- Kia Soul Enthusias
- May 9, 2004
-
zoom-zoom
-
Toilet Rascal
|
Problem description: To access a security camera system I've been provided with a copy of OpenVPN portable and the associated configuration files and certificates. It's worked until now. Now it disconnects once I actually try to stream video (transfer any realistic amount of data). I don't know how to read the logs but I don't really see any errors besides it just saying "socket closed". Before that happens I may see the message "Replay-window backtrack occurred". I did have some random disconnects before but this occurs from 10-30 seconds after beginning to stream video so this makes it completely unusable.
The copy of OpenVPN portable seems like an old version and I tried using a newer version / standalone install but couldn't get it to connect at all with those. I see it saying cipher error. I think the server is running on a little raspberry pi box or some similar low powered device. I have no idea of what the server version is.
Attempted fixes: Well I've connected straight to the internet (no router), tethered to my AT&T phone, and the one thing that seems to works is Starbucks Wifi!! So I think there is a problem with the connection somewhere along the way, and not just with my ISP, but some others too. I tried artificially limiting my bandwidth to simulate a slower connection but that didn't make any difference.
I've installed Wireshark and am trying to learn it but it is a bit daunting for me. My home connection is gigabit fiber so there isn't any bandwidth problem.
Recent changes: Have you made any changes to your system/configuration recently that might have caused the problem? No
--
Operating system: Windows 10 64-bit although I've tried a Windows 7 64-bit laptop.
System specs: I don't think this matters.
Location: What country are you in? The U.S. while the server I connect to is in Central Europe.
I have Googled and read the FAQ: Yes
I'm hoping some smart goons out there have used this before and can help me get a more reliable connection. Unfortunately the guy who did the security install... well I don't know that he's very good so I'd rather rely on you guys for help.
I've attached a sample log below (with just a few details left out). I marked the point at which I start having problems.
quote:Wed Jul 27 20:05:04 2016 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Jul 27 20:05:04 2016 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Jul 27 20:05:04 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 27 20:05:04 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jul 27 20:05:04 2016 LZO compression initialized
Wed Jul 27 20:05:04 2016 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul 27 20:05:05 2016 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 27 20:05:05 2016 Local Options hash (VER=V4): '41690919'
Wed Jul 27 20:05:05 2016 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul 27 20:05:05 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 27 20:05:05 2016 UDPv4 link local: [undef]
Wed Jul 27 20:05:05 2016 UDPv4 link remote: #####:####
Wed Jul 27 20:05:05 2016 TLS: Initial packet from #####:####, sid=f17404b8 ffa2c647
Wed Jul 27 20:05:06 2016 VERIFY OK: depth=1, /C=CZ/L=Prague/O=#######/OU=changeme/CN=changeme/name=changeme/emailAddress=####
Wed Jul 27 20:05:06 2016 VERIFY OK: depth=0, /C=CZ/L=Prague/O=#######/OU=changeme/CN=server/name=changeme/emailAddress=#####
Wed Jul 27 20:05:08 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:05:08 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:05:08 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:05:08 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:05:08 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul 27 20:05:08 2016 [server] Peer Connection Initiated with #####:####
Wed Jul 27 20:05:10 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jul 27 20:05:11 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.109.0 255.255.255.0,route 172.25.15.0 255.255.255.0,route 172.25.15.1,topology net30,ping 10,ping-restart 120,route 192.168.109.0 255.255.255.0,ifconfig 172.25.15.17 172.25.15.18'
Wed Jul 27 20:05:11 2016 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 27 20:05:11 2016 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 27 20:05:11 2016 OPTIONS IMPORT: route options modified
Wed Jul 27 20:05:11 2016 ROUTE default_gateway=192.168.1.1
Wed Jul 27 20:05:11 2016 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{67600641-3B21-437E-B956-BC28477F6564}.tap
Wed Jul 27 20:05:11 2016 TAP-Win32 Driver Version 9.6
Wed Jul 27 20:05:11 2016 TAP-Win32 MTU=1500
Wed Jul 27 20:05:11 2016 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.25.15.17/255.255.255.252 on interface {67600641-3B21-437E-B956-BC28477F6564} [DHCP-serv: 172.25.15.18, lease-time: 31536000]
Wed Jul 27 20:05:11 2016 Successful ARP Flush on interface [25] {67600641-3B21-437E-B956-BC28477F6564}
Wed Jul 27 20:05:16 2016 TEST ROUTES: 5/5 succeeded len=5 ret=1 a=0 u/d=up
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 192.168.109.255 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=25]
Wed Jul 27 20:05:16 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:05:16 2016 Route addition fallback to route.exe
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:05:16 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:05:16 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.1 MASK 255.255.255.255 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:05:16 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=25]
Wed Jul 27 20:05:16 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:05:16 2016 Route addition fallback to route.exe
Wed Jul 27 20:05:16 2016 Initialization Sequence Completed
***I left the connection idle for a long time and now is when I start to try and use it.
Wed Jul 27 20:14:48 2016 Replay-window backtrack occurred [1]
Wed Jul 27 20:15:10 2016 Replay-window backtrack occurred [2]
Wed Jul 27 20:16:11 2016 Replay-window backtrack occurred [7]
***It disconnects here.
Wed Jul 27 20:16:11 2016 TCP/UDP: Closing socket
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 172.25.15.1 MASK 255.255.255.255 172.25.15.18
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 172.25.15.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:11 2016 ROUTE: route deletion failed using DeleteIpForwardEntry: Element not found.
