Hi List,
I'm trying to setup the VPN using my LotW cert and followed the instructions on the Wiki for Windows. There was a security issue at first but I added the
tls-cipher "DEFAULT:@SECLEVEL=0"
line in the .ovpn file and made some progress until I got this:
Wed Jul 22 20:14:59 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Searching the archives here I've tried a few things such as editing the authorities file to show the last block only as was suggested by another list member. I also edited the authorities file to show the first block only, but to no avail. Now the user and authorities certs are concatenated as per the WIki instructions, so it's all stock.
Any tips for further investigation?
73 Chris VE7YSF aka VA7CAB
Hi
I had the same problem . What I found was the Intermediate Certificate had expired back in 2019 so I renewed my Certificate and then made sure to only include the certificates that we current and had not expired.
73 Andrew (KK4ZUZ)
-----Original Message----- From: Chris Brougham [mailto:ve7ysf@gmail.com] Sent: Wednesday, July 22, 2020 10:34 PM To: 44net@mailman.ampr.org Subject: [44net] AMPRNet VPN TLS Error
Hi List,
I'm trying to setup the VPN using my LotW cert and followed the instructions on the Wiki for Windows. There was a security issue at first but I added the
tls-cipher "DEFAULT:@SECLEVEL=0"
line in the .ovpn file and made some progress until I got this:
Wed Jul 22 20:14:59 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Searching the archives here I've tried a few things such as editing the authorities file to show the last block only as was suggested by another list member. I also edited the authorities file to show the first block only, but to no avail. Now the user and authorities certs are concatenated as per the WIki instructions, so it's all stock.
Any tips for further investigation?
73 Chris VE7YSF aka VA7CAB
Thanks Andrew,
That was indeed the case. I had just recently renewed my VA7CAB cert and so reapplied for a new VE7YSF certificate. This renewed the authorities file and appended both VA7CAB key and VE7YSF key to the users file. I removed the VA7CAB entry from users (as it didn't work at first with both call sign certs) and concatenated just the VE7YSF entry to the new authorities file (as per the wiki), and connected right away.
Many thanks. This will help me greatly in configuring my gateway as I'm having difficulty determining if it's my internal LAN or ISP that's causing IPIP issues (another story).
73 Chris VE7YSF aka VA7CAB
On Thu, Jul 23, 2020 at 5:50 PM Andrew Cameron apcameron@softhome.net wrote:
Hi
I had the same problem . What I found was the Intermediate Certificate had expired back in 2019 so I renewed my Certificate and then made sure to only include the certificates that we current and had not expired.
73 Andrew (KK4ZUZ)
-----Original Message----- From: Chris Brougham [mailto:ve7ysf@gmail.com] Sent: Wednesday, July 22, 2020 10:34 PM To: 44net@mailman.ampr.org Subject: [44net] AMPRNet VPN TLS Error
Hi List,
I'm trying to setup the VPN using my LotW cert and followed the instructions on the Wiki for Windows. There was a security issue at first but I added the
tls-cipher "DEFAULT:@SECLEVEL=0"
line in the .ovpn file and made some progress until I got this:
Wed Jul 22 20:14:59 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Searching the archives here I've tried a few things such as editing the authorities file to show the last block only as was suggested by another list member. I also edited the authorities file to show the first block only, but to no avail. Now the user and authorities certs are concatenated as per the WIki instructions, so it's all stock.
Any tips for further investigation?
73 Chris VE7YSF aka VA7CAB
-
Andrew Cameron -
Chris Brougham