Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Haus of Tech Support > Anybody have experience with OpenVPN? Having trouble with disconnect lately
 
  • Locked thread
Kia Soul Enthusias
May 9, 2004

zoom-zoom
Toilet Rascal
Problem description: To access a security camera system I've been provided with a copy of OpenVPN portable and the associated configuration files and certificates. It's worked until now. Now it disconnects once I actually try to stream video (transfer any realistic amount of data). I don't know how to read the logs but I don't really see any errors besides it just saying "socket closed". Before that happens I may see the message "Replay-window backtrack occurred". I did have some random disconnects before but this occurs from 10-30 seconds after beginning to stream video so this makes it completely unusable.

The copy of OpenVPN portable seems like an old version and I tried using a newer version / standalone install but couldn't get it to connect at all with those. I see it saying cipher error. I think the server is running on a little raspberry pi box or some similar low powered device. I have no idea of what the server version is.

Attempted fixes: Well I've connected straight to the internet (no router), tethered to my AT&T phone, and the one thing that seems to works is Starbucks Wifi!! So I think there is a problem with the connection somewhere along the way, and not just with my ISP, but some others too. I tried artificially limiting my bandwidth to simulate a slower connection but that didn't make any difference.

I've installed Wireshark and am trying to learn it but it is a bit daunting for me. My home connection is gigabit fiber so there isn't any bandwidth problem.

Recent changes: Have you made any changes to your system/configuration recently that might have caused the problem? No

--

Operating system: Windows 10 64-bit although I've tried a Windows 7 64-bit laptop.
System specs: I don't think this matters.

Location: What country are you in? The U.S. while the server I connect to is in Central Europe.

I have Googled and read the FAQ: Yes

I'm hoping some smart goons out there have used this before and can help me get a more reliable connection. Unfortunately the guy who did the security install... well I don't know that he's very good so I'd rather rely on you guys for help.


I've attached a sample log below (with just a few details left out). I marked the point at which I start having problems.

quote:

