Jump to content
Not connected, Your IP: 18.119.161.216
Sign in to follow this  
JamesFrancis

Probelms with swiss servers

Recommended Posts

Hello,

I use your VPN on my Asus router.
There are five connections with their own keys at the same time.
Now I have an interesting problem:
If I select swiss server (ch3.XXXXXXX) no connection works. (Connecting Error)
If I select dutch server (nl3.XXXXXXX) everything works fine.
The rest of the configuration is the same, I only change the country code.
This phenomenon occurs only with swiss servers.

Does anyone have any idea?

Share this post


Link to post
@JamesFrancis

Hello!

Please try connections to specific Swiss servers
and note whether you can connect to some of them. We operate different datacenters in Swiss so it seems impossible that they have the same problem at the same time. However, when you use the FQDN ch3.vpn.airdns.org, you end up to a specific server which the system reputes "the best in Swiss", therefore checking single servers one by one is essential to understand the nature of the problem.

Then, please send us the list of servers you can't connect to and a log showing the connection failure.

Kind regards
 

Share this post


Link to post
@Staff

I tried again:
ch3.XXXXXX produced this:

DPv6 link local: (not bound)
: UDPv6 link remote: XXXXXXXXXXX
: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
: TLS Error: TLS handshake failed

Changing "Ch" to "NL" only, everything works fine (again)

Choosing Server: Xuange (New Conifg made in Config Generator)

RESOLVE: Cannot resolve host address: xuange.airservers.org:443 (No address associated with hostname)
: RESOLVE: Cannot resolve host address: xuange.airservers.org:443 (No address associated with hostname)
: Could not determine IPv4/IPv6 protocol

All Other Swiss server the same.

Config:

-Openvpn: >= 2.5
-Exitlayer: Both
-Entrylayer: IPv6 only
-Protocol: UDP, 443, 3
 

Share this post


Link to post
@JamesFrancis

Hello!
 
Quote

UDPv6 link remote: XXXXXXXXXXX
: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)


Maybe your ISP doesn't support IPv6. Try an IPv4 connection.
 
Quote

 RESOLVE: Cannot resolve host address: xuange.airservers.org:443 (No address associated with hostname)
: RESOLVE: Cannot resolve host address: xuange.airservers.org:443 (No address associated with hostname)
: Could not determine IPv4/IPv6 protocol

All Other Swiss server the same.


We asked for the log but we can't see it, can you please check? We mean the complete, unedited OpenVPN log showing the failure. It may help significantly.

Kind regards
 

Share this post


Link to post
@Staff
Hey,
ok, the full logs.

i ONLY change "nl3" <=> "ch3" in the server address.  

nl3.XXXXXXX :

