ZoriN89
commented
4 years ago I changed the attached ovpn to 100% working at the moment, but this .ovpn only works on https://play.google.com/store/apps/details?id=net.openvpn.openvpn
Closed ZoriN89 closed 4 years ago
ZoriN89
commented
4 years ago I changed the attached ovpn to 100% working at the moment, but this .ovpn only works on https://play.google.com/store/apps/details?id=net.openvpn.openvpn
schwabe
commented
4 years ago Seeing the server side log would be very helpful
ZoriN89
commented
4 years ago Seeing the server side log would be very helpful
This is the server log when connecting via net.openvpn.openvpn which is successful and the connection is successful https://pastebin.com/sLteXrGR
This is the log from the application net.openvpn.openvpn https://pastebin.com/kex0s8ep
And then the log from de.blinkt.openvpn
Here is the log from the de.blinkt.openvpn application https://pastebin.com/GPgkb8qs
Here is the server log when connecting from the de.blinkt.openvpn application https://pastebin.com/6HWp0La4
I’ve been trying to find the cause of the error for almost a week now. I tried to install a previous version of the server, but it also did not help.
I am currently using this version of the server OpenVPN 2.4.8 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH / PKTINFO] [AEAD] built on Nov 1 2019 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
schwabe
commented
4 years ago Okay this is strange. Can you check if this is a OpenSSL library or OpenVPN problem? E.g. switch to OpenVPN3 core in my app and see if that connects or if that also breaks?
ZoriN89
commented
4 years ago Okay this is strange. Can you check if this is a OpenSSL library or OpenVPN problem? E.g. switch to OpenVPN3 core in my app and see if that connects or if that also breaks?
Yes, when you turned on OpenVPN3 in the settings, everything connected successfully. How can I enable this feature using your api?
schwabe
commented
4 years ago I am not sure what you mean with "feature for my api".
schwabe
commented
4 years ago And I want to try to fix/reproduce the problem if possible. What fedora version are you running on the server and where does the openvpn package come from?
ZoriN89
commented
4 years ago И я хочу попытаться исправить / воспроизвести проблему, если это возможно. Какую версию Fedora вы используете на сервере и откуда приходит пакет openvpn?
My OS version is CentOS Linux release 7.8.2003 (Core)
И я хочу попытаться исправить / воспроизвести проблему, если это возможно. Какую версию Fedora вы используете на сервере и откуда приходит пакет openvpn?
I want to fix this problem in the app https://github.com/ashraf789/Cake-VPN in order to use it for yourself. There is the same problem, and the application itself is written using your library. How to switch the connection to open vpn 3 or can you just replace the version of open vpn on the server? How to enable support for the previous vpn server. I have installed version vpn 2.4.8 but as I understand it it uses open vpn 3
schwabe
commented
4 years ago Using openvpn3 makes your app AGPLv3.
ZoriN89
commented
4 years ago Using openvpn3 makes your app AGPLv3.
What will be the limitations because of this?
I know that there are the following rules. Allows:
Requires:
ZoriN89
commented
4 years ago Использование openvpn3 делает ваше приложение AGPLv3.
Using openvpn3 makes your app AGPLv3.
Which version do I need to install in order not to use openvpn 3?
schwabe
commented
4 years ago @ZoriN89 I am no lawyer so, so I cannot advise you on the difference of AGPL3 and GPL2 in your case.
As for how to to rewrite my app to not use openvpn3. Remove the openvpn3 directory from the source code and make the necessary adjustments to the rest of the code.
ZoriN89
commented
4 years ago @ZoriN89 I am no lawyer so, so I cannot advise you on the difference of AGPL3 and GPL2 in your case.
As for how to to rewrite my app to not use openvpn3. Remove the openvpn3 directory from the source code and make the necessary adjustments to the rest of the code.
