htpc 9 Posted ... Starting today morning I'm no longer able to connect to the internet when using the AirVPN DNS 10.4.0.1 as my primary DNS in my routers configuration. I had this working for months without any problems and didn't change any settings. Is there some known problem with the Air DNS servers or am I missing something? For the moment I switched primary DNS to OpenNIC ones and everything is working again. I may also say it feels much faster as before when using Air DNS, but that might be an illusion. Are there any obvious problem when using OpenNIC instead of Air as primary DNS? Thank you for your help! Quote Share this post Link to post
corrado 100 Posted ... Try having a look at the OpenVPN log. There should be a line starting with "PUSH: received control message" that contains exact info about which DNS option is pushed by the OpenVPN server. Otherwise, it often helps configuring more than one DNS server to have a fallback. In AirVPN's case 10.4.0.1 and 10.5.0.1 usually works. Quote Share this post Link to post
htpc 9 Posted ... PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.4.0.1 comp-lzo no route-gateway 10.4.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.4.0.7 255.255.0.0 peer-id 75 cipher AES-256-GCM' This is what it says in the log. I'm also having a lot of those in my logs: 20180430 13:54:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:40 D MANAGEMENT: CMD 'status 2' 20180430 13:54:40 MANAGEMENT: Client disconnected 20180430 13:54:40 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:40 D MANAGEMENT: CMD 'log 500' 20180430 13:54:40 MANAGEMENT: Client disconnected 20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:45 D MANAGEMENT: CMD 'state' 20180430 13:54:45 MANAGEMENT: Client disconnected 20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:45 D MANAGEMENT: CMD 'state' 20180430 13:54:45 MANAGEMENT: Client disconnected 20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:45 D MANAGEMENT: CMD 'state' 20180430 13:54:45 MANAGEMENT: Client disconnected 20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:45 D MANAGEMENT: CMD 'status 2' 20180430 13:54:45 MANAGEMENT: Client disconnected 20180430 13:54:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 13:54:45 D MANAGEMENT: CMD 'log 500' 20180430 15:07:56 N AEAD Decrypt error: bad packet ID (may be a replay): [ #42125 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 20180430 15:07:56 N AEAD Decrypt error: bad packet ID (may be a replay): [ #42126 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings 20180430 15:07:56 N AEAD Decrypt error: bad packet ID (may be a replay): [ #42127 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings Don't know if it is related or not, but I cannot remember having seen these before!? They appear dozens of them every minute. Tunnel is working though and IPLeak shows no leaks! Quote Share this post Link to post
corrado 100 Posted ... Is the connection actually succesfull - as in are you seeing the line "Initialization sequence complete"? Are you getting any option errors or authentication failure messages? Maybe, post the complete log. I suspect there is some option in your config file that does not play nice with your current configuration. Have you tried other servers and other protocols? About the decrypt errors: Have a look at this thread. Quote Share this post Link to post
htpc 9 Posted ... This is the full log after a router reboot. Tunnel is up and sequence completes successfully. From there on with every refresh of the log I'm seeing the messages a per my last post. Clientlog: 19700101 01:00:29 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 19700101 01:00:29 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 19700101 01:00:29 I OpenVPN 2.4.5 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 26 2018 19700101 01:00:29 I library versions: OpenSSL 1.1.0g 2 Nov 2017 LZO 2.09 19700101 01:00:29 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 19700101 01:00:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19700101 01:00:29 W WARNING: Your certificate is not yet valid! 19700101 01:00:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 01:00:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 01:00:29 I TCP/UDP: Preserving recently used remote address: [AF_INET]217.64.127.194:443 19700101 01:00:29 Socket Buffers: R=[180224->180224] S=[180224->180224] 19700101 01:00:29 I UDPv4 link local: (not bound) 19700101 01:00:29 I UDPv4 link remote: [AF_INET]217.64.127.194:443 19700101 01:00:29 TLS: Initial packet from [AF_INET]217.64.127.194:443 sid=41c030ff ff39c996 20180430 15:26:27 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20180430 15:26:27 N TLS Error: TLS handshake failed 20180430 15:26:27 I SIGUSR1[soft tls-error] received process restarting 20180430 15:26:27 Restart pause 5 second(s) 20180430 15:26:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20180430 15:26:32 I TCP/UDP: Preserving recently used remote address: [AF_INET]217.64.127.194:443 20180430 15:26:32 Socket Buffers: R=[180224->180224] S=[180224->180224] 20180430 15:26:32 I UDPv4 link local: (not bound) 20180430 15:26:32 I UDPv4 link remote: [AF_INET]217.64.127.194:443 20180430 15:26:32 TLS: Initial packet from [AF_INET]217.64.127.194:443 sid=a1700524 07a3a2dd 20180430 15:26:32 VERIFY OK: depth=1 C=IT ST=IT L=Perugia O=airvpn.org CN=airvpn.org CA emailAddress=info@airvpn.org 20180430 15:26:32 VERIFY KU OK 20180430 15:26:32 NOTE: --mute triggered... 