CONNECT method not working

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Install and configure OpenVPN on https port (443)
2. Setup proxy to 'localhost:8080' on client
3. Try to connect

What is the expected output? What do you see instead?
Expected : connexion up and running
See instead : 
...
Mon May 25 14:01:04 2009 Attempting to establish TCP connection with 
127.0.0.1:8080
Mon May 25 14:01:04 2009 TCP connection established with 127.0.0.1:8080
Mon May 25 14:01:04 2009 Send to HTTP proxy: ‘CONNECT xxx.xxx.xxx.xxx:443 
HTTP/1.0′
Mon May 25 14:01:10 2009 recv_line: TCP port read timeout expired
Mon May 25 14:01:10 2009 TCP/UDP: Closing socket
Mon May 25 14:01:10 2009 SIGTERM[soft,init_instance] received, process 
exiting

---

What version of the product are you using? On what operating system?
OpenVPN 2.0.9 + Gui 1.0.3, HTC Magic SFR, winXP SP3

Please provide any additional information below.
http works fine
https seems to be slow

Original issue reported on code.google.com by christian.kungler on 26 May 2009 at 3:23

[GoogleCodeExporter]

What I see is that There is a timeout 6 secondes later.

I saw that provider's timeout on HTTPS are very small.
Could you try on wifi and see how long it take when it work to connect ?

Original comment by mike.bar...@gmail.com on 28 May 2009 at 9:20

• Changed state: Accepted

[GoogleCodeExporter]

And to say, CONNECT is the easiest mode to handle : I just forward all traffic 
from
client to server and vice-versa. There is no filter, no protocol to handle, 
nothing.
Just forward stream ...

I also have a dedibox so I'll try to configure openvpn on it.
but I already tried to put a ssh server on port , but I'm on Bouygues Telecom 
and
https timeout is so small thaot it's pratically unusabe. I would have so send 
noop
every seconds ...

Original comment by mike.bar...@gmail.com on 28 May 2009 at 9:25

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

_Direct connect :_

Fri May 29 00:18:15 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 
2006
Fri May 29 00:18:15 2009 IMPORTANT: OpenVPN's default port number is now 1194, 
based
on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier 
used
5000 as the default port.
Fri May 29 00:18:15 2009 WARNING: No server certificate verification method has 
been
enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May 29 00:18:15 2009 LZO compression initialized
Fri May 29 00:18:15 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Fri May 29 00:18:15 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 
ET:0
EL:0 AF:3/1 ]
Fri May 29 00:18:15 2009 Local Options hash (VER=V4): '69109d17'
Fri May 29 00:18:15 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri May 29 00:18:15 2009 Attempting to establish TCP connection with 
xxx.xxx.xxx.xxx:443
Fri May 29 00:18:15 2009 TCP connection established with xxx.xxx.xxx.xxx:443
Fri May 29 00:18:15 2009 TCPv4_CLIENT link local: [undef]
Fri May 29 00:18:15 2009 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:443
Fri May 29 00:18:15 2009 TLS: Initial packet from xxx.xxx.xxx.xxx:xxx, 
sid=4131eb5b
4f3963d3
Fri May 29 00:18:15 2009 VERIFY OK: depth=1,
/C=FR/ST=France/L=Paris/O=xx/CN=xx/emailAddress=me@xx.net
Fri May 29 00:18:15 2009 VERIFY OK: depth=0,
/C=FR/ST=France/O=xx/CN=xx/emailAddress=me@xx.net
Fri May 29 00:18:17 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 
128
bit key
Fri May 29 00:18:17 2009 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for
HMAC authentication
Fri May 29 00:18:17 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 
128
bit key
Fri May 29 00:18:17 2009 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for
HMAC authentication
Fri May 29 00:18:17 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 29 00:18:17 2009 [xx] Peer Connection Initiated with xxx.xxx.xxx.xxx:443
Fri May 29 00:18:18 2009 SENT CONTROL [xx]: 'PUSH_REQUEST' (status=1)
Fri May 29 00:18:18 2009 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway,dhcp-option DNS 88.191.254.60,dhcp-option DNS
88.191.254.70,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 
10.8.0.5'
Fri May 29 00:18:18 2009 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 29 00:18:18 2009 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 29 00:18:18 2009 OPTIONS IMPORT: route options modified
Fri May 29 00:18:18 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option 
options modified
Fri May 29 00:18:18 2009 TAP-WIN32 device [Connexion au réseau local 75] 
opened:
\\.\Global\{xxxxxxxxxx}.tap
Fri May 29 00:18:18 2009 TAP-Win32 Driver Version 8.4 
Fri May 29 00:18:18 2009 TAP-Win32 MTU=1500
Fri May 29 00:18:18 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of
10.8.0.6/255.255.255.252 on interface {xxxxxxxxx} [DHCP-serv: 10.8.0.5, 
lease-time:
31536000]
Fri May 29 00:18:18 2009 Successful ARP Flush on interface [6] {xxxxxxx}
Fri May 29 00:18:18 2009 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri May 29 00:18:18 2009 route ADD xxx.xxx.xxx.xxx MASK 255.255.255.255 
192.168.0.254
Fri May 29 00:18:18 2009 Route addition via IPAPI succeeded
Fri May 29 00:18:18 2009 route DELETE 0.0.0.0 MASK 0.0.0.0 192.168.0.254
Fri May 29 00:18:18 2009 Route deletion via IPAPI succeeded
Fri May 29 00:18:18 2009 route ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Fri May 29 00:18:18 2009 Route addition via IPAPI succeeded
Fri May 29 00:18:18 2009 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Fri May 29 00:18:18 2009 Route addition via IPAPI succeeded
Fri May 29 00:18:18 2009 Initialization Sequence Completed

