Jump to content
Not connected, Your IP: 44.200.169.91
Sign in to follow this  
chanukah-lambkin

ANSWERED Problem using DD WRT as VPN Client (TLS handshake failed)

Recommended Posts

Hi,

 

Basically I have trouble connecting to AirVPN. Im using a fairly new build if that does matter (DD-WRT v24-sp2 (10/06/14) kongac - build 25015M-SP1)

  • AirVPN works with viscosity in windows with the same basic settings (some openvpn configuration)
  • The router worked with PrivateInternetAccess VPN service, so it the problem SHOULD not be the client on the dd wrt router

What I tryed:

  • Different TLS Cipers (None, TLS-DHE-RSA-WITH-AES-128-CBC-SHA, TLS-DHE-RSA-WITH-AES-256-CBC-SHA256, TLS-RSA-WITH-AES-128-CBC-SHA)
  • Keeping the TSL Auth Key empty
  • Adding or leaving additional config:

     

    resolv-retry infinite
    persist-key
    persist-tun
    remote-cert-tls server
    explicit-exit-notify 5
     

     

VPN Log

 

Client: WAIT 

Local Address: 
Remote Address: 
 

 

Clientlog: 

20141020 19:04:16 I OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 6 2014 
20141020 19:04:16 I library versions: OpenSSL 1.0.1i 6 Aug 2014 LZO 2.08 
20141020 19:04:16 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 
20141020 19:04:16 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:04:16 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible 
20141020 19:04:16 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible 
20141020 19:04:16 I Control Channel Authentication: using '/tmp/openvpncl/ta.key' as a OpenVPN static key file 
20141020 19:04:16 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
20141020 19:04:16 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 
20141020 19:04:16 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:04:16 I UDPv4 link local: [undef] 
20141020 19:04:16 I UDPv4 link remote: [AF_INET]109.201.154.189:443 
20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:04:53 D MANAGEMENT: CMD 'state' 
20141020 19:04:53 MANAGEMENT: Client disconnected 
20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:04:53 D MANAGEMENT: CMD 'state' 
20141020 19:04:53 MANAGEMENT: Client disconnected 
20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:04:53 D MANAGEMENT: CMD 'state' 
20141020 19:04:53 MANAGEMENT: Client disconnected 
20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:04:53 D MANAGEMENT: CMD 'status 2' 
20141020 19:04:53 MANAGEMENT: Client disconnected 
20141020 19:04:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:04:53 D MANAGEMENT: CMD 'log 500' 
20141020 19:04:53 MANAGEMENT: Client disconnected 
20141020 19:05:16 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:05:16 N TLS Error: TLS handshake failed 
20141020 19:05:16 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:05:16 Restart pause 2 second(s) 
20141020 19:05:18 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:05:18 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:05:18 I UDPv4 link local: [undef] 
20141020 19:05:18 I UDPv4 link remote: [AF_INET]46.166.186.216:443 
20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:06:11 D MANAGEMENT: CMD 'state' 
20141020 19:06:11 MANAGEMENT: Client disconnected 
20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:06:11 D MANAGEMENT: CMD 'state' 
20141020 19:06:11 MANAGEMENT: Client disconnected 
20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:06:11 D MANAGEMENT: CMD 'state' 
20141020 19:06:11 MANAGEMENT: Client disconnected 
20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:06:11 D MANAGEMENT: CMD 'status 2' 
20141020 19:06:11 MANAGEMENT: Client disconnected 
20141020 19:06:11 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:06:11 D MANAGEMENT: CMD 'log 500'
20141020 19:06:18 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:06:18 N TLS Error: TLS handshake failed 
20141020 19:06:18 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:06:18 Restart pause 2 second(s) 
20141020 19:06:20 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:06:20 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:06:20 I UDPv4 link local: [undef] 
20141020 19:06:20 I UDPv4 link remote: [AF_INET]109.201.154.189:443 
20141020 19:07:20 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:07:20 N TLS Error: TLS handshake failed 
20141020 19:07:20 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:07:20 Restart pause 2 second(s) 
20141020 19:07:22 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:07:22 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:07:22 I UDPv4 link local: [undef] 
20141020 19:07:22 I UDPv4 link remote: [AF_INET]109.201.152.238:443 
20141020 19:08:22 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:08:22 N TLS Error: TLS handshake failed 
20141020 19:08:22 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:08:22 Restart pause 2 second(s) 
20141020 19:08:24 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:08:24 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:08:24 I UDPv4 link local: [undef] 
20141020 19:08:24 I UDPv4 link remote: [AF_INET]109.201.154.189:443 
20141020 19:09:24 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:09:24 N TLS Error: TLS handshake failed 
20141020 19:09:24 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:09:24 Restart pause 2 second(s) 
20141020 19:09:26 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:09:26 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:09:26 I UDPv4 link local: [undef] 
20141020 19:09:26 I UDPv4 link remote: [AF_INET]46.166.186.216:443 
20141020 19:10:27 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:10:27 N TLS Error: TLS handshake failed 
20141020 19:10:27 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:10:27 Restart pause 2 second(s) 
20141020 19:10:29 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:10:29 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:10:29 I UDPv4 link local: [undef] 
20141020 19:10:29 I UDPv4 link remote: [AF_INET]109.201.154.162:443 
20141020 19:11:29 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:11:29 N TLS Error: TLS handshake failed 
20141020 19:11:29 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:11:29 Restart pause 2 second(s) 
20141020 19:11:31 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:11:31 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:11:31 I UDPv4 link local: [undef] 
20141020 19:11:31 I UDPv4 link remote: [AF_INET]109.201.135.220:443 
20141020 19:12:31 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:12:31 N TLS Error: TLS handshake failed 
20141020 19:12:31 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:12:31 Restart pause 2 second(s) 
20141020 19:12:33 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:12:33 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:12:33 I UDPv4 link local: [undef] 
20141020 19:12:33 I UDPv4 link remote: [AF_INET]46.166.188.198:443 
20141020 19:13:33 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
20141020 19:13:33 N TLS Error: TLS handshake failed 
20141020 19:13:33 I SIGUSR1[soft tls-error] received process restarting 
20141020 19:13:33 Restart pause 2 second(s) 
20141020 19:13:35 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
20141020 19:13:35 Socket Buffers: R=[172032->131072] S=[172032->131072] 
20141020 19:13:35 I UDPv4 link local: [undef] 
20141020 19:13:35 I UDPv4 link remote: [AF_INET]109.201.135.220:443 
20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:13:48 D MANAGEMENT: CMD 'state' 
20141020 19:13:48 MANAGEMENT: Client disconnected 
20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:13:48 D MANAGEMENT: CMD 'state' 
20141020 19:13:48 MANAGEMENT: Client disconnected 
20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:13:48 D MANAGEMENT: CMD 'state' 
20141020 19:13:48 MANAGEMENT: Client disconnected 
20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:13:48 D MANAGEMENT: CMD 'status 2' 
20141020 19:13:48 MANAGEMENT: Client disconnected 
20141020 19:13:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 
20141020 19:13:48 D MANAGEMENT: CMD 'log 500' 
19700101 01:00:00 

ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher aes-256-cbc auth sha1 remote nl.privateinternetaccess.com 443 comp-lzo yes tun-mtu 1500 mtu-disc yes ns-cert-type server fast-io tun-ipv6 tls-auth /tmp/openvpncl/ta.key 1

 

DD WRT Configurations

 

 

 

 

 

Share this post


Link to post

Hello!

 

The server IP/Name is not ours.

 

The "tun0" in the iptables rules might be tun1, please check it out (just use command "ifconfig" on the router to see the names of all interfaces).

 

The "TLS Cipher" set to "None" might be wrong, which options do you have in that combo box?

 

Kind regards

Share this post


Link to post

Hi, thanks for the quick response.

 

The wrong url seems to is unintended maybe one mistake in the trail and error phase  (I had the resolved ip and different other airvpn servers)

 

I THINK the problem was that I used a router behind another modem-router that connects to the WAN, so I used the ip of the modem-router (which is 192.168.0.1 instead of 3.1)

 

Never mind it works now. Thank you anyway!

 

 

Interessting: no matter what TLS Ciper I use it seems to work BUT only after 1 TLS Handshake timeout error

 

EDIT: Also it was tun1 not tun0. For future reference, check this in DD-WRT with the Admin Web UI -> Administration -> Commands -> Enter "ifconfig" -> Run Commands

Share this post


Link to post

Interessting: no matter what TLS Ciper I use it seems to work BUT only after 1 TLS Handshake timeout error

 

Hello!

 

Yes, that's confirmed in at least another case, it is perhaps a bug in some DD-WRT builds. Generally, on a lot of builds the wrong ciphers

"TLS-DHE-RSA-WITH-AES-128-CBC-SHA" or "None" (either the first or the second)

work at the first shot.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...