Problem with Lyra Server, NL

[locksmith 0]

Have been having problems with the Lyra server.

OpenVPN client shows connection established but no inbound traffic is possible (ie websites cannot be reached, etc). Firewall shows outbound traffic? Connections to other servers are all OK.

Connections made using OpenVPN client only (no Airclient).

Would be grateful for any suggestions as to why.

[Staff 9771]

Have been having problems with the Lyra server.

OpenVPN client shows connection established but no inbound traffic is possible (ie websites cannot be reached, etc). Firewall shows outbound traffic? Connections to other servers are all OK.

Connections made using OpenVPN client only (no Airclient).

Would be grateful for any suggestions as to why.

Hello!

We don't detect any problem with Lyra at all... currently several clients are connected and exchanging data. No packet loss is detected, all the processes run smoothly and the CPU load is almost 0. Perhaps a momentary issue between Lyra and your ISP?

Kind regards

[locksmith 0]

Hi,

@admin

Gave it a few days just in case the problem was one between my ISP and Lyra. Problem still remains as described. Don't think it is my end as all other AirVPN servers are performing fine. Not a crucial problem but would be nice to figure out what the cause is.

Any further ideas?

Regards

[Staff 9771]

Hi,

@admin

Gave it a few days just in case the problem was one between my ISP and Lyra. Problem still remains as described. Don't think it is my end as all other AirVPN servers are performing fine. Not a crucial problem but would be nice to figure out what the cause is.

Any further ideas?

Regards

Hello!

We confirm there are no problems on our side with Lyra. Several clients are connected and exchanging data. The server is correctly responding on all ports and properly routing packets. Average load is practically 0. Can you please send us the connection logs?

Kind regards

[locksmith 0]

Hi,

@admin

connection log to Lyra:

Fri Jul 20 11:11:59 2012 OpenVPN 2.2.2 Win32-MSVC++ [sSL] [LZO2] [PKCS11] built on Dec 15 2011

Fri Jul 20 11:11:59 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Fri Jul 20 11:11:59 2012 LZO compression initialized

Fri Jul 20 11:11:59 2012 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Fri Jul 20 11:11:59 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]

Fri Jul 20 11:11:59 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Fri Jul 20 11:11:59 2012 Local Options hash (VER=V4): '22188c5b'

Fri Jul 20 11:11:59 2012 Expected Remote Options hash (VER=V4): 'a8f55717'

Fri Jul 20 11:11:59 2012 UDPv4 link local: [undef]

Fri Jul 20 11:11:59 2012 UDPv4 link remote: 62.212.85.65:443

Fri Jul 20 11:11:59 2012 TLS: Initial packet from 62.212.85.65:443, sid=111e1318 249b3396

Fri Jul 20 11:11:59 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Fri Jul 20 11:11:59 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Fri Jul 20 11:11:59 2012 VERIFY OK: nsCertType=SERVER

Fri Jul 20 11:11:59 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Fri Jul 20 11:12:00 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Fri Jul 20 11:12:00 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Jul 20 11:12:00 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Fri Jul 20 11:12:00 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Fri Jul 20 11:12:00 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Fri Jul 20 11:12:00 2012 [server] Peer Connection Initiated with 62.212.85.65:443

Fri Jul 20 11:12:02 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Fri Jul 20 11:12:02 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.4.18.66 10.4.18.65'

Fri Jul 20 11:12:02 2012 OPTIONS IMPORT: timers and/or timeouts modified

Fri Jul 20 11:12:02 2012 OPTIONS IMPORT: LZO parms modified

Fri Jul 20 11:12:02 2012 OPTIONS IMPORT: --ifconfig/up options modified

Fri Jul 20 11:12:02 2012 OPTIONS IMPORT: route options modified

Fri Jul 20 11:12:02 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Fri Jul 20 11:12:02 2012 ROUTE default_gateway=192.168.1.254

