Jump to content
Not connected, Your IP: 34.204.52.16

Recommended Posts

Starting today morning I'm no longer able to connect to the internet when using the AirVPN DNS 10.4.0.1 as my primary DNS in my routers configuration. I had this working for months without any problems and didn't change any settings. Is there some known problem with the Air DNS servers or am I missing something?

 

For the moment I switched primary DNS to OpenNIC ones and everything is working again. I may also say it feels much faster as before when using Air DNS, but that might be an illusion. Are there any obvious problem when using OpenNIC instead of Air as primary DNS?

 

Thank you for your help!

Share this post


Link to post

Try having a look at the OpenVPN log. There should be a line starting with "PUSH: received control message" that contains exact info about which DNS option is pushed by the OpenVPN server. Otherwise, it often helps configuring more than one DNS server to have a fallback. In AirVPN's case 10.4.0.1 and 10.5.0.1 usually works.

Share this post


Link to post
PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.4.0.1 comp-lzo no route-gateway 10.4.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.4.0.7 255.255.0.0 peer-id 75 cipher AES-256-GCM'

 

 

This is what it says in the log. I'm also having a lot of those in my logs:

 

20180430 13:54:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:40 D MANAGEMENT: CMD 'status 2' 
20180430 13:54:40 MANAGEMENT: Client disconnected 
20180430 13:54:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:40 D MANAGEMENT: CMD 'log 500' 
20180430 13:54:40 MANAGEMENT: Client disconnected 
20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:45 D MANAGEMENT: CMD 'state' 
20180430 13:54:45 MANAGEMENT: Client disconnected 
20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:45 D MANAGEMENT: CMD 'state' 
20180430 13:54:45 MANAGEMENT: Client disconnected 
20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:45 D MANAGEMENT: CMD 'state' 
20180430 13:54:45 MANAGEMENT: Client disconnected 
20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:45 D MANAGEMENT: CMD 'status 2' 
20180430 13:54:45 MANAGEMENT: Client disconnected 
20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 13:54:45 D MANAGEMENT: CMD 'log 500'
 

 

20180430 15:07:56 N AEAD Decrypt error: bad packet ID (may be a replay): [ #42125 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
20180430 15:07:56 N AEAD Decrypt error: bad packet ID (may be a replay): [ #42126 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 
20180430 15:07:56 N AEAD Decrypt error: bad packet ID (may be a replay): [ #42127 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
 

 

 

 

Don't know if it is related or not, but I cannot remember having seen these before!? They appear dozens of them every minute. Tunnel is working though and IPLeak shows no leaks!

Share this post


Link to post

Is the connection actually succesfull - as in are you seeing the line "Initialization sequence complete"? Are you getting any option errors or authentication failure messages? Maybe, post the complete log. I suspect there is some option in your config file that does not play nice with your current configuration. Have you tried other servers and other protocols?

 

About the decrypt errors: Have a look at this thread.

Share this post


Link to post

This is the full log after a router reboot. Tunnel is up and sequence completes successfully. From there on with every refresh of the log I'm seeing the messages a per my last post. 

 

