logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

cmk001
#1 Posted : Monday, February 17, 2020 6:39:07 AM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
ACEVPN on OPENVPN on DDWRT routers not working. I am getting TLS error Handshake failed. I am doing setup as per instructions on Knowldgebase. kindly comment
acevpn
#2 Posted : Tuesday, February 18, 2020 12:07:52 AM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
Please post your openvpn log to troubleshoot your issue.
cmk001
#3 Posted : Tuesday, February 18, 2020 12:15:17 PM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
My log follows:

Serverlog Clientlog 20200218 16:12:42 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
20200218 16:12:42 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200218 16:12:42 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200218 16:12:42 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20200218 16:12:42 Socket Buffers: R=[114688->131072] S=[114688->131072]
20200218 16:12:42 I UDPv4 link local: [undef]
20200218 16:12:42 I UDPv4 link remote: [AF_INET]x.x.x.130:443
20200218 16:12:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200218 16:12:46 D MANAGEMENT: CMD 'state'
20200218 16:12:46 MANAGEMENT: Client disconnected
20200218 16:12:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200218 16:12:46 D MANAGEMENT: CMD 'state'
20200218 16:12:46 MANAGEMENT: Client disconnected
20200218 16:12:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200218 16:12:46 D MANAGEMENT: CMD 'state'
20200218 16:12:46 MANAGEMENT: Client disconnected
20200218 16:12:47 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200218 16:12:47 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

Edited by user Tuesday, February 18, 2020 8:23:15 PM(UTC)  | Reason: Not specified

acevpn
#4 Posted : Tuesday, February 18, 2020 8:22:58 PM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
Your OpenVPN version is very old. Servers on port 443 use ECC for encryption which require OpenVPN 2.4.x or higher. Try upgrading your router firmware.
cmk001
#5 Posted : Thursday, February 20, 2020 7:44:31 AM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
I have upgraded my firmware and no improvement. Log file follows
Clientlog:
20200220 11:39:01 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20200220 11:39:01 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20200220 11:39:01 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20200220 11:39:01 I OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
20200220 11:39:01 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
20200220 11:39:01 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200220 11:39:01 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200220 11:39:01 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200220 11:39:01 W WARNING: Your certificate has expired!
20200220 11:39:01 I TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.130:443
20200220 11:39:01 Socket Buffers: R=[163840->163840] S=[163840->163840]
20200220 11:39:01 I UDPv4 link local: (not bound)
20200220 11:39:01 I UDPv4 link remote: [AF_INET]31.3.247.130:443
20200220 11:39:05 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:05 D MANAGEMENT: CMD 'state'
20200220 11:39:06 MANAGEMENT: Client disconnected
20200220 11:39:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:06 D MANAGEMENT: CMD 'state'
20200220 11:39:06 MANAGEMENT: Client disconnected
20200220 11:39:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:06 D MANAGEMENT: CMD 'state'
20200220 11:39:06 MANAGEMENT: Client disconnected
20200220 11:39:54 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:55 D MANAGEMENT: CMD 'state'
20200220 11:39:55 MANAGEMENT: Client disconnected
20200220 11:39:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:55 D MANAGEMENT: CMD 'state'
20200220 11:39:55 MANAGEMENT: Client disconnected
20200220 11:39:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:55 D MANAGEMENT: CMD 'state'
20200220 11:39:55 MANAGEMENT: Client disconnected
20200220 11:39:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:55 D MANAGEMENT: CMD 'status 2'
20200220 11:39:55 MANAGEMENT: Client disconnected
20200220 11:39:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 11:39:55 D MANAGEMENT: CMD 'log 500'

Edited by user Thursday, February 20, 2020 3:24:50 PM(UTC)  | Reason: Not specified

acevpn
#6 Posted : Thursday, February 20, 2020 3:24:34 PM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
I suspect you are using older certificates and keys. Grab the new certificates and keys from the openvpn config and replace what you have on the router.

For ref, you are getting the following error.

