Some users cannot login to Openvpn

ns_nirosh · June 24, 2020, 6:09pm

Hello everyone, our nethserver is working normally without giving errors. But yesterday one of the users has move to the another apartment where he use Telecom italia internet (TIM). But he cannot login to Openvpn.
his error on Openvpn Gui log is followed;
TLS key negotioation failed.
TLS handshake failed.

I checked on server logs how to identify the error, but nothing is found on the server about his login.
Then I copied his config and cert files on my computer to try login and I succeeded.
Problem is his TIM internet line or our server?

Can it be an issue like “the same public IPs were assigned to different users”…copied from a TIM user experience ???

ns_nirosh · June 25, 2020, 1:06pm

Dear all, this morning I’ve heard that even throught the wifi hotspot that is generated by an iPhone is not helping to connect VPN. I reset flushdns and winsock but no chance. any ideas please ?

saitobenkei · June 25, 2020, 1:23pm

If you have installed fail2ban, check that the ip where you connect from has not been banned.

ns_nirosh · June 25, 2020, 1:28pm

I have not installed fail2ban. Thanks very much for your effort

saitobenkei · June 25, 2020, 1:35pm

Have you tried to uninstall and reinstall the openvpn client from the user’s pc?
In some cases I had to do it in order to reset a broken connection.

ns_nirosh · June 25, 2020, 1:51pm

Yes i did it but no chance.

mrmarkuz · June 25, 2020, 4:37pm

Maybe the client firewall or the firewall of the apartment blocks the traffic?

ns_nirosh · June 25, 2020, 4:55pm

Dear mrmarkuz, your suggession are great but I tried all these settings but had no chance.
I also allowed the Openvpn Daemon on Win10 firewall to jump to the connection but nothing. This user was able to connect from his computer from his home, but now he traveled with his computer West italy. yesterday he tried this connection for the first time.

mrmarkuz · June 25, 2020, 7:01pm

Does the client get a local or a public IP?

There seem to be issues regarding openvpn and tim:

https://forums.openvpn.net/viewtopic.php?p=88389

ns_nirosh · June 26, 2020, 7:03am

mrmarkuz, you have got the right review from the Tim user, I have read this discussion. But I cannot understand what’s you question and don’t know how to respond - where can I find those IP?
At the end of this Tim conversation the user commented that he solved the problem but to analys the way he has done is little bit difficult to me.

saitobenkei · June 26, 2020, 7:10am

The user can ping the nethserver or see the nethserver landing page if he/she digit http://ip.of.your.nethserver in a browser?

ns_nirosh · June 26, 2020, 8:06am

Dear Saitobenkei, the user cannot ping nethserver because he has no possible to connect openvpn.

saitobenkei · June 26, 2020, 8:08am

I mean the public ip of the nethserver or the router of the lan where the nethserver is installed.

ns_nirosh · June 26, 2020, 8:31am

That’s a real point, user cannot ping the public ip address where the nethserver is located.
I tried also tracert publicipaddress but sometimes gives me timeout error.

ns_nirosh · June 30, 2020, 8:10am

Dear friends, any idea about the matter that we’ve been talking about?

saitobenkei · June 30, 2020, 8:39am

if you’re already having trouble connecting to your server before you even run the VPN client, I’d say we know why…

ns_nirosh · June 30, 2020, 9:00am

May be I have to search for another solution.

saitobenkei · June 30, 2020, 9:09am

All right, then,

First of all, you need to understand why the public IP on your server isn’t reachable from that line.

Is it reachable from another internet connection? Does it answer the ping? Is the Nethserver landing page (if ports 80 and 443 are turned to the private ip of your server from your router/firewall) reachable from the outside?

https://your.public.ip.address

Is there any wrong blocking/configuration on YOUR firewall/router that could block the IP from where your colleague is trying to connect?

Is the Nethserver also used as a firewall (so with two network cards)?

ns_nirosh · June 30, 2020, 9:27am

Public IP on your server isn’t reachable from that line - no
Is it reachable from another internet connection? - Yes (from my home i can, but from the home of my boss cannot). We also tried through iphone hotspot to connect but couldn’t.
Does it answer the ping? No

Is the Nethserver landing page (if ports 80 and 443 are turned to the private ip of your server from your router/firewall) reachable from the outside? - do you mean that I must allow port forwarding on the routher allowing the ports 80 and 443?

Is there any wrong blocking/configuration on YOUR firewall/router that could block the IP from where your colleague is trying to connect? as i know no blocks

Is the Nethserver also used as a firewall (so with two network cards)? with two network cards

sorry for bother b’cos i want to break down the issue where the problem is arrised.

saitobenkei · June 30, 2020, 9:32am

What does your network look like?

LAN -------- (first NIC)[ Nethserver ](second NIC) -------- [ Router ] ---------- (Internet)