4/2012 - 5:54 AM Route deletion via IPAPI failed [adaptive]

5/4/2012 - 5:54 AM Route deletion fallback to route.exe

5/4/2012 - 5:54 AM OK!

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.4.11.45

5/4/2012 - 5:54 AM Warning: route gateway is not reachable on any active network adapters: 10.4.11.45

5/4/2012 - 5:54 AM Route deletion via IPAPI failed [adaptive]

5/4/2012 - 5:54 AM Route deletion fallback to route.exe

5/4/2012 - 5:54 AM OK!

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.4.11.45

5/4/2012 - 5:54 AM Warning: route gateway is not reachable on any active network adapters: 10.4.11.45

5/4/2012 - 5:54 AM Route deletion via IPAPI failed [adaptive]

5/4/2012 - 5:54 AM Route deletion fallback to route.exe

5/4/2012 - 5:54 AM OK!

5/4/2012 - 5:54 AM Closing TUN/TAP interface

5/4/2012 - 5:54 AM SIGUSR1[soft,ping-restart] received, process restarting

5/4/2012 - 5:54 AM Restart pause, 2 second(s)

5/4/2012 - 5:54 AM NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

5/4/2012 - 5:54 AM LZO compression initialized

5/4/2012 - 5:54 AM Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

5/4/2012 - 5:54 AM Socket Buffers: R=[8192->8192] S=[8192->8192]

5/4/2012 - 5:54 AM Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

5/4/2012 - 5:54 AM Local Options hash (VER=V4): '22188c5b'

5/4/2012 - 5:54 AM Expected Remote Options hash (VER=V4): 'a8f55717'

5/4/2012 - 5:54 AM UDPv4 link local: [undef]

5/4/2012 - 5:54 AM UDPv4 link remote: 69.163.36.66:443

5/4/2012 - 5:54 AM TLS: Initial packet from 69.163.36.66:443, sid=6f826789 270d1107

5/4/2012 - 5:54 AM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/4/2012 - 5:54 AM VERIFY OK: nsCertType=SERVER

5/4/2012 - 5:54 AM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/4/2012 - 5:54 AM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/4/2012 - 5:54 AM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/4/2012 - 5:54 AM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/4/2012 - 5:54 AM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/4/2012 - 5:54 AM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/4/2012 - 5:54 AM [server] Peer Connection Initiated with 69.163.36.66:443

5/4/2012 - 5:54 AM SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

5/4/2012 - 5:54 AM PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.11.46 10.4.11.45'

5/4/2012 - 5:54 AM OPTIONS IMPORT: timers and/or timeouts modified

5/4/2012 - 5:54 AM OPTIONS IMPORT: LZO parms modified

5/4/2012 - 5:54 AM OPTIONS IMPORT: --ifconfig/up options modified

5/4/2012 - 5:54 AM OPTIONS IMPORT: route options modified

5/4/2012 - 5:54 AM OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

5/4/2012 - 5:54 AM ROUTE default_gateway=192.168.1.1

5/4/2012 - 5:54 AM TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{4C7AAF82-3C5A-466D-A9E8-C5DE0F2FBE02}.tap

5/4/2012 - 5:54 AM TAP-Win32 Driver Version 9.9

5/4/2012 - 5:54 AM TAP-Win32 MTU=1500

5/4/2012 - 5:54 AM Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.4.11.46/255.255.255.252 on interface {4C7AAF82-3C5A-466D-A9E8-C5DE0F2FBE02} [DHCP-serv: 10.4.11.45, lease-time: 31536000]

5/4/2012 - 5:54 AM Successful ARP Flush on interface [14] {4C7AAF82-3C5A-466D-A9E8-C5DE0F2FBE02}

5/4/2012 - 5:54 AM TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe ADD 69.163.36.66 MASK 255.255.255.255 192.168.1.1

5/4/2012 - 5:54 AM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=100 and dwForwardType=4

5/4/2012 - 5:54 AM Route addition via IPAPI succeeded [adaptive]

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.11.45

5/4/2012 - 5:54 AM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

5/4/2012 - 5:54 AM Route addition via IPAPI succeeded [adaptive]

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.11.45

5/4/2012 - 5:54 AM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

5/4/2012 - 5:54 AM Route addition via IPAPI succeeded [adaptive]

5/4/2012 - 5:54 AM C:\WINDOWS\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.11.45

5/4/2012 - 5:54 AM ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4

5/4/2012 - 5:54 AM Route addition via IPAPI succeeded [adaptive]

5/4/2012 - 5:54 AM Initialization Sequence Completed

5/4/2012 - 5:54 AM Starting Management Interface...

5/4/2012 - 5:54 AM Checking...

5/4/2012 - 11:04 AM The operation has timed out

5/4/2012 - 11:04 AM [server] Inactivity timeout (--ping-restart), restarting

5/4/2012 - 11:04 AM TCP/UDP: Closing socket

5/4/2012 - 11:04 AM C:\WINDOWS\system32\route.exe DELETE 10.4.0.1 MASK 255.255.255.255 10.4.11.45

5/4/2012 - 11:04 AM Warning: route gateway is not reachable on any active network adapters: 10.4.11.45

5/4/2012 - 11:04 AM Route deletion via IPAPI failed [adaptive]

5/4/2012 - 11:04 AM Route deletion fallback to route.exe

5/4/2012 - 11:04 AM OK!

5/4/2012 - 11:04 AM C:\WINDOWS\system32\route.exe DELETE 69.163.36.66 MASK 255.255.255.255 192.168.1.1

5/4/2012 - 11:04 AM Route deletion via IPAPI succeeded [adaptive]

5/4/2012 - 11:04 AM C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.4.11.45

5/4/2012 - 11:04 AM Route deletion via IPAPI succeeded [adaptive]

5/4/2012 - 11:04 AM C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.4.11.45

5/4/2012 - 11:04 AM Route deletion via IPAPI succeeded [adaptive]

5/4/2012 - 11:04 AM Closing TUN/TAP interface

5/4/2012 - 11:04 AM SIGUSR1[soft,ping-restart] received, process restarting

5/4/2012 - 11:04 AM Restart pause, 2 second(s)

5/4/2012 - 11:04 AM NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

5/4/2012 - 11:04 AM LZO compression initialized

5/4/2012 - 11:04 AM Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

5/4/2012 - 11:04 AM Socket Buffers: R=[8192->8192] S=[8192->8192]

5/4/2012 - 11:04 AM Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

5/4/2012 - 11:04 AM Local Options hash (VER=V4): '22188c5b'

5/4/2012 - 11:04 AM Expected Remote Options hash (VER=V4): 'a8f55717'

5/4/2012 - 11:04 AM UDPv4 link local: [undef]

5/4/2012 - 11:04 AM UDPv4 link remote: 69.163.36.66:443

5/4/2012 - 11:04 AM TLS: Initial packet from 69.163.36.66:443, sid=5d19d153 e4951946

5/4/2012 - 11:04 AM VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

5/4/2012 - 11:04 AM VERIFY OK: nsCertType=SERVER

5/4/2012 - 11:04 AM VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

5/4/2012 - 11:04 AM Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/4/2012 - 11:04 AM Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/4/2012 - 11:04 AM Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

5/4/2012 - 11:04 AM Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

5/4/2012 - 11:04 AM Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

5/4/2012 - 11:04 AM [server] Peer Connection Initiated with 69.163.36.66:443

5/4/2012 - 11:04 AM SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

5/4/2012 - 11:04 AM PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.11.46 10.4.11.45'

5/4/2012 - 11:04 AM OPTIONS IMPORT: timers and/or timeouts modified

5/4/2012 - 11:04 AM OPTIONS IMPORT: LZO parms modified

5/4/2012 - 11:04 AM OPTIONS IMPORT: --ifconfig/up options modified

5/4/2012 - 11:04 AM OPTIONS IMPORT: route options modified

5/4/2012 - 11:04 AM OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

5/4/2012 - 11:04 AM ROUTE default_gateway=192.168.1.1

5/4/2012 - 11:04 AM Disconnected.

5/4/2012 - 11:04 AM Login...

5/4/2012 - 11:04 AM Already connected.

5/4/2012 - 11:04 AM Login...

5/4/2012 - 11:04 AM Already connected.

And then when I force the client to close (Task Manager) and restart, I get the same error:

5/4/2012 - 11:08 AM AirVPN client version: 1.7

5/4/2012 - 11:08 AM Reading options from C:\Users\XPC\AppData\Roaming\AirVPN\Air\1.0.0.0\AirVPN.xml

5/4/2012 - 11:08 AM OpenVPN bundle version: OpenVPN 2.2.2

5/4/2012 - 11:08 AM OpenVPN current version: OpenVPN 2.2.2

5/4/2012 - 11:08 AM Login...

5/4/2012 - 11:08 AM Already connected.

There is not instance of OpenVPN to be found in task manager open applications or systems processes, so it's not like I can close OpenVPN and try the AirVPN client again. Only solution is a full reboot of my PC - not ideal.

MrConducter

I'm having the exact problem as the person above. Quite unstable.

Staff

@globespy @MrConducter

The first hours of the connection logs are just fine, they show that you are connected. Note that every hour the TLS key is renegotiated for additional security. During SSL/TLS rekeying, there is a transition-window parameter that permits overlap between old and new key usage, so there is no time pressure or latency bottleneck during SSL/TLS renegotiations.

http://openvpn.net/index.php/open-source/documentation/security-overview.html

About the real problem (AUTH_FAILED) it may be due to a "dirty" disconnection. For security reasons, no account database is kept on any VPN server, so each VPN server communicates (with strong encryption) to one of our backend servers to check whether your account is still connected and to determine whether the provided user.key and certificates are proper to connect. This procedure (which is necessary because we don't want to keep account database on each VPN server and we don't want to keep the database outside the EU, for your security) may lead to up to 2-minutes of connection refusal in case of "dirty" disconnections (the backend may still "think" that your account is still connected until the time-out). Usually it does not need more than 20 seconds. If you experience AUTH_FAILED problems for more than 2 minutes, please contact us again.

