champtar
commented
3 years ago Hi @vdb-sander Haven't played with Phantap in a long time, so maybe something broke with newer OpenWrt version, what version are you using ?
Closed vdb-sander closed 3 years ago
champtar
commented
3 years ago Hi @vdb-sander Haven't played with Phantap in a long time, so maybe something broke with newer OpenWrt version, what version are you using ?
vdb-sander
commented
3 years ago Hi @vdb-sander Haven't played with Phantap in a long time, so maybe something broke with newer OpenWrt version, what version are you using ?
phantap - 2020.12.31-a7177235-1 OpenWrt SNAPSHOT, r16087-1d412235a5
champtar
commented
3 years ago 5.4.101 is the kernel version, are you using OpenWrt 21.02 or master ?
vdb-sander
commented
3 years ago Yes I was too quick. I edited my comment.
vdb-sander
commented
3 years ago I installed this build and now it works. https://archive.openwrt.org/releases/19.07.0/targets/ath79/generic/openwrt-19.07.0-ath79-generic-glinet_gl-ar150-squashfs-sysupgrade.bin
champtar
commented
3 years ago Can you try latest 19.07 ?
vdb-sander
commented
3 years ago The same issue popped up again. No internet connection when connected via WLAN. Workstation is connected to the LAN port and network is connected to the WAN port.
I use GL.iNet AR150. What I have done so far:
opkg update
opkg install phantap
/etc/init.d/phantap setup
uci delete network.@device[0].ports
uci delete network.wan.device
uci delete network.wan6.device
uci add_list network.br_phantap.ports='eth0'
uci add_list network.br_phantap.ports='eth1'
uci commit network
/etc/init.d/network reloadHere is more info:
root@OpenWrt:/etc# cat openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='SNAPSHOT'
DISTRIB_REVISION='r17631-9c3b1d5563'
DISTRIB_TARGET='ath79/generic'
DISTRIB_ARCH='mips_24kc'
DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r17631-9c3b1d5563'
DISTRIB_TAINTS=''root@OpenWrt:~# uname -a
Linux OpenWrt 5.4.145 #0 Tue Sep 28 12:27:34 2021 mips GNU/Linuxroot@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.2.1 0.0.0.0 UG 0 0 0 br-lan
169.254.66.100 * 255.255.255.254 U 0 0 0 br-phantap
192.168.1.1 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.2 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.14 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.33 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.38 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.44 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.46 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.52 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.56 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.1.253 * 255.255.255.255 UH 0 0 0 br-phantap
192.168.2.0 * 255.255.255.0 U 0 0 0 br-lan1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-phantap state UP group default qlen 1000
link/ether 94:83:c4:00:2a:9c brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-phantap state UP group default qlen 1000
link/ether 94:83:c4:00:2a:9c brd ff:ff:ff:ff:ff:ff
5: br-phantap: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 94:83:c4:00:2a:9c brd ff:ff:ff:ff:ff:ff
inet 169.254.66.100/31 brd 255.255.255.255 scope global br-phantap
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 94:83:c4:00:2a:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.2.2/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 fde2:35d3:83e3::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::9683:c4ff:fe00:2a9c/64 scope link
valid_lft forever preferred_lft forever
7: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
link/ether 94:83:c4:00:2a:9c brd ff:ff:ff:ff:ff:ff
inet6 fe80::9683:c4ff:fe00:2a9c/64 scope link
valid_lft forever preferred_lft foreverroot@OpenWrt:~# logread | grep phantap
Tue Sep 28 12:47:02 2021 user.warn kernel: [ 15.560913] phantap: Anti-leak rules installed
Tue Sep 28 12:47:15 2021 daemon.notice procd: /etc/rc.d/S90phantap: OpenWrt failsafe is on, the device will leak it's MAC address during early boot
Tue Sep 28 12:47:15 2021 daemon.notice procd: /etc/rc.d/S90phantap: See https://github.com/nccgroup/phantap/blob/master/README.md#limitations-or-how-it-can-be-detected-
Tue Sep 28 12:47:23 2021 kern.info kernel: [ 44.290061] br-phantap: port 1(eth0) entered blocking state
Tue Sep 28 12:47:23 2021 kern.info kernel: [ 44.294185] br-phantap: port 1(eth0) entered disabled state
Tue Sep 28 12:47:23 2021 kern.info kernel: [ 44.345103] br-phantap: port 1(eth0) entered blocking state
Tue Sep 28 12:47:23 2021 kern.info kernel: [ 44.349314] br-phantap: port 1(eth0) entered forwarding state
Tue Sep 28 12:47:23 2021 daemon.notice netifd: Interface 'phantap' is enabled
Tue Sep 28 12:47:23 2021 daemon.notice netifd: Interface 'phantap' is setting up now
Tue Sep 28 12:47:23 2021 user.warn kernel: [ 44.411857] phantap: Configuring bridge br-phantap (hotplug)...
