Unable to connect to Hercilius (any suggestion)

[mordants 5]

Unable to connect successfully to Herculis

2/3/2013 - 11:15 AM AirVPN client version: 1.7

2/3/2013 - 11:15 AM Reading options from C:\***

2/3/2013 - 11:15 AM OpenVPN bundle version: OpenVPN 2.2.2

2/3/2013 - 11:15 AM OpenVPN current version: OpenVPN 2.2.2

2/3/2013 - 11:15 AM Ready.

2/3/2013 - 11:15 AM Login...

2/3/2013 - 11:15 AM Login success.

2/3/2013 - 11:22 AM Contacting service...

2/3/2013 - 11:22 AM Connecting...

2/3/2013 - 11:22 AM OpenVPN 2.2.2 Win32-MSVC++ [sSL] [LZO2] [PKCS11] built on Dec 15 2011

2/3/2013 - 11:22 AM NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

2/3/2013 - 11:22 AM LZO compression initialized

2/3/2013 - 11:22 AM Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

2/3/2013 - 11:22 AM Socket Buffers: R=[8192->8192] S=[8192->8192]

2/3/2013 - 11:22 AM Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

2/3/2013 - 11:22 AM Local Options hash (VER=V4): '22188c5b'

2/3/2013 - 11:22 AM Expected Remote Options hash (VER=V4): 'a8f55717'

2/3/2013 - 11:22 AM UDPv4 link local: [undef]

2/3/2013 - 11:22 AM UDPv4 link remote: 94.242.205.234:443

2/3/2013 - 11:23 AM TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2/3/2013 - 11:23 AM TLS Error: TLS handshake failed

2/3/2013 - 11:23 AM TCP/UDP: Closing socket

2/3/2013 - 11:23 AM SIGUSR1[soft,tls-error] received, process restarting

2/3/2013 - 11:23 AM Restart pause, 2 second(s)

2/3/2013 - 11:23 AM NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

2/3/2013 - 11:23 AM LZO compression initialized

2/3/2013 - 11:23 AM Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

2/3/2013 - 11:23 AM Socket Buffers: R=[8192->8192] S=[8192->8192]

2/3/2013 - 11:23 AM Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

2/3/2013 - 11:23 AM Local Options hash (VER=V4): '22188c5b'

2/3/2013 - 11:23 AM Expected Remote Options hash (VER=V4): 'a8f55717'

2/3/2013 - 11:23 AM UDPv4 link local: [undef]

2/3/2013 - 11:23 AM UDPv4 link remote: 94.242.205.234:443

2/3/2013 - 11:24 AM TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2/3/2013 - 11:24 AM TLS Error: TLS handshake failed

2/3/2013 - 11:24 AM TCP/UDP: Closing socket

2/3/2013 - 11:24 AM SIGUSR1[soft,tls-error] received, process restarting

2/3/2013 - 11:24 AM Restart pause, 2 second(s)

2/3/2013 - 11:24 AM NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

2/3/2013 - 11:24 AM LZO compression initialized

2/3/2013 - 11:24 AM Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

2/3/2013 - 11:24 AM Socket Buffers: R=[8192->8192] S=[8192->8192]

2/3/2013 - 11:24 AM Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

2/3/2013 - 11:24 AM Local Options hash (VER=V4): '22188c5b'

2/3/2013 - 11:24 AM Expected Remote Options hash (VER=V4): 'a8f55717'

2/3/2013 - 11:24 AM UDPv4 link local: [undef]

2/3/2013 - 11:24 AM UDPv4 link remote: 94.242.205.234:443

Keeps failing or retrying

I then switched to what I normally login to server and its fine.

I did add the rules for Hercilus in commdo like I have done for other servers... Wanted to try Hercilus as it was 9% capacity but no luck

any suggestion?

Thanks

[Staff 9972]

Hello!

Apparently Herculis is not reachable from your system.

Can you please open a command prompt, issue the commands:

ping 94.242.205.234

tracert 94.242.205.234

and send their output to us?