Your certificate has expired!
cmk001
#7 Posted : Thursday, February 20, 2020 4:44:13 PM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
I was using configuration given in installation files for ddwrt router. I have replaced certificates and keys from configuration files for windows openvpn. Have used windows ca, cert and keys files copying in their boxes and <tls-crypt> data copied into TLS Auth box. Please give settings for Encryption cipher and TLS cipher setting. Is there any startup script for this configuration. alog files follows:
Clientlog:
20200220 20:23:09 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
20200220 20:23:09 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20200220 20:23:09 W WARNING: file '/tmp/openvpncl/ta.key' is group or others accessible
20200220 20:23:09 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20200220 20:23:09 I OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
20200220 20:23:09 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
20200220 20:23:09 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200220 20:23:09 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200220 20:23:09 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200220 20:23:09 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
20200220 20:23:09 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
20200220 20:23:09 I TCP/UDP: Preserving recently used remote address: [AF_INET]31.3.247.130:443
20200220 20:23:09 Socket Buffers: R=[163840->163840] S=[163840->163840]
20200220 20:23:09 I UDPv4 link local: (not bound)
20200220 20:23:09 I UDPv4 link remote: [AF_INET]31.3.247.130:443
20200220 20:23:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 20:23:13 D MANAGEMENT: CMD 'state'
20200220 20:23:13 MANAGEMENT: Client disconnected
20200220 20:23:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 20:23:13 D MANAGEMENT: CMD 'state'
20200220 20:23:13 MANAGEMENT: Client disconnected
20200220 20:23:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 20:23:13 D MANAGEMENT: CMD 'state'
20200220 20:23:13 MANAGEMENT: Client disconnected
20200220 20:23:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 20:23:13 D MANAGEMENT: CMD 'status 2'
20200220 20:23:13 MANAGEMENT: Client disconnected
20200220 20:23:13 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 20:23:13 D MANAGEMENT: CMD 'log 500'
19700101 04:00:00
cmk001
#8 Posted : Thursday, February 20, 2020 5:33:23 PM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
With reference to my previous message,
Please find below latest log file. There is TLS error handshake failed.
Clientlog:
20200220 21:23:34 I OpenVPN 2.4.7 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019
20200220 21:23:34 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09
20200220 21:23:34 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20200220 21:23:34 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200220 21:23:34 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200220 21:23:34 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
20200220 21:23:34 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
20200220 21:23:34 I TCP/UDP: Preserving recently used remote address: [AF_INET]31.3.247.130:443
20200220 21:23:34 Socket Buffers: R=[163840->163840] S=[163840->163840]
20200220 21:23:34 I UDPv4 link local: (not bound)
20200220 21:23:34 I UDPv4 link remote: [AF_INET]31.3.247.130:443
20200220 21:24:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:24:25 D MANAGEMENT: CMD 'state'
20200220 21:24:25 MANAGEMENT: Client disconnected
20200220 21:24:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:24:25 D MANAGEMENT: CMD 'state'
20200220 21:24:25 MANAGEMENT: Client disconnected
20200220 21:24:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:24:25 D MANAGEMENT: CMD 'state'
20200220 21:24:25 MANAGEMENT: Client disconnected
20200220 21:24:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:24:25 D MANAGEMENT: CMD 'status 2'
20200220 21:24:25 MANAGEMENT: Client disconnected
20200220 21:24:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:24:25 D MANAGEMENT: CMD 'log 500'
20200220 21:24:25 MANAGEMENT: Client disconnected
20200220 21:24:34 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20200220 21:24:34 N TLS Error: TLS handshake failed
20200220 21:24:34 I SIGUSR1[soft tls-error] received process restarting
20200220 21:24:34 Restart pause 5 second(s)
20200220 21:24:39 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200220 21:24:39 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200220 21:24:39 I TCP/UDP: Preserving recently used remote address: [AF_INET]31.3.247.130:443
20200220 21:24:39 Socket Buffers: R=[163840->163840] S=[163840->163840]
20200220 21:24:39 I UDPv4 link local: (not bound)
20200220 21:24:39 I UDPv4 link remote: [AF_INET]31.3.247.130:443
20200220 21:25:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:25:06 D MANAGEMENT: CMD 'state'
20200220 21:25:06 MANAGEMENT: Client disconnected
20200220 21:25:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:25:06 D MANAGEMENT: CMD 'state'
20200220 21:25:06 MANAGEMENT: Client disconnected
20200220 21:25:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:25:06 D MANAGEMENT: CMD 'state'
20200220 21:25:06 MANAGEMENT: Client disconnected
20200220 21:25:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:25:06 D MANAGEMENT: CMD 'status 2'
20200220 21:25:06 MANAGEMENT: Client disconnected
20200220 21:25:06 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:25:06 D MANAGEMENT: CMD 'log 500'
20200220 21:25:06 MANAGEMENT: Client disconnected
20200220 21:25:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20200220 21:25:39 N TLS Error: TLS handshake failed
20200220 21:25:39 I SIGUSR1[soft tls-error] received process restarting
20200220 21:25:39 Restart pause 5 second(s)
20200220 21:25:44 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200220 21:25:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200220 21:25:44 I TCP/UDP: Preserving recently used remote address: [AF_INET]31.3.247.130:443
20200220 21:25:44 Socket Buffers: R=[163840->163840] S=[163840->163840]
20200220 21:25:44 I UDPv4 link local: (not bound)
20200220 21:25:44 I UDPv4 link remote: [AF_INET]31.3.247.130:443
20200220 21:26:24 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:26:24 D MANAGEMENT: CMD 'state'
20200220 21:26:24 MANAGEMENT: Client disconnected
20200220 21:26:24 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:26:24 D MANAGEMENT: CMD 'state'
20200220 21:26:24 MANAGEMENT: Client disconnected
20200220 21:26:24 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:26:24 D MANAGEMENT: CMD 'state'
20200220 21:26:24 MANAGEMENT: Client disconnected
20200220 21:26:24 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:26:24 D MANAGEMENT: CMD 'status 2'
20200220 21:26:24 MANAGEMENT: Client disconnected
20200220 21:26:24 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:26:24 D MANAGEMENT: CMD 'log 500'
20200220 21:26:24 MANAGEMENT: Client disconnected
20200220 21:26:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20200220 21:26:44 N TLS Error: TLS handshake failed
20200220 21:26:44 I SIGUSR1[soft tls-error] received process restarting
20200220 21:26:44 Restart pause 5 second(s)
20200220 21:26:49 W WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
20200220 21:26:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20200220 21:26:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]31.3.247.130:443
20200220 21:26:49 Socket Buffers: R=[163840->163840] S=[163840->163840]
20200220 21:26:49 I UDPv4 link local: (not bound)
20200220 21:26:49 I UDPv4 link remote: [AF_INET]31.3.247.130:443
20200220 21:27:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:27:30 D MANAGEMENT: CMD 'state'
20200220 21:27:30 MANAGEMENT: Client disconnected
20200220 21:27:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:27:30 D MANAGEMENT: CMD 'state'
20200220 21:27:30 MANAGEMENT: Client disconnected
20200220 21:27:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:27:30 D MANAGEMENT: CMD 'state'
20200220 21:27:30 MANAGEMENT: Client disconnected
20200220 21:27:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:27:30 D MANAGEMENT: CMD 'status 2'
20200220 21:27:30 MANAGEMENT: Client disconnected
20200220 21:27:30 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20200220 21:27:30 D MANAGEMENT: CMD 'log 500'
19700101 04:00:00