Tue Sep 28 12:47:23 2021 daemon.notice netifd: Interface 'phantap' is now up
Tue Sep 28 12:47:23 2021 kern.info kernel: [ 44.497756] br-phantap: port 2(eth1) entered blocking state
Tue Sep 28 12:47:23 2021 kern.info kernel: [ 44.501986] br-phantap: port 2(eth1) entered disabled state
Tue Sep 28 12:47:23 2021 user.warn kernel: [ 44.526938] phantap: Bridge br-phantap configured (hotplug)
Tue Sep 28 12:47:23 2021 daemon.notice netifd: bridge 'br-phantap' link is up
Tue Sep 28 12:47:23 2021 daemon.notice netifd: Interface 'phantap' has link connectivity
Tue Sep 28 12:47:24 2021 user.warn kernel: [ 45.393137] phantap: Starting (hotplug)...
Tue Sep 28 12:47:25 2021 kern.info kernel: [ 46.584106] br-phantap: port 2(eth1) entered blocking state
Tue Sep 28 12:47:25 2021 kern.info kernel: [ 46.589701] br-phantap: port 2(eth1) entered forwarding state
Tue Sep 28 12:47:25 2021 kern.info kernel: [ 46.706743] device br-phantap entered promiscuous mode
Tue Sep 28 12:47:26 2021 user.notice firewall: Reloading firewall due to ifup of phantap (br-phantap)
Tue Sep 28 12:47:34 2021 daemon.info phantap-learn[1921]: New DHCP config detected: IP=192.168.1.14 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS=192.168.1.1 NTP=192.168.1.1
Tue Sep 28 12:47:34 2021 daemon.info phantap-learn[1921]: block_traffic()
Tue Sep 28 12:47:35 2021 daemon.info phantap-learn[1921]: Gateway MAC: E0:B9:E5:14:FA:E8
Tue Sep 28 12:47:35 2021 daemon.info phantap-learn[1921]: Victim MAC: B0:0C:D1:48:7C:9F
Tue Sep 28 12:47:35 2021 daemon.info phantap-learn[1921]: set_network: P_VICTIM_MAC=B0:0C:D1:48:7C:9F P_VICTIM_IP=192.168.1.14 P_NETMASK=255.255.255.0 P_GATEWAY_MAC=E0:B9:E5:14:FA:E8 P_GATEWAY_IP=192.168.1.1 P_DNS=192.168.1.1 P_NTP=192.168.1.1
Tue Sep 28 12:47:35 2021 daemon.info phantap-learn[1921]: conf_net: P_VICTIM_MAC=B0:0C:D1:48:7C:9F P_VICTIM_IP=192.168.1.14 P_GATEWAY_MAC=E0:B9:E5:14:FA:E8 P_GATEWAY_IP=192.168.1.1 P_DNS=192.168.1.1
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: Warning: Unable to locate ipset utility, disabling ipset support
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: Warning: Section @zone[1] (wan) cannot resolve device of network 'wan'
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: Warning: Section @zone[1] (wan) has no device, network, subnet or extra options
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: * Clearing IPv4 filter table
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: * Clearing IPv4 nat table
Tue Sep 28 12:47:36 2021 daemon.err phantap-learn[1921]: * Clearing IPv4 mangle table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Populating IPv4 filter table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-DHCP-Renew'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-Ping'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-IGMP'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-IPSec-ESP'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-ISAKMP'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Forward 'lan' -> 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'lan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'phantap'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Populating IPv4 nat table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'lan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'phantap'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Populating IPv4 mangle table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'lan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'phantap'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Clearing IPv6 filter table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Clearing IPv6 mangle table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Populating IPv6 filter table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-DHCPv6'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-MLD'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-ICMPv6-Input'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-ICMPv6-Forward'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-IPSec-ESP'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Rule 'Allow-ISAKMP'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Forward 'lan' -> 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'lan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'phantap'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Populating IPv6 mangle table
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'lan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'wan'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Zone 'phantap'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Set tcp_ecn to off
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Set tcp_syncookies to on
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Set tcp_window_scaling to on
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: * Running script '/tmp/phantap.firewall'
Tue Sep 28 12:47:37 2021 daemon.err phantap-learn[1921]: iptables: No chain/target/match by that name.
