Use second choice of airvpn server? (Ubuntu 12.04, network manager open vpn)

[candtalan 0]

I am using airvpn successfully, after configuring my first choice of server location etc.

However, when I try to also, later, configure for a second choice of server location, and after disconnecting from the first, then attempt to connect to the second choice, it fails to connect reporting '....invalid VPN secrets'.

I wonder if there is an issue with the way I am using airvpn, or is my network-manager-openvpn a problem? How can I try to connect using command line?

tia

[Staff 9768]

I am using airvpn successfully, after configuring my first choice of server location etc.

However, when I try to also, later, configure for a second choice of server location, and after disconnecting from the first, then attempt to connect to the second choice, it fails to connect reporting '....invalid VPN secrets'.

I wonder if there is an issue with the way I am using airvpn, or is my network-manager-openvpn a problem? How can I try to connect using command line?

tia

Hello!

In order to use OpenVPN directly from a shell, paste the user.key, ca.crt, user.crt and any .ovpn configuration file in a single directory. From inside that directory type:

sudo openvpn ".ovpn configuration file name"

Kind regards

[candtalan 0]

Thanks, very useful.

Latest information on my problem: I begin to think that I am not allowing sufficient time to elapse after disconnecting from the first server, before attempting to connect to the alternative server. Things seem to work ok if I allow a longer time between (few minutes). With the network manager GUI I have here, it is a simple matter of a click, click... (a second or so, or could be less) - very convenient magic, but maybe the software at my end, and also maybe at the server end, might take a little longer to establish the changes?

[Staff 9768]

Hello!

A few seconds is normal, a few minutes is not.

Do you ALWAYS experience a re-connection problem for such a long time?

Kind regards

[candtalan 0]

I have not done any systematic tests yet, but it helps greatly to know that a delay even if it should be short, is necessary. Because the only sure way to recover from the error condition is - for me so far - to reboot - which is inconvenient of course. And in my ignorance, yesterday, switching back and forth and again, I got quickly to a situation where attempts at both connections were giving errors, so I was mystified. Maybe my app, GUI, this end is slow or very bad at listening to the server change of status, no idea, just a wild thought.

What sort of time period is good for an experiemnt - thinking of the server end? If disconnected for longer than 10 seconds it then it should connect?

tia

[Staff 9768]

I have not done any systematic tests yet, but it helps greatly to know that a delay even if it should be short, is necessary. Because the only sure way to recover from the error condition is - for me so far - to reboot - which is inconvenient of course. And in my ignorance, yesterday, switching back and forth and again, I got quickly to a situation where attempts at both connections were giving errors, so I was mystified. Maybe my app, GUI, this end is slow or very bad at listening to the server change of status, no idea, just a wild thought.

What sort of time period is good for an experiemnt - thinking of the server end? If disconnected for longer than 10 seconds it then it should connect?

tia

Hello!

When you have this issue can you please contact the support team through the "Contact us" form, so that it will be possible to see what's happening in real time?

Do you see that the problem occurs only with network-manager, or does it occur even when you launch OpenVPN directly? A reboot should never be necessary. Also, can you please check (when the problem occurs) whether some OpenVPN instance is still running, just in case network-manager in reality does not disconnect the client?

Kind regards

[candtalan 0]

I am in contact just now.... :-)

[Staff 9768]

I am in contact just now.... :-)

Hello!

Account "candtalan" was connected to some server before you wrote the quoted message and successfully exchanging data. It is still connected and exchanging data at the time of this writing. This may suggest that network-manager maybe does not perform an OpenVPN disconnection... did you check if you had still OpenVPN instances running while you were testing?

Kind regards

[candtalan 0]

Yes but nothing looked connected. Strange, but just before that I had actually rebooted, and I still got fails. A short time elapsed, and this one connected. I am not expert. What (ubuntu terminal) command for running processes?

[candtalan 0]

I am still connected ok. Shall I try a disconnection, 10 second delay, then try reconnect to a different server?

[Staff 9768]

I am still connected ok. Shall I try a disconnection, 10 second delay, then try reconnect to a different server?

Hello!

Yes, please, do it as soon as you read this message with network-manager.

About running OpenVPN directly for another test:

- put all the files (user.crt, user.key, ca.crt, and every .ovpn configuration file) in one directory

- cd to that directory

- issue the command

sudo openvpn "name of the ovpn configuration file here"

Send us the output of the command. Try to disconnect simply by pressing CTRL-C (on the same shell window) and please re-connect again after 10 seconds (to the same server or any other server, it's the same).

Please note the double quotes around the .ovpn file name (it contains spaces from our configuration generator).

Kind regards

[Staff 9768]

@candtalan

Ok, this admin has monitored your attempts. Apparently, your first re-connection attempt failed because your client was already connected. It was at least kept alive with pings, there was a continuous exchange of packets up and down. After approximately 35 seconds, your client really disconnected. When you failed the re-connections attempt, did you look for other OpenVPN instances, to check whether they were still running for example with

sudo ps aux | grep openvpn

?

