Re: [44net] 44Net OpenNet VPN Setup

Hi everyone, new 44Net list member here. I'm trying to setup the OpenVPN connection to the OH7LZB VPN server. I'm primarily using this link (http://wiki.ampr.org/wiki/AMPRNet_VPN), but I am planning to update it once I get my connection working. Looking thru the archives, it seems a number of us have had challenges with the setup. If someone has successfully configured it recently, maybe you can help me out with my setup? The encryption and auth seems to not negotiate, the connection never sets up. Per Hessu's response to my email (below), perhaps it has to do with the newer version / algorithms trying to get along with the server version. Thanks in advance for any assist. - Matt / KM4EXS -------- Forwarded message ------- From: "Heikki Hannikainen" <hessu(a)hes.iki.fi (mailto:hessu@hes.iki.fi)> To: matthew(a)alberti.us (mailto:matthew@alberti.us) Sent: August 18, 2019 12:13 PM Subject: Re: 44Net VPN Setup Hi, I generally prefer to have these discussions on a mailing list so that the answers are archived publicly, and others can look for existing answers from the archive instead of asking the same question again. I run aprs.fi so I get a lot of questions and emails. The log, at this verbosity level, doesn't actually say what went wrong in the negotiation. I think there was a thread on the 44list before where someone resolved this issue, something to do with new versions of openvpn openssl refusing to use the older algorithms currently configured on the VPN server. https://mailman.ampr.org/mailman/private/44net (https://mailman.ampr.org/mailman/private/44net) On Sat, 17 Aug 2019, matthew(a)alberti.us (mailto:matthew@alberti.us) wrote: Hi Hessu, I pulled your e-mail address off the 44net mailman list. Didn't want to spam it, as I think I am missing something easy. I'm trying to setup an OpenVPN connection to your server, so that I can get an AMPRNet IP. I have followed the instructions at http://wiki.ampr.org/wiki/AMPRNet_VPN (http://wiki.ampr.org/wiki/AMPRNet_VPN). It looks like I'm stuck after the CA is verified, but before the data channel encryption/auth is negotiated. Below are my logs. I was hoping you could take a look at the server side, my public IP is 184.82.197.68. I think I'm probably using the wrong client settings. I'm trying to set this up on a pfSense router.... so I have to enter all the settings manually. I am trying to use BF-CBC and SHA1... but also tried a few other combos. No luck. Thanks in advance! - Matt Alberti / KM4EXS Aug 17 16:47:52 openvpn 18908 SIGUSR1[soft,tls-error] received, process restarting Aug 17 16:47:52 openvpn 18908 Restart pause, 5 second(s) Aug 17 16:47:57 openvpn 18908 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm (http://openvpn.net/howto.html#mitm) for more info. Aug 17 16:47:57 openvpn 18908 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 17 16:47:57 openvpn 18908 TCP/UDP: Preserving recently used remote address: [AF_INET]85.188.1.118:1773 Aug 17 16:47:57 openvpn 18908 Socket Buffers: R=[42080->42080] S=[57344->57344] Aug 17 16:47:57 openvpn 18908 UDP link local (bound): [AF_INET][undef]:0 Aug 17 16:47:57 openvpn 18908 UDP link remote: [AF_INET]85.188.1.118:1773 Aug 17 16:47:57 openvpn 18908 TLS: Initial packet from [AF_INET]85.188.1.118:1773 (via [AF_INET]184.82.197.68%), sid=368827b7 79c57373 Aug 17 16:47:59 openvpn 18908 VERIFY OK: depth=1, O=AMPRnet, CN=OH7LZB VPN service CA Aug 17 16:47:59 openvpn 18908 VERIFY OK: depth=0, CN=ampr-gw.he.fi Aug 17 16:48:57 openvpn 18908 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Aug 17 16:48:57 openvpn 18908 TLS Error: TLS handshake failed - Hessu _________________________________________ 44Net mailing list 44Net(a)mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net