Stalinium 44 Posted ... (edited) Pegasus, US unconnectable. Fails with AUTH_FAILURE. Unfortunately it is currently selected by the DNS as the preferred US server. Connecting directly to Pollux (US) worked for me: I copied the US config (certs embedded) and changed the IP address. Here's a log for Pegasus (from right now, MTU notifications are from my own edits): 2021-09-26 04:29:38 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2021-09-26 04:29:38 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021 2021-09-26 04:29:38 Windows version 6.1 (Windows 7) 64bit 2021-09-26 04:29:38 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 Enter Management Password: 2021-09-26 04:29:38 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343 2021-09-26 04:29:38 Need hold release from management interface, waiting... 2021-09-26 04:29:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343 2021-09-26 04:29:38 MANAGEMENT: CMD 'state on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'log all on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'echo all on' 2021-09-26 04:29:38 MANAGEMENT: CMD 'bytecount 5' 2021-09-26 04:29:38 MANAGEMENT: CMD 'hold off' 2021-09-26 04:29:38 MANAGEMENT: CMD 'hold release' 2021-09-26 04:29:38 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:38 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:38 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1250) 2021-09-26 04:29:38 MANAGEMENT: >STATE:1632655778,RESOLVE,,,,,, 2021-09-26 04:29:38 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.16:443 2021-09-26 04:29:38 Socket Buffers: R=[8192->262144] S=[8192->262144] 2021-09-26 04:29:38 UDP link local: (not bound) 2021-09-26 04:29:38 UDP link remote: [AF_INET]199.249.230.16:443 2021-09-26 04:29:38 MANAGEMENT: >STATE:1632655778,WAIT,,,,,, 2021-09-26 04:29:39 MANAGEMENT: >STATE:1632655779,AUTH,,,,,, 2021-09-26 04:29:39 TLS: Initial packet from [AF_INET]199.249.230.16:443, sid=83a14a89 9092e81f 2021-09-26 04:29:39 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-09-26 04:29:39 VERIFY KU OK 2021-09-26 04:29:39 Validating certificate extended key usage 2021-09-26 04:29:39 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-09-26 04:29:39 VERIFY EKU OK 2021-09-26 04:29:39 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Pegasus, emailAddress=info@airvpn.org 2021-09-26 04:29:39 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1372', remote='link-mtu 1558' 2021-09-26 04:29:39 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1250', remote='tun-mtu 1500' 2021-09-26 04:29:39 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-09-26 04:29:39 [Pegasus] Peer Connection Initiated with [AF_INET]199.249.230.16:443 2021-09-26 04:29:40 MANAGEMENT: >STATE:1632655780,GET_CONFIG,,,,,, 2021-09-26 04:29:40 SENT CONTROL [Pegasus]: 'PUSH_REQUEST' (status=1) 2021-09-26 04:29:40 AUTH: Received control message: AUTH_FAILED 2021-09-26 04:29:40 SIGUSR1[soft,auth-failure] received, process restarting 2021-09-26 04:29:40 MANAGEMENT: >STATE:1632655780,RECONNECTING,auth-failure,,,,, 2021-09-26 04:29:40 Restart pause, 5 second(s) 2021-09-26 04:29:45 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:45 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2021-09-26 04:29:45 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1250) 2021-09-26 04:29:45 TCP/UDP: Preserving recently used remote address: [AF_INET]199.249.230.16:443 2021-09-26 04:29:45 Socket Buffers: R=[8192->262144] S=[8192->262144] 2021-09-26 04:29:45 UDP link local: (not bound) 2021-09-26 04:29:45 UDP link remote: [AF_INET]199.249.230.16:443 2021-09-26 04:29:45 MANAGEMENT: >STATE:1632655785,WAIT,,,,,, 2021-09-26 04:29:46 MANAGEMENT: >STATE:1632655786,AUTH,,,,,, 2021-09-26 04:29:46 TLS: Initial packet from [AF_INET]199.249.230.16:443, sid=807e834f 86f4a62b 2021-09-26 04:29:46 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org 2021-09-26 04:29:46 VERIFY KU OK 2021-09-26 04:29:46 Validating certificate extended key usage 2021-09-26 04:29:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2021-09-26 04:29:46 VERIFY EKU OK 2021-09-26 04:29:46 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Pegasus, emailAddress=info@airvpn.org 2021-09-26 04:29:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1372', remote='link-mtu 1558' 2021-09-26 04:29:46 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1250', remote='tun-mtu 1500' 2021-09-26 04:29:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2021-09-26 04:29:46 [Pegasus] Peer Connection Initiated with [AF_INET]199.249.230.16:443 2021-09-26 04:29:47 MANAGEMENT: >STATE:1632655787,GET_CONFIG,,,,,, 2021-09-26 04:29:47 SENT CONTROL [Pegasus]: 'PUSH_REQUEST' (status=1) 2021-09-26 04:29:47 AUTH: Received control message: AUTH_FAILED 2021-09-26 04:29:47 SIGUSR1[soft,auth-failure] received, process restarting 2021-09-26 04:29:47 MANAGEMENT: >STATE:1632655787,RECONNECTING,auth-failure,,,,, 2021-09-26 04:29:47 Restart pause, 5 second(s) 2021-09-26 04:29:51 SIGTERM[hard,init_instance] received, process exiting 2021-09-26 04:29:51 MANAGEMENT: >STATE:1632655791,EXITING,init_instance,,,,, The server page shows Pegasus is chosen as the best server although Pegasus' stats show it has zero users and the drop happened a couple hours ago (Sunday 09:00 on the graph). Similar to my last post I propose that servers are ranked differently. Apparently this time an end-to-end test using OpenVPN is required since the server is reachable but it has got issues with authentication. Edited ... by Stalinium Quote Share this post Link to post
Staff 9950 Posted ... @Stalinium Thank you! The problem has been resolved with the domain name. However, we still have issues with three servers in Dallas, including Pegasus, which have been closed (so they will not be picked for names resolution or by our software). We are working on them. EDIT: problem resolved. Kind regards Quote Share this post Link to post