I didn’t understand a bit, I didn’t install anything related to Openvpn 3, but for some reason your application connects to the server only if you enable Openvpn 3 in the application settings, server version vpn 2.3.16
schwabe
commented
4 years ago you installed my app and my app contains openvpn2 and openvpn3. And the openvpn3 part of my app makes it AGPL3+
schwabe
commented
4 years ago You previously quoted a different server version:
I am currently using this version of the server
OpenVPN 2.4.8 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH / PKTINFO] [AEAD] built on Nov 1 2019
schwabe
commented
4 years ago As long as I don't get precise instruction how to reproduce this I cannot look into it.
ZoriN89
commented
4 years ago As long as I don't get precise instruction how to reproduce this I cannot look into it.
Today I tried to install a lower version of the server, I thought it would work without enabling openvpn 3 but it has the same TLS handshake error.
As long as I don't get precise instruction how to reproduce this I cannot look into it.
Config my openvpn server (version 2.3.16) OS Centos 7 https://pastebin.com/vjv0u0vL
Here is the client config ready to work https://pastebin.com/zAGPLpjY
To check, you can try to connect to the config yourself. If you do not enable the function Openvpn 3, there will be an error TLS Handshake
I just can’t understand how I can turn off the need to use Openvpn 3 core, if the server Openvpn version 2.3.16
schwabe
commented
4 years ago And where is there openvpn version coming from? Self compiled, a repo, etc?
schwabe
commented
4 years ago and if you already include your private keys/certs for the clients, can you also provide the keys for the server, so I don't have to generate my own and hope they are similar enough to yours to trigger the same problem?
ZoriN89
commented
4 years ago And where is there openvpn version coming from? Self compiled, a repo, etc? The first time I installed openvpn 2.4.6 there was the same problem, I tried to install version 2.3.6 I thought maybe it will not use openvpn 3 function but it has the same problem.
Key from file server.key https://pastebin.com/jfbREL4t
Cert from server.crt https://pastebin.com/TAgFnuDy
schwabe
commented
4 years ago It works just fine for me with the default openvpn from EPEL:
openvpn --version
OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020
library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06There is probably some detail in your setup that you are not telling me or forgetting to tell me.
ZoriN89
commented
4 years ago It works just fine for me with the default openvpn from EPEL:
openvpn --version OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06There is probably some detail in your setup that you are not telling me or forgetting to tell me.
I completely copied and sent you the server config file, can there be a problem in Iptables?
my iptables https://pastebin.com/EAgsGF6R
ZoriN89
commented
4 years ago It works just fine for me with the default openvpn from EPEL:
openvpn --version OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06There is probably some detail in your setup that you are not telling me or forgetting to tell me.
For verification, I just installed openvpn on a completely different server with ubuntu os, but I still have the same problem with TLS, I configured it using Digital Ocean instruction.
Openvpn version:
OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08
Version OS No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 18.04.4 LTS Release: 18.04 Codename: bionic
The problem is exactly the same if I do not enable openvpn 3 core, the connection is not established
I do not hide any settings, the configuration on both servers is the same. The only difference is that centos is VDS and ubuntu is a dedicated server
ZoriN89
commented
4 years ago It works just fine for me with the default openvpn from EPEL:
openvpn --version OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06There is probably some detail in your setup that you are not telling me or forgetting to tell me.
There are still ideas why it may not work until you turn on the openvon 3 core?
schwabe
commented
4 years ago No. Unless you have some deep inspection that kills your connection I have no idea what could be causing that. That is why I wanted to reproduce the problem to be able to debug/look into it.
ZoriN89
commented
4 years ago No. Unless you have some deep inspection that kills your connection I have no idea what could be causing that. That is why I wanted to reproduce the problem to be able to debug/look into it.
I found the cause of the problem. Apparently somewhere on the network they are trying to block VPN for this reason the reverse TLS from the server did not send me, as soon as I added TLS-crypt on the server and the client started working without Openvpn 3 core. Thank you so much for your help.
OpenVPN for Android does not work and does not connect to the server. If you import this .ovpn file into the application
https://play.google.com/store/apps/details?id=net.openvpn.openvpn
The connection is successful and the VPN is working successfully. If you import this .ovpn into
https://play.google.com/store/apps/details?id=de.blinkt.openvpn
Error occurs TLS error: TLS key negotiation failed within 60 seconds (check network connection)
What is the problem?