Jump to content
Not connected, Your IP: 3.15.2.239
TDJ211

SOLVED: Cannot connect to VPN using tls-crypt but am good using standard AIRVPN settings

Recommended Posts

 Im interested in trying out tls-crypt as I suspect my ISP is capping my speeds to about half of my full 100Mbps connection using OpenVPN. 

 

I can connect just fine using the standard 443 UDP protocol but when I try using the tls-crypt I can never get it to connect. I keep getting this error message in the logs

 

write UDPv4: Permission denied (code=13)

 

Any ideas?

 

EDIT:

OK, after changing back to regular VPN, it appears a reboot is necessary to restore connectivity. So I went back and tried the tls-crypt VPN, rebooted and I finally am getting "Initialization Seqeunce Complete" in logs. I look under OpenVPN status page, and it shows connected. But now im getting this below

 

Oct 7 20:05:31 openvpn 54750 Authenticate/Decrypt packet error: packet HMAC authentication failed
Oct 7 20:05:22 openvpn 54750 Initialization Sequence Completed
 
EDIT2: I FINALLY got this working!! I used TCP port 41185. I got UDP to connect at first, but I was still getting capped. Once I switched to TCP, I finally started getting my full speed. 
 
For all you pfSense users, here's the key to getting this to work
 

1) Use tls-crypt.key

2) tls key usage mode needs to be authentication and encryption

3) auth digest algorithm needs to be sha512

4) Under Interface > Assignments,  change your Interface to new ovpn client.

5) Reboot

6) Profit

 

Share this post


Link to post

Im interested in trying out tls-crypt as I suspect my ISP is capping my speeds to about half of my full 100Mbps connection using OpenVPN.

 

I can connect just fine using the standard 443 UDP protocol but when I try using the tls-crypt I can never get it to connect. I keep getting this error message in the logs

 

write UDPv4: Permission denied (code=13)

 

Any ideas?

 

EDIT:

OK, after changing back to regular VPN, it appears a reboot is necessary to restore connectivity. So I went back and tried the tls-crypt VPN, rebooted and I finally am getting "Initialization Seqeunce Complete" in logs. I look under OpenVPN status page, and it shows connected. But now im getting this below

 

Oct 7 20:05:31 openvpn 54750 Authenticate/Decrypt packet error: packet HMAC authentication failed

Oct 7 20:05:22 openvpn 54750 Initialization Sequence Completed

 

EDIT2: I FINALLY got this working!! I used TCP port 41185. I got UDP to connect at first, but I was still getting capped. Once I switched to TCP, I finally started getting my full speed.

 

For all you pfSense users, here's the key to getting this to work

 

1) Use tls-crypt.key

2) tls key usage mode needs to be authentication and encryption

3) auth digest algorithm needs to be sha512

4) Under Interface > Assignments, change your Interface to new ovpn client.

5) Reboot

6) Profit

Number 1, exactly where is that located?

 

Sent from my BND-L34 using Tapatalk

Share this post


Link to post

I’ve been saying this exact stuff re pfsense and tls-crypt since the first gen 2 test server (castor) came online many months ago.

 

Please don’t act like you discovered something new.

Share this post


Link to post

I’ve been saying this exact stuff re pfsense and tls-crypt since the first gen 2 test server (castor) came online many months ago.

 

Please don’t act like you discovered something new.

Is this aimed at me??

 

Sent from my BND-L34 using Tapatalk

Share this post


Link to post

 

I’ve been saying this exact stuff re pfsense and tls-crypt since the first gen 2 test server (castor) came online many months ago.

Please don’t act like you discovered something new.

Is this aimed at me??

Sent from my BND-L34 using Tapatalk

No. At the OP.

Share this post


Link to post

 

 

I’ve been saying this exact stuff re pfsense and tls-crypt since the first gen 2 test server (castor) came online many months ago.

Please don’t act like you discovered something new.

Is this aimed at me??

Sent from my BND-L34 using Tapatalk

No. At the OP.
Ok,

 

Sent from my BND-L34 using Tapatalk

Share this post


Link to post
On 10/11/2018 at 7:36 AM, go558a83nk said:

I’ve been saying this exact stuff re pfsense and tls-crypt since the first gen 2 test server (castor) came online many months ago.

 

Please don’t act like you discovered something new.


Oh lookie at mister big shot over here. You sir are an absolute douchebag. 

I give no fucks if it may have been common knowledge or a stupid question. At least I put in the work in figuring it out myself and not pestering the boards with my inferior intellect..

I was just simply following up with my solution in case anyone in the future stumbles upon this thread with a similar problem. There's nothing more frustrating than scouring all corners of the internet to finally find someone else with the same problem but they were too lazy and inconsiderate to update with the solution. It's like how can you expect help if youre not willing to return the favor? And in this instance, its the entire community and anyone else who visits in the future.

That being said, my apologies, I didnt mean to interrupt you wacking off to yourself in the mirror with your countless IT certs in the background. 



 

Share this post


Link to post
6 hours ago, TDJ211 said:

Oh lookie at mister big shot over here. You sir are an absolute douchebag. 

I give no fucks if it may have been common knowledge or a stupid question. At least I put in the work in figuring it out myself and not pestering the boards with my inferior intellect..

I was just simply following up with my solution in case anyone in the future stumbles upon this thread with a similar problem. There's nothing more frustrating than scouring all corners of the internet to finally find someone else with the same problem but they were too lazy and inconsiderate to update with the solution. It's like how can you expect help if youre not willing to return the favor? And in this instance, its the entire community and anyone else who visits in the future.

That being said, my apologies, I didnt mean to interrupt you wacking off to yourself in the mirror with your countless IT certs in the background. 



 

I'm no big shot but I don't take the time to post and reply to others without hoping that it's appreciated and that the forum search is used.  That's the big no no around here - not using the forum search.

You see, here's an example of me helping another user with the same problem.  Note that my post is marked as the answer.  I'm not bragging.  What I'm saying is that the help was already here.  But, instead you acted like you'd come to a novel solution and needed to brag to the whole community with a new post of your own.
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...