Maybe there's some delay between the network-manager disconnection command and the client disconnecting for real.

Kind regards

[candtalan 0]

disconnected from virginis, quickly tried connect to ophiuchi - fail

the gui fail message is

VPN connection failed

the vpn connection 'AirVPN NL Ophiuchi - UDP 443' failed becsues of invalid VPN secrets.

[candtalan 0]

That sounds useful. I am using gui to list processes not grep, I will use grep asap now thanks.

that sort of timescale sounds like the effect. It is stange that I rebooted and it was still (failed) - could I be still briefly listed as connected at the server whatever, even as I am (fairly rapidly) rebooting?

I will be using grep soon.

Shall I just do some various test by myself and see what I can find, or do you want to be closely still involved right now?

thx

[candtalan 0]

you said 'and please re-connect again after 10 seconds (to the same server or any other server, it's the same)'

i note that I get this problem only when I change server. If I gui disconnect and then gui reconnect to same then it works. It does seem to suggest that my end is not letting go whatever.

I will try the terminal approach soon just now.

[Staff 9768]

That sounds useful. I am using gui to list processes not grep, I will use grep asap now thanks.

that sort of timescale sounds like the effect. It is stange that I rebooted and it was still (failed) - could I be still briefly listed as connected at the server whatever, even as I am (fairly rapidly) rebooting?

Hello!

If you could not connect after a reboot, the suggested behavior can not be the cause. When you reboot any process is of course killed.

Shall I just do some various test by myself and see what I can find, or do you want to be closely still involved right now?

thx

Please do not hesitate to contact us if the problem persists even when you use OpenVPN directly.

Kind regards

[candtalan 0]

Used terminal, ok, later used ctrl c, ok, 10 seconds, and reconnected to same server, ok

Having difficulty attaching the contents of the terminal .txt file here:

(Add File not working for me...?)

I will paste the content here:

==========================

candt@novatech1:~/vpn-aqui/air$ sudo openvpn "AirVPN DE Aquilae - UDP 443.ovpn"

Sun Dec 16 21:44:42 2012 OpenVPN 2.2.1 i686-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012

Sun Dec 16 21:44:42 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Sun Dec 16 21:44:42 2012 WARNING: file 'user.key' is group or others accessible

Sun Dec 16 21:44:42 2012 LZO compression initialized

Sun Dec 16 21:44:42 2012 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sun Dec 16 21:44:42 2012 Socket Buffers: R=[163840->131072] S=[163840->131072]

Sun Dec 16 21:44:42 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Sun Dec 16 21:44:42 2012 Local Options hash (VER=V4): '22188c5b'

Sun Dec 16 21:44:42 2012 Expected Remote Options hash (VER=V4): 'a8f55717'

Sun Dec 16 21:44:42 2012 UDPv4 link local: [undef]

Sun Dec 16 21:44:42 2012 UDPv4 link remote: [AF_INET]46.165.208.70:443

Sun Dec 16 21:44:42 2012 TLS: Initial packet from [AF_INET]46.165.208.70:443, sid=14dada09 e4084af3

Sun Dec 16 21:44:43 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Sun Dec 16 21:44:43 2012 VERIFY OK: nsCertType=SERVER

Sun Dec 16 21:44:43 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Sun Dec 16 21:44:43 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Sun Dec 16 21:44:43 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Dec 16 21:44:43 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Sun Dec 16 21:44:43 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Dec 16 21:44:43 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sun Dec 16 21:44:43 2012 [server] Peer Connection Initiated with [AF_INET]46.165.208.70:443

Sun Dec 16 21:44:45 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Sun Dec 16 21:44:45 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.4.106 10.4.4.105'

Sun Dec 16 21:44:45 2012 OPTIONS IMPORT: timers and/or timeouts modified

Sun Dec 16 21:44:45 2012 OPTIONS IMPORT: LZO parms modified

Sun Dec 16 21:44:45 2012 OPTIONS IMPORT: --ifconfig/up options modified

Sun Dec 16 21:44:45 2012 OPTIONS IMPORT: route options modified

Sun Dec 16 21:44:45 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sun Dec 16 21:44:45 2012 ROUTE default_gateway=192.168.1.254

Sun Dec 16 21:44:45 2012 TUN/TAP device tun0 opened

Sun Dec 16 21:44:45 2012 TUN/TAP TX queue length set to 100

Sun Dec 16 21:44:45 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sun Dec 16 21:44:45 2012 /sbin/ifconfig tun0 10.4.4.106 pointopoint 10.4.4.105 mtu 1500

Sun Dec 16 21:44:45 2012 /sbin/route add -net 46.165.208.70 netmask 255.255.255.255 gw 192.168.1.254