Help

acevpn
#9 Posted : Thursday, February 20, 2020 6:24:15 PM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
For encryption you can use any of the following. GCM is preferred over CBC.

AES-128-GCM
AES-256-GCM
AES-128-CBC
AES-256-CBC
acevpn
#10 Posted : Thursday, February 20, 2020 6:24:57 PM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
Could you email your startup script to support (at) acevpn.com referring this thread? From which country are you connecting?
cmk001
#11 Posted : Thursday, February 20, 2020 8:05:17 PM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
I am not using any startup script as username and password is already filled on main page and i am connecting to only one UK server, remote 31.3.247.130 443 #UK as entered on main page. I am getting TLS error and TLS handshake failure messages in logfile. I live in Dubai, UNITED ARAB EMIRATES.(ACEVPN.COM webpage is blocked here).
acevpn
#12 Posted : Friday, February 21, 2020 11:57:41 AM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
Can you test with a different server? Please post the output of

cat /tmp/openvpncl/myopenvpn.conf
cmk001
#13 Posted : Monday, February 24, 2020 8:20:32 AM(UTC)
cmk001

Rank: Advanced Member

Groups: Registered
Joined: 7/29/2012(UTC)
Posts: 34
Location: UAE

Was thanked: 1 time(s) in 1 post(s)
Great it is connecting now. Thanks for your excellent support appreciate it. The problem was that I was using TLS-Auth instead of TLS-crypt. It would be good for users if you kindly update DDWRT router setup procedure on your webpage as it is outdated due new versions of OPENVPN firmware. Thanks again
acevpn
#14 Posted : Monday, February 24, 2020 10:27:00 AM(UTC)
Acevpn

Rank: Advanced Member

Groups: Team Acevpn
Joined: 1/16/2011(UTC)
Posts: 2,430
Location: Acevpn.com

Thanks: 9 times
Was thanked: 126 time(s) in 123 post(s)
Thanks for the update. Glad you are back online again. We will update the DD-WRT guide with revised instructions.
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Powered by Acevpn | © 2020, Acevpn.com
This page was generated in 0.297 seconds.