Trouble with VPN

I had VPN up and runnig without any Problem before. then I changed to letsencrypt and for that I renamed my box to a public name. since then I can’t establis a tunnel anymore.

I don’t see any errormessages neiter in firewall log nor in messages.

this is the output of the VPN Client:
OpenVPN 2.3.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 10 2016
Windows version 6.2 (Windows 8 or greater) 64bit
library versions: OpenSSL 1.0.1u 22 Sep 2016, LZO 2.09
MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Need hold release from management interface, waiting…
MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
MANAGEMENT: CMD 'state on’
MANAGEMENT: CMD 'log all on’
MANAGEMENT: CMD 'hold off’
MANAGEMENT: CMD 'hold release’
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Socket Buffers: R=[65536->65536] S=[65536->65536]
MANAGEMENT: >STATE:1490083111,RESOLVE,
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]192.168.178.1:1194
MANAGEMENT: >STATE:1490083111,WAIT,
MANAGEMENT: >STATE:1490083111,AUTH,
TLS: Initial packet from [AF_INET]:1194, sid=fcc3ff66 d08594e5
VERIFY OK: depth=0, CN=NethServer,
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
MANAGEMENT: >STATE:1490083172,RECONNECTING,tls-error,

any help ot hint would be appreciated.

Peter

NethServer Version: 6.8

Delete and readd the VPN, in nethserver, make sure your user is established and re-download the ovpn configuration file and cert and try again. Might be an issue with the name change and re adding it never hurts. :slight_smile:

Edit: oh my bad I skimmed the error log to fast. You need a cert. It’s just not authenticating. So it fails because it is looking for a cert, not seeing it, and kicking you. Look into that and you’re golden.

1 Like

Joel, thank you for your replay. how do I add a Certificate? I thought Nethserver will do that when I Install VPN?

Well you need a cert on any device you use it on. Not sure how 6 handles it, I’m on 7 but there should be an option in the VPN on nethserver for username password Auth or cert user and pass Auth. If you don’t want to use a cert that’s something you set up when you set up the VPN. Or just click on the drop down menu beside your user and download the cert.

I solved it by uninstalling VPN and reinstall it.
Thank you for your help.

1 Like

after working for a few days the problem rised again with the same error as above.
Could it be that my VPN uses the letsEncrypr certificate? Where can I set the Server Certificate for the VPN or check wich Certificate is used on the VPN?

I think I am now confused, you don’t use anything from letsencrypt for openvpn…can you post a screenshot of your settings in openvpn?

Accounts: name, or if you like choose an existing user (user@domain.com)
Client: Dont use, not for what you are doing, should be empty
OpenVPN: Check the box for enable server, check “username, password, and certificate”, routed mode, network is “10.0.0.0” or similar structure, netmask is “255.255.255.0”, under advanced check all boxes, and lastly, enable lzo compression. A screenshot would be helpful, this is an issue with config, BUT the fact that it worked and stopped working suggests another issue. You post a logfile? Under Log viewer/openvpn.log

1 Like

I Solved it. Thank you. I checked the settings accordingly your tips.
The main problem was: dyndns didn’t update my IP Address :frowning:

1 Like

Haha! Thats always a bad thing. Woops! duckdns is free, I know dyn is paid. I used to use them before I got a domain, just a plug.