Wed Jul 27 20:05:04 2016 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Jul 27 20:05:04 2016 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Jul 27 20:05:04 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 27 20:05:04 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jul 27 20:05:04 2016 LZO compression initialized
Wed Jul 27 20:05:04 2016 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul 27 20:05:05 2016 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 27 20:05:05 2016 Local Options hash (VER=V4): '41690919'
Wed Jul 27 20:05:05 2016 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul 27 20:05:05 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 27 20:05:05 2016 UDPv4 link local: [undef]
Wed Jul 27 20:05:05 2016 UDPv4 link remote: #####:####
Wed Jul 27 20:05:05 2016 TLS: Initial packet from #####:####, sid=f17404b8 ffa2c647
Wed Jul 27 20:05:06 2016 VERIFY OK: depth=1, /C=CZ/L=Prague/O=#######/OU=changeme/CN=changeme/name=changeme/emailAddress=####
Wed Jul 27 20:05:06 2016 VERIFY OK: depth=0, /C=CZ/L=Prague/O=#######/OU=changeme/CN=server/name=changeme/emailAddress=#####
Wed Jul 27 20:05:08 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:05:08 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:05:08 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:05:08 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:05:08 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul 27 20:05:08 2016 [server] Peer Connection Initiated with #####:####
Wed Jul 27 20:05:10 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jul 27 20:05:11 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.109.0 255.255.255.0,route 172.25.15.0 255.255.255.0,route 172.25.15.1,topology net30,ping 10,ping-restart 120,route 192.168.109.0 255.255.255.0,ifconfig 172.25.15.17 172.25.15.18'
Wed Jul 27 20:05:11 2016 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 27 20:05:11 2016 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 27 20:05:11 2016 OPTIONS IMPORT: route options modified
Wed Jul 27 20:05:11 2016 ROUTE default_gateway=192.168.1.1
Wed Jul 27 20:05:11 2016 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{67600641-3B21-437E-B956-BC28477F6564}.tap
Wed Jul 27 20:05:11 2016 TAP-Win32 Driver Version 9.6
Wed Jul 27 20:05:11 2016 TAP-Win32 MTU=1500
Wed Jul 27 20:05:11 2016 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.25.15.17/255.255.255.252 on interface {67600641-3B21-437E-B956-BC28477F6564} [DHCP-serv: 172.25.15.18, lease-time: 31536000]
Wed Jul 27 20:05:11 2016 Successful ARP Flush on interface [25] {67600641-3B21-437E-B956-BC28477F6564}
Wed Jul 27 20:05:16 2016 TEST ROUTES: 5/5 succeeded len=5 ret=1 a=0 u/d=up
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 192.168.109.255 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=25]
Wed Jul 27 20:05:16 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:05:16 2016 Route addition fallback to route.exe
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:05:16 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:05:16 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.1 MASK 255.255.255.255 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:05:16 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:05:16 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:05:16 2016 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=25]
Wed Jul 27 20:05:16 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:05:16 2016 Route addition fallback to route.exe
Wed Jul 27 20:05:16 2016 Initialization Sequence Completed
***I left the connection idle for a long time and now is when I start to try and use it.
Wed Jul 27 20:14:48 2016 Replay-window backtrack occurred [1]
Wed Jul 27 20:15:10 2016 Replay-window backtrack occurred [2]
Wed Jul 27 20:16:11 2016 Replay-window backtrack occurred [7]
***It disconnects here.
Wed Jul 27 20:16:11 2016 TCP/UDP: Closing socket
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 172.25.15.1 MASK 255.255.255.255 172.25.15.18
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 172.25.15.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:11 2016 ROUTE: route deletion failed using DeleteIpForwardEntry: Element not found.
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI failed [adaptive]
Wed Jul 27 20:16:11 2016 Route deletion fallback to route.exe
Wed Jul 27 20:16:11 2016 C:\WINDOWS\system32\route.exe DELETE 192.168.109.0 MASK 192.168.109.255 172.25.15.18
Wed Jul 27 20:16:11 2016 ROUTE: route deletion failed using DeleteIpForwardEntry: The parameter is incorrect.
Wed Jul 27 20:16:11 2016 Route deletion via IPAPI failed [adaptive]
Wed Jul 27 20:16:11 2016 Route deletion fallback to route.exe
Wed Jul 27 20:16:11 2016 Closing TUN/TAP interface
Wed Jul 27 20:16:11 2016 SIGTERM[hard,] received, process exiting
Wed Jul 27 20:16:13 2016 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Wed Jul 27 20:16:13 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 27 20:16:13 2016 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Jul 27 20:16:13 2016 LZO compression initialized
Wed Jul 27 20:16:13 2016 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul 27 20:16:13 2016 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jul 27 20:16:13 2016 Local Options hash (VER=V4): '41690919'
Wed Jul 27 20:16:13 2016 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul 27 20:16:13 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 27 20:16:13 2016 UDPv4 link local: [undef]
Wed Jul 27 20:16:13 2016 UDPv4 link remote: #####:####
Wed Jul 27 20:16:13 2016 TLS: Initial packet from #####:####, sid=3b27ea83 a7de67e9
Wed Jul 27 20:16:14 2016 VERIFY OK: depth=1, /C=CZ/L=Prague/O=#######/OU=changeme/CN=changeme/name=changeme/emailAddress=####
Wed Jul 27 20:16:14 2016 VERIFY OK: depth=0, /C=CZ/L=Prague/O=#######/OU=changeme/CN=server/name=changeme/emailAddress=####
Wed Jul 27 20:16:16 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:16:16 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:16:16 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jul 27 20:16:16 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jul 27 20:16:16 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jul 27 20:16:16 2016 [server] Peer Connection Initiated with #####:####
Wed Jul 27 20:16:19 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jul 27 20:16:19 2016 PUSH: Received control message: 'PUSH_REPLY,route 192.168.109.0 255.255.255.0,route 172.25.15.0 255.255.255.0,route 172.25.15.1,topology net30,ping 10,ping-restart 120,route 192.168.109.0 255.255.255.0,ifconfig 172.25.15.17 172.25.15.18'
Wed Jul 27 20:16:19 2016 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 27 20:16:19 2016 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 27 20:16:19 2016 OPTIONS IMPORT: route options modified
Wed Jul 27 20:16:19 2016 ROUTE default_gateway=192.168.1.1
Wed Jul 27 20:16:19 2016 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{67600641-3B21-437E-B956-BC28477F6564}.tap
Wed Jul 27 20:16:19 2016 TAP-Win32 Driver Version 9.6
Wed Jul 27 20:16:19 2016 TAP-Win32 MTU=1500
Wed Jul 27 20:16:19 2016 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.25.15.17/255.255.255.252 on interface {67600641-3B21-437E-B956-BC28477F6564} [DHCP-serv: 172.25.15.18, lease-time: 31536000]
Wed Jul 27 20:16:19 2016 Successful ARP Flush on interface [25] {67600641-3B21-437E-B956-BC28477F6564}
Wed Jul 27 20:16:24 2016 TEST ROUTES: 5/5 succeeded len=5 ret=1 a=0 u/d=up
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 192.168.109.255 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: route addition failed using CreateIpForwardEntry: The parameter is incorrect. [status=87 if_index=25]
Wed Jul 27 20:16:24 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:16:24 2016 Route addition fallback to route.exe
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:16:24 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:16:24 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 172.25.15.1 MASK 255.255.255.255 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Wed Jul 27 20:16:24 2016 Route addition via IPAPI succeeded [adaptive]
Wed Jul 27 20:16:24 2016 C:\WINDOWS\system32\route.exe ADD 192.168.109.0 MASK 255.255.255.0 172.25.15.18
Wed Jul 27 20:16:24 2016 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=25]
Wed Jul 27 20:16:24 2016 Route addition via IPAPI failed [adaptive]
Wed Jul 27 20:16:24 2016 Route addition fallback to route.exe
Wed Jul 27 20:16:24 2016 Initialization Sequence Completed