I used to connect through my W910i without any problems in the same manner.

Original comment by christian.kungler on 28 May 2009 at 10:34

[GoogleCodeExporter]

Ok, thanks. So there is no delay problem : the server answer quick. 

3 possibilities :
1/ On your pc, you install wireshark, dump tcp trame and send them to me
2/ I'll look this week-end how to install openvpn on my dedibox and see if I can
reproduce.
3/ Eventually, I can send you a modified version of Proxoid to log everything 
and you
send me back the log files ? 

Subsidiary question : Do you receive mails on each modification of this issue ?
Because me, no ...

Original comment by mike.bar...@gmail.com on 29 May 2009 at 6:44

[GoogleCodeExporter]

I've tried again with proxoid, but this time, my Magic was connected to wifi.
Exactly the same log as when it is using 3G.
I'll get the log from when I use my company's proxy.

1/ not possible, wireshark cannot dump loopback on windows :/
2/ if you prefer, I can generate a certificate for you to use on my box
3/ I'll gladly help :)

sub : I do :) did you "star" it ?

sub2 : on peut passer en français si tu veux ;)

Original comment by christian.kungler on 29 May 2009 at 7:10

[GoogleCodeExporter]

Trough company proxy :

Fri May 29 12:27:42 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 
2006
Fri May 29 12:27:42 2009 IMPORTANT: OpenVPN's default port number is now 1194, 
based
on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier 
used
5000 as the default port.
Fri May 29 12:27:42 2009 WARNING: No server certificate verification method has 
been
enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri May 29 12:27:42 2009 LZO compression initialized
Fri May 29 12:27:42 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Fri May 29 12:27:42 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 
ET:0
EL:0 AF:3/1 ]
Fri May 29 12:27:42 2009 Local Options hash (VER=V4): '69109d17'
Fri May 29 12:27:42 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Fri May 29 12:27:42 2009 Attempting to establish TCP connection with 
ppp.ppp.ppp.ppp:3128
Fri May 29 12:27:42 2009 TCP connection established with ppp.ppp.ppp.ppp:3128
Fri May 29 12:27:42 2009 Send to HTTP proxy: 'CONNECT xxx.xxx.xxx.xxx:443 
HTTP/1.0'
Fri May 29 12:27:43 2009 HTTP proxy returned: 'HTTP/1.0 200 Connection 
established'
Fri May 29 12:27:43 2009 TCPv4_CLIENT link local: [undef]
Fri May 29 12:27:43 2009 TCPv4_CLIENT link remote: ppp.ppp.ppp.ppp:3128
Fri May 29 12:27:43 2009 TLS: Initial packet from ppp.ppp.ppp.ppp:3128, 
sid=f523f5e8
a9448a50
Fri May 29 12:27:44 2009 VERIFY OK: depth=1,
/C=FR/ST=France/L=Paris/O=xx/CN=xx/emailAddress=me@xx.net
Fri May 29 12:27:44 2009 VERIFY OK: depth=0,
/C=FR/ST=France/O=xx/CN=xx/emailAddress=me@xx.net
Fri May 29 12:27:45 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 
128
bit key
Fri May 29 12:27:45 2009 Data Channel Encrypt: Using 160 bit message hash 
'SHA1' for
HMAC authentication
Fri May 29 12:27:45 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 
128
bit key
Fri May 29 12:27:45 2009 Data Channel Decrypt: Using 160 bit message hash 