Fri Jul 20 11:12:02 2012 TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{C5E33DD0-C5DD-4C85-B430-68AA9ED47C1A}.tap

Fri Jul 20 11:12:02 2012 TAP-Win32 Driver Version 9.9

Fri Jul 20 11:12:02 2012 TAP-Win32 MTU=1500

Fri Jul 20 11:12:02 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.4.18.66/255.255.255.252 on interface {C5E33DD0-C5DD-4C85-B430-68AA9ED47C1A} [DHCP-serv: 10.4.18.65, lease-time: 31536000]

Fri Jul 20 11:12:02 2012 Successful ARP Flush on interface [3] {C5E33DD0-C5DD-4C85-B430-68AA9ED47C1A}

Fri Jul 20 11:12:08 2012 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down

Fri Jul 20 11:12:08 2012 Route: Waiting for TUN/TAP interface to come up...

Fri Jul 20 11:12:12 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

Fri Jul 20 11:12:12 2012 D:\WINDOWS\system32\route.exe ADD 62.212.85.65 MASK 255.255.255.255 192.168.1.254

Fri Jul 20 11:12:12 2012 Route addition via IPAPI succeeded [adaptive]

Fri Jul 20 11:12:12 2012 D:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.18.65

Fri Jul 20 11:12:12 2012 Route addition via IPAPI succeeded [adaptive]

Fri Jul 20 11:12:12 2012 D:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.18.65

Fri Jul 20 11:12:12 2012 Route addition via IPAPI succeeded [adaptive]

Fri Jul 20 11:12:12 2012 D:\WINDOWS\system32\route.exe ADD 10.4.0.1 MASK 255.255.255.255 10.4.18.65

Fri Jul 20 11:12:12 2012 Route addition via IPAPI succeeded [adaptive]

Fri Jul 20 11:12:12 2012 Initialization Sequence Completed

Lyra.txt

[Staff 9771]

Hello!

In the logs there are hints that the routing table is ignored.

In any other server connection logs (the servers with which you have no problems), do you have something like:

ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=xx and dwForwardType=x

after each route.exe command?

Can you please send us the routing table after the connection to Lyra? Can you ping 10.4.0.1 after the connection to Lyra? Can you confirm that the IP address of your router is 192.168.1.254?

Kind regards

[locksmith 0]

Hi,

@admin

Thanks for speedy response. Answers to your questions:

1. Statements following Route.exe: See attached connection log to Vega (which is problem free).

2. Routing table - see attached route.jpg

3. Ping 10.4.0.1 - see attached ping.jpg

4. Ip address to router - correct

[locksmith 0]

Apologies, didn't realise the limitations on attachments.

route .jpg attached

[locksmith 0]

Finally connection log to Vegas

US_Vega.txt

[Staff 9771]

@locksmith

Hello!

There are major problems in the routing table when you're connected to Lyra. Why you have this issue only with Lyra and with no other server is still an "enigma". Can you figure out any difference in the connections?

Kind regards

[locksmith 0]

Hi,

@admin

Not quite sure what you mean by " Can you figure out any difference in the connections?". When I am connected to Lyra no incoming traffic is possible (ie I am unable to access any webpages). Comodo firewall shows there are some outgoing traffic.

What's next?

Regards

[Staff 9771]

Hi,

@admin

Not quite sure what you mean by " Can you figure out any difference in the connections?". When I am connected to Lyra no incoming traffic is possible (ie I am unable to access any webpages). Comodo firewall shows there are some outgoing traffic.

What's next?

Regards

Hello!

Since pinging 10.4.0.1 is successful, we could suppose it's a DNS resolution problem, although the routing table apparently shows further problems. Please force your system to use 10.4.0.1 as primary DNS (leave your favourite DNS as secondary) to see whether it fixes the problem. Please note that 10.4.0.1 is your VPN DNS only if you connect to port 443 UDP: https://airvpn.org/specs

Kind regards