Tue Sep 28 12:47:38 2021 daemon.info phantap-learn[1921]: PhanTap firewall rules reloaded, you now have internet
Tue Sep 28 12:47:43 2021 daemon.info phantap-learn[1921]: set_network: loading new BPF filter (dhcp only)
Tue Sep 28 12:48:57 2021 kern.info kernel: [ 138.101664] br-phantap: port 2(eth1) entered disabled state
Tue Sep 28 12:48:59 2021 kern.info kernel: [ 140.183862] br-phantap: port 2(eth1) entered blocking state
Tue Sep 28 12:48:59 2021 kern.info kernel: [ 140.189430] br-phantap: port 2(eth1) entered forwarding state
Tue Sep 28 12:49:07 2021 daemon.info phantap-learn[1921]: No DHCP config changesAfter 'you now have internet' log, from the router can you ping/curl 1.1.1.1 ? ping/curl google.com ?
vdb-sander
commented
3 years ago So, assume phantap is connected between a workstation and the network (with internet access). Then using another device, I connect to the Phantap Wifi and log in on the router using SSH. There I can't ping/curl 1.1.1.1 and/or ping/curl google.com.
champtar
commented
3 years ago you have a gateway on br-lan, that might be the issue. Can you show 'ip r'.
vdb-sander
commented
3 years ago root@OpenWrt:~# ip r
default via 192.168.2.1 dev br-lan proto static
169.254.66.100/31 dev br-phantap proto kernel scope link src 169.254.66.100
192.168.1.1 dev br-phantap proto 255 scope link
192.168.1.14 dev br-phantap proto 255 scope link
192.168.1.33 dev br-phantap proto 255 scope link
192.168.1.44 dev br-phantap proto 255 scope link
192.168.1.45 dev br-phantap proto 255 scope link
192.168.1.52 dev br-phantap proto 255 scope link
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.2 You changed the lan network config at some point and added 192.168.2.1 as gateway, remove it and reboot
vdb-sander
commented
3 years ago That is correct. I had to change the config as I shared my Macbook's internet connection with the phantap device in the beginning of the setup. Now I removed it and I confirm internet connectivity when connected to WLAN. Thank you for that.
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=118 time=14.815 ms
64 bytes from 8.8.8.8: seq=1 ttl=118 time=14.582 ms
64 bytes from 8.8.8.8: seq=2 ttl=118 time=14.456 msHowever, I noticed phantap is not able to connect to my VPN. The reason is not the VPN itself because I still can connect to it from any other device.
Wed Sep 29 16:28:19 2021 daemon.err openvpn(client)[2441]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 29 16:28:19 2021 daemon.err openvpn(client)[2441]: TLS Error: TLS handshake failed
Wed Sep 29 16:28:19 2021 daemon.notice openvpn(client)[2441]: SIGUSR1[soft,tls-error] received, process restartingMight this be firewall related? The VPN server is running on port 8443.
root@OpenWrt:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].name='Support-UDP-Traceroute'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest_port='33434:33689'
firewall.@rule[9].proto='udp'
firewall.@rule[9].family='ipv4'
firewall.@rule[9].target='REJECT'
firewall.@rule[9].enabled='false'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.phantapz=zone
firewall.phantapz.name='phantap'
firewall.phantapz.input='DROP'
firewall.phantapz.output='ACCEPT'
firewall.phantapz.forward='ACCEPT'
firewall.phantapz.network='phantap'
firewall.phantapi=include
firewall.phantapi.path='/tmp/phantap.firewall'
firewall.phantapi.reload='1'Time on device seems wrong, this might be the cause
vdb-sander
commented
3 years ago What do you think of this? I didn't change the time or date, but after a couple of TLS errors, the device managed to set up the VPN connection.