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI failed [adaptive]
Wed Jul 27 20:16:11 2016 Route deletion fallback to route.exe
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 192.168.109.0 MASK 192.168.109.255 172.25.15.18
Wed Jul 27 20:16:11 2016 ROUTE: route deletion failed using DeleteIpForwardEntry: The parameter is incorrect.
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI failed [adaptive]
Wed Jul 27 20:16:11 2016 Route deletion fallback to route.exe
Wed Jul 27 20:16:11 2016 Closing TUN/TAP interface
Wed Jul 27 20:16:11 2016 SIGTERM[hard,] received, process exiting
Wed Jul 27 20:16:13 2016 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Jul 27 20:16:13 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 27 20:16:13 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jul 27 20:16:13 2016 LZO compression initialized
Wed Jul 27 20:16:13 2016 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul 27 20:16:13 2016 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 27 20:16:13 2016 Local Options hash (VER=V4): '41690919'
Wed Jul 27 20:16:13 2016 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul 27 20:16:13 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 27 20:16:13 2016 UDPv4 link local: [undef]
Wed Jul 27 20:16:13 2016 UDPv4 link remote: #####:####
Wed Jul 27 20:16:13 2016 TLS: Initial packet from #####:####, sid=3b27ea83 a7de67e9
Wed Jul 27 20:16:14 2016 VERIFY OK: depth=1, /C=CZ/L=Prague/O=#######/OU=changeme/CN=changeme/name=changeme/emailAddress=####
Wed Jul 27 20:16:14 2016 VERIFY OK: depth=0, /C=CZ/L=Prague/O=#######/OU=changeme/CN=server/name=changeme/emailAddress=####
Wed Jul 27 20:16:16 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:16:16 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:16:16 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:16:16 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:16:16 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul 27 20:16:16 2016 [server] Peer Connection Initiated with #####:####
Wed Jul 27 20:16:19 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jul 27 20:16:19 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.109.0 255.255.255.0,route 172.25.15.0 255.255.255.0,route 172.25.15.1,topology net30,ping 10,ping-restart 120,route 192.168.109.0 255.255.255.0,ifconfig 172.25.15.17 172.25.15.18'
Wed Jul 27 20:16:19 2016 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 27 20:16:19 2016 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 27 20:16:19 2016 OPTIONS IMPORT: route options modified
Wed Jul 27 20:16:19 2016 ROUTE default_gateway=192.168.1.1
Wed Jul 27 20:16:19 2016 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{67600641-3B21-437E-B956-BC28477F6564}.tap
Wed Jul 27 20:16:19 2016 TAP-Win32 Driver Version 9.6
Wed Jul 27 20:16:19 2016 TAP-Win32 MTU=1500
Wed Jul 27 20:16:19 2016 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.25.15.17/255.255.255.252 on interface {67600641-3B21-437E-B956-BC28477F6564} [DHCP-serv: 172.25.15.18, lease-time: 31536000]
Wed Jul 27 20:16:19 2016 Successful ARP Flush on interface [25] {67600641-3B21-437E-B956-BC28477F6564}
Wed Jul 27 20:16:24 2016 TEST ROUTES: 5/5 succeeded len=5 ret=1 a=0 u/d=up
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 192.168.109.255 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=25]
Wed Jul 27 20:16:24 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:16:24 2016 Route addition fallback to route.exe
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:16:24 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:16:24 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.1 MASK 255.255.255.255 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:16:24 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=25]
Wed Jul 27 20:16:24 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:16:24 2016 Route addition fallback to route.exe
Wed Jul 27 20:16:24 2016 Initialization Sequence Completed
Here is a copy of the config file with some parts obviously left out.
quote:remote #####
port ####
route 192.168.109.0 192.168.109.255
proto udp
dev tun
pull
resolv-retry infinite
nobind
cipher BF-CBC
auth SHA1
persist-key
persist-tun
tls-client
ca ./ca.crt
cert ./####.crt
key ./####.key
ping 15
ping-restart 45
ping-timer-rem
persist-key
comp-lzo
verb 3
Here's what happens if I try to use this config with a newer version of the OpenVPN client, note the "wrong cipher returned" error. Any idea if this config can be updated to work with a new version or do I need to get new keys?
quote:Wed Jul 27 20:29:39 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed Jul 27 20:29:39 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jul 27 20:29:39 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Wed Jul 27 20:29:39 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jul 27 20:29:39 2016 Need hold release from management interface, waiting...
Wed Jul 27 20:29:39 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'state on'
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'log all on'
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'hold off'
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'hold release'
Wed Jul 27 20:29:40 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 27 20:29:40 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,RESOLVE,,,
Wed Jul 27 20:29:40 2016 UDPv4 link local: [undef]
Wed Jul 27 20:29:40 2016 UDPv4 link remote: [AF_INET]#########
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,WAIT,,,
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,AUTH,,,
Wed Jul 27 20:29:40 2016 TLS: Initial packet from [AF_INET]##########, sid=e50d3138 a54b4cdf
Wed Jul 27 20:29:40 2016 OpenSSL: error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned
Wed Jul 27 20:29:40 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 27 20:29:40 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 27 20:29:40 2016 TLS Error: TLS handshake failed
Wed Jul 27 20:29:40 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,RECONNECTING,tls-error,,
Wed Jul 27 20:29:40 2016 Restart pause, 2 second(s)
Kia Soul Enthusias fucked around with this message at 05:33 on Jul 28, 2016
|
#
?
Jul 28, 2016 05:31
|
|
- Adbot
-
ADBOT LOVES YOU
|
|
#
?
May 13, 2024 09:21
|
|