Clientlog: 
19700101 01:00:29 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 
19700101 01:00:29 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 
19700101 01:00:29 I OpenVPN 2.4.5 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 26 2018 
19700101 01:00:29 I library versions: OpenSSL 1.1.0g 2 Nov 2017 LZO 2.09 
19700101 01:00:29 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 
19700101 01:00:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
19700101 01:00:29 W WARNING: Your certificate is not yet valid! 
19700101 01:00:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
19700101 01:00:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
19700101 01:00:29 I TCP/UDP: Preserving recently used remote address: [AF_INET]217.64.127.194:443 
19700101 01:00:29 Socket Buffers: R=[180224->180224] S=[180224->180224] 
19700101 01:00:29 I UDPv4 link local: (not bound) 
19700101 01:00:29 I UDPv4 link remote: [AF_INET]217.64.127.194:443 
19700101 01:00:29 TLS: Initial packet from [AF_INET]217.64.127.194:443 sid=41c030ff ff39c996 
20180430 15:26:27 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20180430 15:26:27 N TLS Error: TLS handshake failed 
20180430 15:26:27 I SIGUSR1[soft tls-error] received process restarting 
20180430 15:26:27 Restart pause 5 second(s) 
20180430 15:26:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20180430 15:26:32 I TCP/UDP: Preserving recently used remote address: [AF_INET]217.64.127.194:443 
20180430 15:26:32 Socket Buffers: R=[180224->180224] S=[180224->180224] 
20180430 15:26:32 I UDPv4 link local: (not bound) 
20180430 15:26:32 I UDPv4 link remote: [AF_INET]217.64.127.194:443 
20180430 15:26:32 TLS: Initial packet from [AF_INET]217.64.127.194:443 sid=a1700524 07a3a2dd 
20180430 15:26:32 VERIFY OK: depth=1 C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org 
20180430 15:26:32 VERIFY KU OK 
20180430 15:26:32 NOTE: --mute triggered... 
20180430 15:26:33 5 variation(s) on previous 3 message(s) suppressed by --mute 
20180430 15:26:33 I [Caelum] Peer Connection Initiated with [AF_INET]217.64.127.194:443 
20180430 15:26:34 SENT CONTROL [Caelum]: 'PUSH_REQUEST' (status=1) 
20180430 15:26:34 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.4.0.1 comp-lzo no route-gateway 10.4.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.4.0.7 255.255.0.0 peer-id 77 cipher AES-256-GCM' 
20180430 15:26:34 OPTIONS IMPORT: timers and/or timeouts modified 
20180430 15:26:34 NOTE: --mute triggered... 
20180430 15:26:34 8 variation(s) on previous 3 message(s) suppressed by --mute 
20180430 15:26:34 Data Channel: using negotiated cipher 'AES-256-GCM' 
20180430 15:26:34 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 
20180430 15:26:34 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 
20180430 15:26:34 I TUN/TAP device tun1 opened 
20180430 15:26:34 TUN/TAP TX queue length set to 100 
20180430 15:26:34 D do_ifconfig tt->did_ifconfig_ipv6_setup=0 
20180430 15:26:34 I /sbin/ifconfig tun1 10.4.0.7 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255 
20180430 15:26:34 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 
20180430 15:26:34 I Initialization Sequence Completed 
20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 15:26:41 D MANAGEMENT: CMD 'state' 
20180430 15:26:41 MANAGEMENT: Client disconnected 
20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 15:26:41 D MANAGEMENT: CMD 'state' 
20180430 15:26:41 MANAGEMENT: Client disconnected 
20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 15:26:41 D MANAGEMENT: CMD 'state' 
20180430 15:26:41 MANAGEMENT: Client disconnected 
20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 15:26:41 D MANAGEMENT: CMD 'status 2' 
20180430 15:26:41 MANAGEMENT: Client disconnected 
20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20180430 15:26:41 D MANAGEMENT: CMD 'log 500' 
19700101 01:00:00
 

And here's my config:

 

Share this post


Link to post

Have you always had these tls-errors? If this is DD-WRT try to configure your options as described in the official guide. Otherwise see what happens when using another server and another protocol (TCP).

Share this post


Link to post

The TLS errors just happen because after reboot the ntp client was not yet able to fetch the correct time. As soon as that has happened the errors go away and the tunnel works. Everything else is now configured according to the guide, although I'm not sure the nscerttype is still the way to go?

 

Logs still look the same. I read the link you posted about the decrypt errors but don't know what the actual solution is from reading it? Altering the MTU settings? I never had to do this until now!

 

Even stranger, when checkin ipleak.net I get this:

 

 

No DNS servers? The test gets stuck at this point with only showing the errors. Still my internet and tunnel are working. Something strange is going on here, no?

 

Thanks for your help!

Share this post


Link to post

The ipleak issue is a known problem and discussed in this thread, so don't worry about that, most likely has nothing to do with your problem. I'm not sure about the decrypt error, I never had this problem myself, but this could be connected to your ISP. If I were you, I would open a ticket with AirVPN staff in this case.

Share this post


Link to post

@htpc, your config shows that LZO compression is not enabled, I believe it should be enabled.

Share this post


Link to post

@greerd You're right, I was trying different things with the config to see if it makes any difference. LZO was and and is again enabled though with no obvious influence on the log messages. Thank you very much for your input!

Share this post


Link to post

I don't think this is an issue with your config. There have been intermittent DNS server issues recently (see here: https://airvpn.org/topic/26469-ipleak-dns-address-0-servers-100-errors/). They come and go it seems. Hopefully, AirVPN will chime in here and provide us with an update?!

 

Let's clarify once and for all because this thread is derailing to FUD. Problems in ipleak.net have nothing to do with AirVPN infrastructure. This web site is powered by AirVPN funds and maintained by an AirVPN co-founder, but it is outside the VPN infrastructure.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...