Here is a copy of the config file with some parts obviously left out.

quote:

remote #####
port ####
route 192.168.109.0 192.168.109.255

proto udp
dev tun
pull
resolv-retry infinite
nobind
cipher BF-CBC
auth SHA1
persist-key
persist-tun
tls-client


ca ./ca.crt
cert ./####.crt
key ./####.key


ping 15
ping-restart 45
ping-timer-rem
persist-key
comp-lzo
verb 3

Here's what happens if I try to use this config with a newer version of the OpenVPN client, note the "wrong cipher returned" error. Any idea if this config can be updated to work with a new version or do I need to get new keys?

quote:

Wed Jul 27 20:29:39 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
Wed Jul 27 20:29:39 2016 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jul 27 20:29:39 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Wed Jul 27 20:29:39 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jul 27 20:29:39 2016 Need hold release from management interface, waiting...
Wed Jul 27 20:29:39 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'state on'
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'log all on'
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'hold off'
Wed Jul 27 20:29:40 2016 MANAGEMENT: CMD 'hold release'
Wed Jul 27 20:29:40 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 27 20:29:40 2016 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,RESOLVE,,,
Wed Jul 27 20:29:40 2016 UDPv4 link local: [undef]
Wed Jul 27 20:29:40 2016 UDPv4 link remote: [AF_INET]#########
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,WAIT,,,
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,AUTH,,,
Wed Jul 27 20:29:40 2016 TLS: Initial packet from [AF_INET]##########, sid=e50d3138 a54b4cdf
Wed Jul 27 20:29:40 2016 OpenSSL: error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned
Wed Jul 27 20:29:40 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 27 20:29:40 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 27 20:29:40 2016 TLS Error: TLS handshake failed
Wed Jul 27 20:29:40 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 27 20:29:40 2016 MANAGEMENT: >STATE:1469676580,RECONNECTING,tls-error,,
Wed Jul 27 20:29:40 2016 Restart pause, 2 second(s)

Kia Soul Enthusias fucked around with this message at 05:33 on Jul 28, 2016

* # ? Jul 28, 2016 05:31
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 13, 2024 14:45
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Haus of Tech Support > Anybody have experience with OpenVPN? Having trouble with disconnect lately