'SHA1' for
HMAC authentication
Fri May 29 12:27:45 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Fri May 29 12:27:45 2009 [xx] Peer Connection Initiated with 
ppp.ppp.ppp.ppp:3128
Fri May 29 12:27:46 2009 SENT CONTROL [xx]: 'PUSH_REQUEST' (status=1)
Fri May 29 12:27:46 2009 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway,dhcp-option DNS 88.191.254.60,dhcp-option DNS
88.191.254.70,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 
10.8.0.5'
Fri May 29 12:27:46 2009 OPTIONS IMPORT: timers and/or timeouts modified
Fri May 29 12:27:46 2009 OPTIONS IMPORT: --ifconfig/up options modified
Fri May 29 12:27:46 2009 OPTIONS IMPORT: route options modified
Fri May 29 12:27:46 2009 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option 
options modified
Fri May 29 12:27:46 2009 TAP-WIN32 device [Connexion au réseau local 75] 
opened:
\\.\Global\{XXX}.tap
Fri May 29 12:27:46 2009 TAP-Win32 Driver Version 8.4 
Fri May 29 12:27:46 2009 TAP-Win32 MTU=1500
Fri May 29 12:27:46 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of
10.8.0.6/255.255.255.252 on interface {XXX} [DHCP-serv: 10.8.0.5, lease-time: 
31536000]
Fri May 29 12:27:46 2009 Successful ARP Flush on interface [6] {XXX}
Fri May 29 12:27:46 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri May 29 12:27:46 2009 Route: Waiting for TUN/TAP interface to come up...
Fri May 29 12:27:47 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri May 29 12:27:47 2009 Route: Waiting for TUN/TAP interface to come up...
Fri May 29 12:27:48 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri May 29 12:27:48 2009 Route: Waiting for TUN/TAP interface to come up...
Fri May 29 12:27:49 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri May 29 12:27:49 2009 Route: Waiting for TUN/TAP interface to come up...
Fri May 29 12:27:51 2009 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Fri May 29 12:27:51 2009 Route: Waiting for TUN/TAP interface to come up...
Fri May 29 12:27:52 2009 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri May 29 12:27:52 2009 route ADD ppp.ppp.ppp.ppp MASK 255.255.255.255 
10.82.25.129
Fri May 29 12:27:52 2009 Route addition via IPAPI succeeded
Fri May 29 12:27:52 2009 route DELETE 0.0.0.0 MASK 0.0.0.0 10.82.25.129
Fri May 29 12:27:52 2009 Route deletion via IPAPI succeeded
Fri May 29 12:27:52 2009 route ADD 0.0.0.0 MASK 0.0.0.0 10.8.0.5
Fri May 29 12:27:52 2009 Route addition via IPAPI succeeded
Fri May 29 12:27:52 2009 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Fri May 29 12:27:52 2009 Route addition via IPAPI succeeded
Fri May 29 12:27:52 2009 Initialization Sequence Completed

Original comment by christian.kungler on 29 May 2009 at 10:30

[GoogleCodeExporter]

I uploaded a version last night that shouls correct the problem.
openvpn expect windows CRLF and I was just sending CR.
(I found that CRLF is in http specs ...)

I changed only for https, but I'll make some tests and do it also for http soon 
...

Original comment by mike.bar...@gmail.com on 5 Jun 2009 at 5:59

• Changed state: Fixed