Kind regards

[mordants 5]

i ran this while I was already connected to your Network via Airvpn

C:\Users\mordant>ping 94.242.205.234

Pinging 94.242.205.234 with 32 bytes of data:

Reply from 94.242.205.234: bytes=32 time=254ms TTL=59

Reply from 94.242.205.234: bytes=32 time=239ms TTL=59

Reply from 94.242.205.234: bytes=32 time=239ms TTL=59

Reply from 94.242.205.234: bytes=32 time=231ms TTL=59

Ping statistics for 94.242.205.234:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 231ms, Maximum = 254ms, Average = 240ms

C:\Users\mordant>tracert 94.242.205.234

Tracing route to hosted.by.artificialanimation.com [94.242.205.234]

over a maximum of 30 hops:

1 * * 1371 ms speedtest.air [10.4.0.1]

2 228 ms 244 ms 234 ms hosted.by.leaseweb.com [95.211.191.62]

3 239 ms 223 ms 224 ms te0-10-0-0.crs.evo.leaseweb.net [85.17.100.20]

4 222 ms 234 ms 247 ms iptransit.telecity2.nl-ix.net [193.239.117.27]

5 243 ms 234 ms 237 ms te2-2.r3.ams.sara.nl.iptransit.com [204.26.60.2]

6 249 ms 241 ms 241 ms te4-4.r1.lux.iptransit.com [204.26.60.9]

7 233 ms 244 ms 261 ms te-9-2.r1.stnsl.lux.as5577.net [199.59.206.26]

8 255 ms 237 ms 226 ms stnsl.lux.as5577.net [83.243.15.252]

9 227 ms 232 ms 239 ms hosted.by.artificialanimation.com [94.242.205.23

4]

Trace complete.

If i need to disconnect and then try just using my ISP, let me know and I can provide that as well

Thanks

[Staff 9972]

Hello!

Ok, the results show that Herculis entry-IP address is not null-routed by your ISP. Now, you should make sure that no program in your system (firewall, interfering programs like Malwarebytes, PeerGuardian/PeerBlock...) drops UDP packets toward Herculis and/or from openvpn.exe.

Kind regards

[Staff 9972]

If i need to disconnect and then try just using my ISP, let me know and I can provide that as well

Thanks

Hello!

Yes, in order to determine if it's your ISP fault you need to be disconnected from the VPN when you perform tracert and ping.

Kind regards

[mordants 5]

Excellent News

ipconfig /release /renew

ipconfig /flushdns

In Commodo Firewall, removed the IP from my networkzone and readded

Setup the rules again

Started working:)

I think I may have fat fingered something...but.....working as intended.

Still working on why randomly i get those replay-window backtrack... (hate that error)

[Staff 9972]

Excellent News

ipconfig /release /renew

ipconfig /flushdns

In Commodo Firewall, removed the IP from my networkzone and readded

Setup the rules again

Started working:)

I think I may have fat fingered something...but.....working as intended.

Still working on why randomly i get those replay-window backtrack... (hate that error)

Hello!

Great news, thank you for keeping us informed.

About Replay-window backtrack, a few of them may be unavoidable with UDP, due to network congestion, sporadic packet loss... if it's a replay attack, OpenVPN can defeat it easily. A connection toward a TCP port will prevent that error (and it is also an additional security layer against replay attacks at the price of a performance hit due to full error correction implemented in TCP).

There is some admin's article about that in the forum, you might find it interesting:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3773&Itemid=142#3784

We strongly recommend NOT to alter OpenVPN replay protection sliding-window size and time unless absolutely necessary. Modofying such parameters in a human rights hostile country is an unacceptable risk. Increasing replay protection sliding-window size and/or time on an UDP connection may significantly weaken OpenVPN ability to defeat replay attacks, exposing you to injection of forged packets from malignant governments or entities with the ability to monitor your ISP lines.

Kind regards