NethServer Version: 7.7.1908
Module: VPN RoadWarrior
Hi Community,
I’ve tried to setup an OpenVPN on several NethServer installations. My router is a fritzbox and the internet connection is a ds lite with an ipv6 address. The fritzbox is connected to myfritz. Following settings I do at the VPN-Server:
- I take the myfritz address of my box as FQDN for the VPN.
- The users at the server are only vpn-users.
- Authentication is set to certificate
- Port is UDP 1194 for the first and 1195 for the second server
- Compression is tried with LZO and without compression
At the fritzbox I activated portforwarding for 1194 UDP to the first and 1195 UDP to the second server.
If I try to connect I get an TLS handshake error, I think the server is not found.
2020-03-10 22:55:53.608709 *Tunnelblick: macOS 10.15.2 (19C57); Tunnelblick 3.8.1 (build 5400); prior version 3.4beta20 (build 3727)
2020-03-10 22:55:53.905779 *Tunnelblick: Attempting connection with mtraeumner using shadow copy; Set nameserver = 769; monitoring connection
2020-03-10 22:55:53.906712 *Tunnelblick: openvpnstart start mtraeumner.tblk 61949 769 0 1 0 1098032 -ptADGNWradsgnw 2.4.7-openssl-1.0.2t
2020-03-10 22:55:53.930169 *Tunnelblick: openvpnstart starting OpenVPN
2020-03-10 22:55:54.261540 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 11 2019
2020-03-10 22:55:54.261626 library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
2020-03-10 22:55:54.263056 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:61949
2020-03-10 22:55:54.263127 Need hold release from management interface, waiting...
2020-03-10 22:55:54.531445 *Tunnelblick: openvpnstart log:
OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2t/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SUsers-SMichael-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smtraeumner.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098032.61949.openvpn.log
--cd /Library/Application Support/Tunnelblick/Users/Michael/mtraeumner.tblk/Contents/Resources
--machine-readable-output
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5400 3.8.1 (build 5400)"
--verb 3
--config /Library/Application Support/Tunnelblick/Users/Michael/mtraeumner.tblk/Contents/Resources/config.ovpn
--setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/Michael/mtraeumner.tblk/Contents/Resources
--verb 3
--cd /Library/Application Support/Tunnelblick/Users/Michael/mtraeumner.tblk/Contents/Resources
--management 127.0.0.1 61949 /Library/Application Support/Tunnelblick/jdihebmnnoboagckenbeclhhhfbmdfggafdghkcd.mip
--management-query-passwords
--management-hold
--script-security 2
--route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
--down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
2020-03-10 22:55:54.546705 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:61949
2020-03-10 22:55:54.575914 MANAGEMENT: CMD 'pid'
2020-03-10 22:55:54.576030 MANAGEMENT: CMD 'auth-retry interact'
2020-03-10 22:55:54.576098 MANAGEMENT: CMD 'state on'
2020-03-10 22:55:54.576261 MANAGEMENT: CMD 'state'
2020-03-10 22:55:54.576344 MANAGEMENT: CMD 'bytecount 1'
2020-03-10 22:55:54.576865 *Tunnelblick: Established communication with OpenVPN
2020-03-10 22:55:54.579538 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2020-03-10 22:55:54.582868 MANAGEMENT: CMD 'hold release'
2020-03-10 22:55:54.594802 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-03-10 22:55:54.594891 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-10 22:55:54.597137 TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:16b8:b03:fbc4:464e:6dff:fe49:4ac4:1194
2020-03-10 22:55:54.597265 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-03-10 22:55:54.597303 UDP link local: (not bound)
2020-03-10 22:55:54.597336 UDP link remote: [AF_INET6]2001:16b8:b03:fbc4:464e:6dff:fe49:4ac4:1194
2020-03-10 22:55:54.597391 MANAGEMENT: >STATE:1583877354,WAIT,,,,,,
2020-03-10 22:56:54.343871 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2020-03-10 22:56:54.344188 TLS Error: TLS handshake failed
2020-03-10 22:56:54.344602 SIGUSR1[soft,tls-error] received, process restarting
2020-03-10 22:56:54.344698 MANAGEMENT: >STATE:1583877414,RECONNECTING,tls-error,,,,,
2020-03-10 22:56:54.358690 MANAGEMENT: CMD 'hold release'
2020-03-10 22:56:54.358845 MANAGEMENT: CMD 'hold release'
2020-03-10 22:56:54.361117 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-03-10 22:56:54.361235 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-03-10 22:56:54.361455 TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:16b8:b03:fbc4:464e:6dff:fe49:4ac4:1194
2020-03-10 22:56:54.361538 Socket Buffers: R=[786896->786896] S=[9216->9216]
2020-03-10 22:56:54.361574 UDP link local: (not bound)
2020-03-10 22:56:54.361844 UDP link remote: [AF_INET6]2001:16b8:b03:fbc4:464e:6dff:fe49:4ac4:1194
2020-03-10 22:56:54.361900 MANAGEMENT: >STATE:1583877414,WAIT,,,,,,
2020-03-10 22:56:56.747402 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed
2020-03-10 22:56:56.893511 *Tunnelblick: Disconnecting using 'kill'
2020-03-10 22:56:57.065071 event_wait : Interrupted system call (code=4)
2020-03-10 22:56:57.065239 SIGTERM received, sending exit notification to peer
2020-03-10 22:56:58.229679 SIGTERM[soft,exit-with-notification] received, process exiting
2020-03-10 22:56:58.229749 MANAGEMENT: >STATE:1583877418,EXITING,exit-with-notification,,,,,
2020-03-10 22:56:58.598561 *Tunnelblick: Expected disconnection occurred.
Tried this with different clients and different hotspots. Hotspots where both Vodafone, also with an IPv6 address.
Thanks for your help in advance
Michael