Kind regards

TrumpeT

maybe you can just decrease timeout from 2 minutes to 20 seconds?

This procedure (which is necessary because we don't want to keep account database on each VPN server and we don't want to keep the database outside the EU, for your security

Why you can't just keep HASHes of username and password on each server?

Staff

maybe you can just decrease timeout from 2 minutes to 20 seconds?
This procedure (which is necessary because we don't want to keep account database on each VPN server and we don't want to keep the database outside the EU, for your security
Why you can't just keep HASHes of username and password on each server?

Hello!

Because the authentication procedure on VPN servers is not based on username and password.

Kind regards

TrumpeT

maybe you can just decrease timeout from 2 minutes to 20 seconds?
This procedure (which is necessary because we don't want to keep account database on each VPN server and we don't want to keep the database outside the EU, for your security

Why you can't just keep HASHes of username and password on each server?

Hello!

Because the authentication procedure on VPN servers is not based on username and password.

Kind regards

So probably you should redesign your VPN because "already connected" is really big issue for lot of people.

If you don't know how it should work, we can discuss it (for free)

Staff

So probably you should redesign your VPN because "already connected" is really big issue for lot of people.
If you don't know how it should work, we can discuss it (for free)

Hello!

Ok, go on. We have carefully designed AirVPN with security in mind, any further suggestion or peer review is welcome.

Kind regards

TrumpeT

Ok, so how it should be done:

When new connection arrives, you check if there is existing connection from the same user. If yes, you IMMEDIATELY send packet "ping" to the old connection (new connection is "waiting"). If 10 seconds pass without packet "pong" from the old connection, you close old connection and accept new one. 10 seconds is fully sufficient. If you have two connections from the same user - new one is responding, and old one is not responding from 10 seconds, it means that old connection is broken.

You can go even further, and implement more flexible system- you can allow user to choose this value (default 10s).

Every user could set it on their account (via www). If someone put there 0 it means that you should immediately close old connection and accept new one. If this value would be bigger than 0 it means that you should wait X seconds for "pong" from the old connection.

TrumpeT

I understand you don't answer because you know that i'm right, yes?

Staff

I understand you don't answer because you know that i'm right, yes?

Hello!

Thank you for your time.

Apparently the system you suggest needs a dramatic security lowering on our systems. Please consider the following conditions.

The VPN servers must not know the names of the connected and disconnected accounts and they must never have any account data on them. Furthermore, they can't and must not remember the IP addresses of disconnected clients (no logs).

All the communications from VPN servers toward clients must be performed only and uniquely by OpenVPN, no ping no anything else outside the tunnel (any commodity or additional communication must come only from the frontend).

Finally, there must never be a direct communication between a backend server and a client, all the backend servers must remain invisible and unknown to the clients.

A compromise on security is highly questionable on a service which focuses on it like ours.

Kind regards

TrumpeT

The VPN servers must not know the names of the connected and disconnected accounts and they must never have any account data on them. Furthermore, they can't and must not remember the IP addresses of disconnected clients (no logs).

I don't see a connection here. Now you know if client is "already connected"(so you have this information), and in my description you also know it. Only difference is that you should disconnect old connection faster.

All the communications from VPN servers toward clients must be performed only and uniquely by OpenVPN, no ping no anything else outside the tunnel (any commodity or additional communication must come only from the frontend).

I wrote "ping" but I didn't mean ICMP PING, but standard packet within your tunnel. So it can be standard TCP/IP packet.

Finally, there must never be a direct communication between a backend server and a client, all the backend servers must remain invisible and unknown to the clients.

Once again... I don't see connection between what i wrote and what you answered.

When new connection arrives to frontend, your frontend should send appropriate packet to our backend server. You should have permanent link between your servers.

If you have some weird communication between your frontend and backend server, just explain IN DETAILS how it works, and only then I will be able to help you, and tell you what you should change.

I assure you: it can be done securely and properly (now is not).

Now I don't know if you are programmer or just random PR guy.

Staff

@TrumpeT

Thank you again for your time, it is very much appreciated. Your message will be evaluated in the nearest future.

Kind regards

TrumpeT

admin - you didn't answer for more than 8 days. Now we can see - AirVPN don't care about their clients

MrConducter

Chill out dude.

TrumpeT

I am chilled out, but you know that it is true what I said. They don't know how good VPN should work, and even when you try to explain it to them - they don't answer.

MrConducter

Seriously address this issue it is becoming very frustrating while testing my firewall settings!!

Troubles with client

Recommended Posts

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Join the conversation