Ask Your Question
0

Timeout issues while trying to conect to an OpenVPN server

asked 2017-03-29 00:32:41 -0600

elsaso gravatar image

Hello,

I'm trying to connect as a client to this OpenVPN server and i'm having issues connecting through the network manager. I'm receiving timeout errors and TLS handshake errors. The weird thing here is that when i connect directly through the openvpn command, i get connected to the VPN but i don't have access to local domain names, i'm guessing that's a misconfiguration from the remote server with the DNS ? But if there's a way to fix that, i would appreciate it rather than sticking to Network manager.

All my keys are placed in ~/.local/networkmanagement/certificates with correct permissions(700). I'm not getting any logs from SElinux too.

Here's the .ovpn file :

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote **** **** tcp-client
verify-x509-name "www.******.com" name
auth-user-pass
ns-cert-type server
comp-lzo adaptive
<ca>
******
</ca>
<cert>
******
</cert>
<key>
*******
</key>
<tls-auth>
*******
</tls-auth>
key-direction 1

These are the connection logs through NetworkManager :

Mar 29 01:20:20 nm-openvpn[10721]: UDP link local: (not bound)
Mar 29 01:20:20 nm-openvpn[10721]: UDP link remote: [AF_INET]*****
Mar 29 01:20:20 nm-openvpn[10721]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mar 29 01:21:20 nm-openvpn[10721]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mar 29 01:21:20 nm-openvpn[10721]: TLS Error: TLS handshake failed
Mar 29 01:21:20 nm-openvpn[10721]: SIGUSR1[soft,tls-error] received, process restarting
Mar 29 01:21:20 NetworkManager[2405]: <warn>  [1490764880.7896] vpn-connection: VPN connection: connect timeout exceeded.
Mar 29 01:21:20 NetworkManager[2405]: <warn>  [1490764880.7963] vpn-connection: VPN plugin: failed: connect-failed (1)
Mar 29 01:21:20 NetworkManager[2405]: <info>  [1490764880.7963] vpn-connection: VPN plugin: state changed: stopping (5)
Mar 29 01:21:20 NetworkManager[2405]: <info>  [1490764880.7964] vpn-connection: VPN plugin: state changed: stopped (6)

And this is a successful connection running the openvpn client.ovpn directly :

Wed Mar 29 01:14:12 2017 OpenVPN 2.4.1 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 23 2017
Wed Mar 29 01:14:12 2017 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.08
Enter Auth Username:
Enter Auth Password: 
Wed Mar 29 01:14:16 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Wed Mar 29 01:14:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]******
Wed Mar 29 01:14:16 2017 Attempting to establish TCP connection with [AF_INET]****** [nonblock]
Wed Mar 29 01:14:17 2017 TCP connection established with [AF_INET]****
Wed Mar 29 01:14:17 2017 TCP_CLIENT link local: (not bound)
Wed Mar 29 01:14:17 2017 TCP_CLIENT link remote: [AF_INET]*****
Wed Mar 29 01:14:17 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar 29 01:14:18 2017 [******] Peer Connection Initiated with [AF_INET]******
Wed Mar 29 01:14:20 ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-04-03 07:11:00 -0600

Hello, I have had the same problem. I resolved it byt putting cert files into ~/.cert directory.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2017-03-29 00:32:41 -0600

Seen: 4,226 times

Last updated: Mar 29 '17