20180430 15:26:33 5 variation(s) on previous 3 message(s) suppressed by --mute 20180430 15:26:33 I [Caelum] Peer Connection Initiated with [AF_INET]217.64.127.194:443 20180430 15:26:34 SENT CONTROL [Caelum]: 'PUSH_REQUEST' (status=1) 20180430 15:26:34 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.4.0.1 comp-lzo no route-gateway 10.4.0.1 topology subnet ping 10 ping-restart 60 ifconfig 10.4.0.7 255.255.0.0 peer-id 77 cipher AES-256-GCM' 20180430 15:26:34 OPTIONS IMPORT: timers and/or timeouts modified 20180430 15:26:34 NOTE: --mute triggered... 20180430 15:26:34 8 variation(s) on previous 3 message(s) suppressed by --mute 20180430 15:26:34 Data Channel: using negotiated cipher 'AES-256-GCM' 20180430 15:26:34 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 20180430 15:26:34 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 20180430 15:26:34 I TUN/TAP device tun1 opened 20180430 15:26:34 TUN/TAP TX queue length set to 100 20180430 15:26:34 D do_ifconfig tt->did_ifconfig_ipv6_setup=0 20180430 15:26:34 I /sbin/ifconfig tun1 10.4.0.7 netmask 255.255.0.0 mtu 1500 broadcast 10.4.255.255 20180430 15:26:34 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 20180430 15:26:34 I Initialization Sequence Completed 20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 15:26:41 D MANAGEMENT: CMD 'state' 20180430 15:26:41 MANAGEMENT: Client disconnected 20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 15:26:41 D MANAGEMENT: CMD 'state' 20180430 15:26:41 MANAGEMENT: Client disconnected 20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 15:26:41 D MANAGEMENT: CMD 'state' 20180430 15:26:41 MANAGEMENT: Client disconnected 20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 15:26:41 D MANAGEMENT: CMD 'status 2' 20180430 15:26:41 MANAGEMENT: Client disconnected 20180430 15:26:41 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20180430 15:26:41 D MANAGEMENT: CMD 'log 500' 19700101 01:00:00 And here's my config: Quote Share this post Link to post
corrado 100 Posted ... Have you always had these tls-errors? If this is DD-WRT try to configure your options as described in the official guide. Otherwise see what happens when using another server and another protocol (TCP). Quote Share this post Link to post
htpc 9 Posted ... The TLS errors just happen because after reboot the ntp client was not yet able to fetch the correct time. As soon as that has happened the errors go away and the tunnel works. Everything else is now configured according to the guide, although I'm not sure the nscerttype is still the way to go? Logs still look the same. I read the link you posted about the decrypt errors but don't know what the actual solution is from reading it? Altering the MTU settings? I never had to do this until now! Even stranger, when checkin ipleak.net I get this: No DNS servers? The test gets stuck at this point with only showing the errors. Still my internet and tunnel are working. Something strange is going on here, no? Thanks for your help! Quote Share this post Link to post
corrado 100 Posted ... The ipleak issue is a known problem and discussed in this thread, so don't worry about that, most likely has nothing to do with your problem. I'm not sure about the decrypt error, I never had this problem myself, but this could be connected to your ISP. If I were you, I would open a ticket with AirVPN staff in this case. Quote Share this post Link to post
greerd 5 Posted ... @htpc, your config shows that LZO compression is not enabled, I believe it should be enabled. Quote Share this post Link to post
htpc 9 Posted ... @greerd You're right, I was trying different things with the config to see if it makes any difference. LZO was and and is again enabled though with no obvious influence on the log messages. Thank you very much for your input! Quote Share this post Link to post
dokomoko 0 Posted ... I don't think this is an issue with your config. There have been intermittent DNS server issues recently (see here: https://airvpn.org/topic/26469-ipleak-dns-address-0-servers-100-errors/). They come and go it seems. Hopefully, AirVPN will chime in here and provide us with an update?! Quote Share this post Link to post
Staff 10014 Posted ... I don't think this is an issue with your config. There have been intermittent DNS server issues recently (see here: https://airvpn.org/topic/26469-ipleak-dns-address-0-servers-100-errors/). They come and go it seems. Hopefully, AirVPN will chime in here and provide us with an update?! Let's clarify once and for all because this thread is derailing to FUD. Problems in ipleak.net have nothing to do with AirVPN infrastructure. This web site is powered by AirVPN funds and maintained by an AirVPN co-founder, but it is outside the VPN infrastructure. Kind regards Quote Share this post Link to post