Sun Dec 16 21:44:46 2012 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.4.105

Sun Dec 16 21:44:46 2012 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.4.105

Sun Dec 16 21:44:46 2012 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.4.105

Sun Dec 16 21:44:46 2012 Initialization Sequence Completed

^CSun Dec 16 21:48:15 2012 event_wait : Interrupted system call (code=4)

Sun Dec 16 21:48:15 2012 SIGTERM received, sending exit notification to peer

Sun Dec 16 21:48:20 2012 TCP/UDP: Closing socket

Sun Dec 16 21:48:20 2012 /sbin/route del -net 10.4.0.1 netmask 255.255.255.255

Sun Dec 16 21:48:20 2012 /sbin/route del -net 46.165.208.70 netmask 255.255.255.255

Sun Dec 16 21:48:20 2012 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0

Sun Dec 16 21:48:20 2012 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0

Sun Dec 16 21:48:20 2012 Closing TUN/TAP interface

Sun Dec 16 21:48:20 2012 /sbin/ifconfig tun0 0.0.0.0

Sun Dec 16 21:48:20 2012 SIGTERM[soft,exit-with-notification] received, process exiting

candt@novatech1:~/vpn-aqui/air$

candt@novatech1:~/vpn-aqui/air$

candt@novatech1:~/vpn-aqui/air$

candt@novatech1:~/vpn-aqui/air$ sudo openvpn "AirVPN DE Aquilae - UDP 443.ovpn"

Sun Dec 16 21:48:29 2012 OpenVPN 2.2.1 i686-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [iPv6 payload 20110424-2 (2.2RC2)] built on Mar 30 2012

Sun Dec 16 21:48:29 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Sun Dec 16 21:48:29 2012 WARNING: file 'user.key' is group or others accessible

Sun Dec 16 21:48:29 2012 LZO compression initialized

Sun Dec 16 21:48:29 2012 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

Sun Dec 16 21:48:29 2012 Socket Buffers: R=[163840->131072] S=[163840->131072]

Sun Dec 16 21:48:29 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

Sun Dec 16 21:48:29 2012 Local Options hash (VER=V4): '22188c5b'

Sun Dec 16 21:48:29 2012 Expected Remote Options hash (VER=V4): 'a8f55717'

Sun Dec 16 21:48:29 2012 UDPv4 link local: [undef]

Sun Dec 16 21:48:29 2012 UDPv4 link remote: [AF_INET]46.165.208.70:443

Sun Dec 16 21:48:29 2012 TLS: Initial packet from [AF_INET]46.165.208.70:443, sid=42ad029e 54039286

Sun Dec 16 21:48:29 2012 VERIFY OK: depth=1, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

Sun Dec 16 21:48:29 2012 VERIFY OK: nsCertType=SERVER

Sun Dec 16 21:48:29 2012 VERIFY OK: depth=0, /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

Sun Dec 16 21:48:30 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Sun Dec 16 21:48:30 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Dec 16 21:48:30 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

Sun Dec 16 21:48:30 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

Sun Dec 16 21:48:30 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA

Sun Dec 16 21:48:30 2012 [server] Peer Connection Initiated with [AF_INET]46.165.208.70:443

Sun Dec 16 21:48:32 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

Sun Dec 16 21:48:32 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.4.0.1,comp-lzo no,route 10.4.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.4.4.106 10.4.4.105'

Sun Dec 16 21:48:32 2012 OPTIONS IMPORT: timers and/or timeouts modified

Sun Dec 16 21:48:32 2012 OPTIONS IMPORT: LZO parms modified

Sun Dec 16 21:48:32 2012 OPTIONS IMPORT: --ifconfig/up options modified

Sun Dec 16 21:48:32 2012 OPTIONS IMPORT: route options modified

Sun Dec 16 21:48:32 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Sun Dec 16 21:48:32 2012 ROUTE default_gateway=192.168.1.254

Sun Dec 16 21:48:32 2012 TUN/TAP device tun0 opened

Sun Dec 16 21:48:32 2012 TUN/TAP TX queue length set to 100

Sun Dec 16 21:48:32 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

Sun Dec 16 21:48:32 2012 /sbin/ifconfig tun0 10.4.4.106 pointopoint 10.4.4.105 mtu 1500

Sun Dec 16 21:48:32 2012 /sbin/route add -net 46.165.208.70 netmask 255.255.255.255 gw 192.168.1.254

Sun Dec 16 21:48:32 2012 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.4.4.105

Sun Dec 16 21:48:32 2012 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.4.4.105

Sun Dec 16 21:48:32 2012 /sbin/route add -net 10.4.0.1 netmask 255.255.255.255 gw 10.4.4.105

Sun Dec 16 21:48:32 2012 Initialization Sequence Completed

==========================

airvpn-connect-reconnect-problemterminaloutput.txt