ec  1 21:25:23 rc_service: httpd 10732:notify_rc start_vpnclient2
Dec  1 21:25:23 openvpn: OpenVPN client 2 start attempt - already running.
Dec  1 21:25:44 rc_service: httpd 10732:notify_rc restart_vpnclient2
Dec  1 21:25:44 ovpn-client2[21984]: SIGTERM[hard,init_instance] received, process exiting
Dec  1 21:25:44 openvpn-routing: Clearing routing table for VPN client 2
Dec  1 21:25:44 ovpn-client2[25167]: OpenVPN 2.5.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug  6 2021
Dec  1 21:25:44 ovpn-client2[25167]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.08
Dec  1 21:25:44 ovpn-client2[25168]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  1 21:25:44 ovpn-client2[25168]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  1 21:25:44 ovpn-client2[25168]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  1 21:25:44 ovpn-client2[25168]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  1 21:25:44 ovpn-client2[25168]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  1 21:25:47 ovpn-client2[25168]: TCP/UDP: Preserving recently used remote address: XXXXXXXXXXXXXXXXX
Dec  1 21:25:47 ovpn-client2[25168]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Dec  1 21:25:47 ovpn-client2[25168]: UDPv6 link local: (not bound)
Dec  1 21:25:47 ovpn-client2[25168]: UDPv6 link remote: XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 ovpn-client2[25168]: TLS: Initial packet from XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 ovpn-client2[25168]: VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Dec  1 21:25:48 ovpn-client2[25168]: VERIFY KU OK
Dec  1 21:25:48 ovpn-client2[25168]: Validating certificate extended key usage
Dec  1 21:25:48 ovpn-client2[25168]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec  1 21:25:48 ovpn-client2[25168]: VERIFY EKU OK
Dec  1 21:25:48 ovpn-client2[25168]: VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Caph, emailAddress=info@airvpn.org
Dec  1 21:25:48 ovpn-client2[25168]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
Dec  1 21:25:48 ovpn-client2[25168]: [Caph] Peer Connection Initiated with XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 ovpn-client2[25168]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.12.154.1,dhcp-option DNS6 fde6:7a:7d20:89a::1,tun-ipv6,route-gateway 10.12.154.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 XXXXXXXXXXXXXXXXX,ifconfig XXXXXXXXXXXXXXXXX,peer-id 8,cipher CHACHA20-POLY1305'
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: timers and/or timeouts modified
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: compression parms modified
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: --ifconfig/up options modified
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: route options modified
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: route-related options modified
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: peer-id set
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: adjusting link_mtu to 1625
Dec  1 21:25:48 ovpn-client2[25168]: OPTIONS IMPORT: data channel crypto options modified
Dec  1 21:25:48 ovpn-client2[25168]: Data Channel: using negotiated cipher 'CHACHA20-POLY1305'
Dec  1 21:25:48 ovpn-client2[25168]: Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Dec  1 21:25:48 ovpn-client2[25168]: Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
Dec  1 21:25:48 ovpn-client2[25168]: GDG6: remote_host_ipv6=XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 ovpn-client2[25168]: net_route_v6_best_gw query: dst XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 ovpn-client2[25168]: net_route_v6_best_gw result: via XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 ovpn-client2[25168]: ROUTE6: 2000::/4 overlaps IPv6 remote XXXXXXXXXXXXXXXXX, adding host route to VPN endpoint
Dec  1 21:25:48 ovpn-client2[25168]: TUN/TAP device tun12 opened
Dec  1 21:25:48 ovpn-client2[25168]: TUN/TAP TX queue length set to 1000
Dec  1 21:25:48 ovpn-client2[25168]: /usr/sbin/ip link set dev tun12 up mtu 1500
Dec  1 21:25:48 ovpn-client2[25168]: /usr/sbin/ip link set dev tun12 up
Dec  1 21:25:48 ovpn-client2[25168]: /usr/sbin/ip addr add dev tun12 10.12.154.108/24
Dec  1 21:25:48 ovpn-client2[25168]: /usr/sbin/ip link set dev tun12 up mtu 1500
Dec  1 21:25:48 ovpn-client2[25168]: /usr/sbin/ip link set dev tun12 up
Dec  1 21:25:48 ovpn-client2[25168]: /usr/sbin/ip -6 addr add XXXXXXXXXXXXXXXXX dev tun12
Dec  1 21:25:48 ovpn-client2[25168]: ovpn-up 2 client tun12 XXXXXXXXXXXXXXXXX 255.255.255.0 init
Dec  1 21:25:48 openvpn-routing: Missing remote IP or local gateway - cannot configure route
Dec  1 21:25:48 openvpn-routing: Setting client 2 routing table's default route through the tunnel
Dec  1 21:25:48 dnsmasq[21520]: read /etc/hosts - 11 addresses
Dec  1 21:25:48 dnsmasq[21520]: read /etc/hosts.dnsmasq - 3 addresses
Dec  1 21:25:48 dnsmasq[21520]: using nameserver fe80::1#53
Dec  1 21:25:48 dnsmasq[21520]: using nameserver XXXXXXXXXXXXXXXXX 
Dec  1 21:25:48 dnsmasq[21520]: using nameserver XXXXXXXXXXXXXXXXX
Dec  1 21:25:48 dnsmasq[21520]: using nameserver XXXXXXXXXXXXXXXXX
Dec  1 21:25:53 ovpn-client2[25168]: Initialization Sequence Completed



ch3.XXXXXXX:


Dec  1 21:30:06 openvpn-routing: Clearing routing table for VPN client 2
Dec  1 21:30:06 ovpn-client2[26017]: OpenVPN 2.5.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug  6 2021
Dec  1 21:30:06 ovpn-client2[26017]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.08
Dec  1 21:30:06 ovpn-client2[26018]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  1 21:30:06 ovpn-client2[26018]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  1 21:30:06 ovpn-client2[26018]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  1 21:30:06 ovpn-client2[26018]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  1 21:30:06 ovpn-client2[26018]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  1 21:30:06 ovpn-client2[26018]: TCP/UDP: Preserving recently used remote address: XXXXXXXXXXXXXXXXX 
Dec  1 21:30:06 ovpn-client2[26018]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Dec  1 21:30:06 ovpn-client2[26018]: UDPv6 link local: (not bound)
Dec  1 21:30:06 ovpn-client2[26018]: UDPv6 link remote: XXXXXXXXXXXXXXXXX 
Dec  1 21:31:06 ovpn-client2[26018]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec  1 21:31:06 ovpn-client2[26018]: TLS Error: TLS handshake failed
Dec  1 21:31:06 ovpn-client2[26018]: SIGUSR1[soft,tls-error] received, process restarting
Dec  1 21:31:06 ovpn-client2[26018]: Restart pause, 5 second(s)



If i censored to much, excuse me.
It is my first VPN-Construction an i want to be careful.






 

Share this post


Link to post
@JamesFrancis

Thank you. Your ISP supports IPv6 for sure because connections to NL servers over IPv6 are successful. The failure to Swiss servers in IPv6 can be caused by lack of IPv6 support on our side. In Switzerland, Kitalpha still lacks IPv6 support because the datacenter does not support it. Other servers might be having IPv6 "black out" intermittently. Unfortunately you censored too much, yes, you removed the entry address of the VPN server you were connecting to, so nothing else can be said at the moment. ::dunno:

Maybe if you connect over IPv4 you will resolve all the issues.

Kind regards

 

Share this post


Link to post

@staff

Thanks for your time!!

I can't use IPv4, because my ISP is dump. So the VPN is extrem slow. I have to use IPv6....

Dec  2 13:04:04 ovpn-client2[2420]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  2 13:04:04 ovpn-client2[2420]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  2 13:04:04 ovpn-client2[2420]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  2 13:04:04 ovpn-client2[2420]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  2 13:04:04 ovpn-client2[2420]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  2 13:04:04 ovpn-client2[2420]: TCP/UDP: Preserving recently used remote address: [AF_INET6]2a00:7145:c1:1:6838:aa89:d61c:fb42:443
Dec  2 13:04:04 ovpn-client2[2420]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Dec  2 13:04:04 ovpn-client2[2420]: UDPv6 link local: (not bound)
Dec  2 13:04:04 ovpn-client2[2420]: UDPv6 link remote: [AF_INET6]2a00:7145:c1:1:6838:aa89:d61c:fb42:443
Dec  2 13:05:04 ovpn-client2[2420]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Dec  2 13:05:04 ovpn-client2[2420]: TLS Error: TLS handshake failed
Dec  2 13:05:04 ovpn-client2[2420]: SIGUSR1[soft,tls-error] received, process restarting
Dec  2 13:05:04 ovpn-client2[2420]: Restart pause, 20 second(s)
Dec  2 13:05:24 ovpn-client2[2420]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec  2 13:05:24 ovpn-client2[2420]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  2 13:05:24 ovpn-client2[2420]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  2 13:05:24 ovpn-client2[2420]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Dec  2 13:05:24 ovpn-client2[2420]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Dec  2 13:05:24 ovpn-client2[2420]: TCP/UDP: Preserving recently used remote address: [AF_INET6]2a00:7145:c1:1:6838:aa89:d61c:fb42:443
Dec  2 13:05:24 ovpn-client2[2420]: Socket Buffers: R=[524288->524288] S=[524288->524288]
Dec  2 13:05:24 ovpn-client2[2420]: UDPv6 link local: (not bound)
Dec  2 13:05:24 ovpn-client2[2420]: UDPv6 link remote: [AF_INET6]2a00:7145:c1:1:6838:aa89:d61c:fb42:443

 

Share this post


Link to post
@JamesFrancis

Hello!

In this case please avoid Kitalpha and Xuange at the moment. Do not rely, therefore, on generic ch3* FQDN but connect to a specific server which works for you in IPv6.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...