OpenVPN issue in Road warrior Configuration

Support
,
1

Hi,

Nethserver Version 7.9

I am facing VPN issue at Roadwarrior Server. Please help and guide …

Wed Jan 20 04:18:19 2021 146.88.240.4:38011 TLS: Initial packet from [AF_INET]146.88.240.4:38011 (via [AF_INET]192.168.1.123%br0), sid=12121212 12121212
Wed Jan 20 04:19:19 2021 146.88.240.4:38011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 20 04:19:19 2021 146.88.240.4:38011 TLS Error: TLS handshake failed
Wed Jan 20 04:19:19 2021 146.88.240.4:38011 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Jan 20 10:41:20 2021 185.200.118.53:45233 TLS: Initial packet from [AF_INET]185.200.118.53:45233 (via [AF_INET]192.168.1.123%br0), sid=12121212 12121212
Wed Jan 20 10:42:20 2021 185.200.118.53:45233 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jan 20 10:42:20 2021 185.200.118.53:45233 TLS Error: TLS handshake failed
Wed Jan 20 10:42:20 2021 185.200.118.53:45233 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Jan 20 13:02:56 2021 MANAGEMENT: Client connected from /var/spool/openvpn/host-to-net
Wed Jan 20 13:02:56 2021 MANAGEMENT: CMD ‘status 3’
Wed Jan 20 13:02:56 2021 MANAGEMENT: Client disconnected
Wed Jan 20 13:02:56 2021 MANAGEMENT: Client connected from /var/spool/openvpn/host-to-net
Wed Jan 20 13:02:56 2021 MANAGEMENT: CMD ‘status 3’
Wed Jan 20 13:02:56 2021 MANAGEMENT: Client disconnected

2

It all indicates you dont have a proper connection or the server is not reachable.

3

@Hitesh_Dubey
does your NethServer installation have a RED and a GREEN network card/zone?
Also: are you trying to test the connection from inside your GREEN network?

4

Hi,

FYI

Screenshot 2021-01-22 at 8.40.12 PM
Screenshot 2021-01-22 at 8.40.12 PM1036×306 20.5 KB

5

Answer is “No RED zone”, from your screenshot.

I don’t know if into NethServer is mandatory have at least a RED interface for correctly use Roadwarrior…

6

@Hitesh_Dubey
@pike

Hi

A Nethserver can be an OpenVPN Server without having two “real” interfaces.

But this needs a route set on the router / gateway for the VPN network (usually something with 10.x.x.x) pointing back to the LAN Interface of NethServer…

My 2 cents
Andy

1 Like
7

Also getting this error message box. what it means.

Screenshot 2021-01-22 at 9.01.55 PM

8

This is exactly what I had to do using a static route on my router for the IP range of the the OpenVPN network for my equipment to communicate. NS was able to pass all of the traffic along that I needed but my end devices on my home LAN didn’t know where to send the traffic back to (NS is not my gateway/routing device but a standalone 1 interface VM) until the static route was created.

I believe this is saying your public IP is the same before and after you have connected to your VPN. Some VPN providers will route ALL of your traffic through the VPN device (NS in this case) and that the public IP address should change to that of the VPN device (that of NS again in this case). There is an option you can select to route all traffic through the NS VPN if desired. My venacular is horrible but the term i think describes this is called split tunneling.

image
image1668×920 100 KB

9

If i am selecting "Route All traffic to VPN " Then i am facing this error.

Screenshot 2021-01-22 at 9.46.12 PM
Screenshot 2021-01-22 at 9.46.12 PM693×183 39.8 KB