Wed Sep 29 18:04:42 2021 daemon.warn openvpn(client)[2460]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Sep 29 18:04:42 2021 daemon.notice openvpn(client)[2460]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:04:42 2021 daemon.notice openvpn(client)[2460]: UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Sep 29 18:04:42 2021 daemon.notice openvpn(client)[2460]: UDPv4 link remote: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:05:42 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 29 18:05:42 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS handshake failed
Wed Sep 29 18:05:42 2021 daemon.notice openvpn(client)[2460]: SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 29 18:05:47 2021 daemon.warn openvpn(client)[2460]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Sep 29 18:05:47 2021 daemon.notice openvpn(client)[2460]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:05:47 2021 daemon.notice openvpn(client)[2460]: UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Sep 29 18:05:47 2021 daemon.notice openvpn(client)[2460]: UDPv4 link remote: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:06:47 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 29 18:06:47 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS handshake failed
Wed Sep 29 18:06:47 2021 daemon.notice openvpn(client)[2460]: SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 29 18:06:57 2021 daemon.warn openvpn(client)[2460]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Sep 29 18:06:57 2021 daemon.notice openvpn(client)[2460]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:06:57 2021 daemon.notice openvpn(client)[2460]: UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Sep 29 18:06:57 2021 daemon.notice openvpn(client)[2460]: UDPv4 link remote: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:07:57 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 29 18:07:57 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS handshake failed
Wed Sep 29 18:07:57 2021 daemon.notice openvpn(client)[2460]: SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 29 18:08:17 2021 daemon.warn openvpn(client)[2460]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Sep 29 18:08:17 2021 daemon.notice openvpn(client)[2460]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:08:17 2021 daemon.notice openvpn(client)[2460]: UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Sep 29 18:08:17 2021 daemon.notice openvpn(client)[2460]: UDPv4 link remote: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:09:17 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Sep 29 18:09:17 2021 daemon.err openvpn(client)[2460]: TLS Error: TLS handshake failed
Wed Sep 29 18:09:17 2021 daemon.notice openvpn(client)[2460]: SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 29 18:09:57 2021 daemon.warn openvpn(client)[2460]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: TCP/UDP: Preserving recently used remote address: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: UDPv4 link remote: [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: [STRIPPED] Peer Connection Initiated with [AF_INET]IP_STRIPPED:8443
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: TUN/TAP device tun0 opened
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: net_iface_mtu_set: mtu 1500 for tun0
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: net_iface_up: set tun0 up
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: net_addr_v4_add: 10.0.9.2/24 dev tun0
Wed Sep 29 18:09:57 2021 daemon.notice openvpn(client)[2460]: /usr/libexec/openvpn-hotplug up client tun0 1500 1552 10.0.9.2 255.255.255.0 init
Wed Sep 29 18:09:58 2021 daemon.warn openvNo idea ... If udp is ok switch to wireguard on port 53/123/443, or even run both
vdb-sander
commented
3 years ago We setup a completely new VPN Server and synced the date. Everything is working smooth now.
uci set system.ntp.enable_server="1"
uci -q delete system.ntp.server
uci add_list system.ntp.server="0.be.pool.ntp.org"
uci add_list system.ntp.server="1.be.pool.ntp.org"
uci add_list system.ntp.server="2.be.pool.ntp.org"
uci add_list system.ntp.server="3.be.pool.ntp.org"
uci commit system
/etc/init.d/sysntpd restart
Phantap was set up properly. The ethernet cable coming from the switch is connected to the LAN port and my laptop is connected to the WAN port. I do have internet connection from my laptop but not when I connect via WLAN to the device. I use GL.iNet AR150. Please refer to the terminal output below: