Hi,
I am trying to connect to my vpn provider, PureVpn and getting the below output on UDP and TCP with open vpn.
[root@gateway openvpn]# openvpn /etc/openvpn/UDP/Arizona\,\ Phoenix-udp.ovpn
Sat Jan 28 08:38:10 2017 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Sat Jan 28 08:38:10 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Enter Auth Username: ****************
Enter Auth Password: ********
Sat Jan 28 08:38:24 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 28 08:38:24 2017 WARNING: file 'Wdc.key' is group or others accessible
Sat Jan 28 08:38:24 2017 Control Channel Authentication: using 'Wdc.key' as a OpenVPN static key file
Sat Jan 28 08:38:24 2017 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Sat Jan 28 08:38:24 2017 Exiting due to fatal error
Sat Jan 28 08:30:04 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 28 08:30:04 2017 WARNING: file 'Wdc.key' is group or others accessible
Sat Jan 28 08:30:04 2017 Control Channel Authentication: using 'Wdc.key' as a OpenVPN static key file
Sat Jan 28 08:30:04 2017 Attempting to establish TCP connection with [AF_INET]172.94.93.2:80 [nonblock]
Sat Jan 28 08:30:05 2017 TCP connection established with [AF_INET]172.94.93.2:80
Sat Jan 28 08:30:05 2017 TCPv4_CLIENT link local: [undef]
Sat Jan 28 08:30:05 2017 TCPv4_CLIENT link remote: [AF_INET]172.94.93.2:80
Sat Jan 28 08:30:05 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 28 08:30:05 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Sat Jan 28 08:30:05 2017 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan 28 08:30:05 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sat Jan 28 08:30:05 2017 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 28 08:30:05 2017 TLS Error: TLS handshake failed
Sat Jan 28 08:30:05 2017 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 28 08:30:05 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 28 08:30:10 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 28 08:30:10 2017 Attempting to establish TCP connection with [AF_INET]198.143.186.130:80 [nonblock]
Sat Jan 28 08:30:11 2017 TCP connection established with [AF_INET]198.143.186.130:80
Sat Jan 28 08:30:11 2017 TCPv4_CLIENT link local: [undef]
Sat Jan 28 08:30:11 2017 TCPv4_CLIENT link remote: [AF_INET]198.143.186.130:80
Sat Jan 28 08:30:12 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Sat Jan 28 08:30:12 2017 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan 28 08:30:12 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sat Jan 28 08:30:12 2017 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 28 08:30:12 2017 TLS Error: TLS handshake failed
Sat Jan 28 08:30:12 2017 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 28 08:30:12 2017 SIGUSR1[soft,tls-error] received, process restarting
^CSat Jan 28 08:30:15 2017 SIGINT[hard,init_instance] received, process exiting
I have verified that port 1134 is not in use. I am not sure where else to go with this.
I am trying to connect to my vpn provider, PureVpn and getting the below output on UDP and TCP with open vpn.
[root@gateway openvpn]# openvpn /etc/openvpn/UDP/Arizona\,\ Phoenix-udp.ovpn
Sat Jan 28 08:38:10 2017 OpenVPN 2.3.13 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 3 2016
Sat Jan 28 08:38:10 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Enter Auth Username: ****************
Enter Auth Password: ********
Sat Jan 28 08:38:24 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 28 08:38:24 2017 WARNING: file 'Wdc.key' is group or others accessible
Sat Jan 28 08:38:24 2017 Control Channel Authentication: using 'Wdc.key' as a OpenVPN static key file
Sat Jan 28 08:38:24 2017 TCP/UDP: Socket bind failed on local address [undef]: Address already in use
Sat Jan 28 08:38:24 2017 Exiting due to fatal error
Sat Jan 28 08:30:04 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 28 08:30:04 2017 WARNING: file 'Wdc.key' is group or others accessible
Sat Jan 28 08:30:04 2017 Control Channel Authentication: using 'Wdc.key' as a OpenVPN static key file
Sat Jan 28 08:30:04 2017 Attempting to establish TCP connection with [AF_INET]172.94.93.2:80 [nonblock]
Sat Jan 28 08:30:05 2017 TCP connection established with [AF_INET]172.94.93.2:80
Sat Jan 28 08:30:05 2017 TCPv4_CLIENT link local: [undef]
Sat Jan 28 08:30:05 2017 TCPv4_CLIENT link remote: [AF_INET]172.94.93.2:80
Sat Jan 28 08:30:05 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 28 08:30:05 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Sat Jan 28 08:30:05 2017 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan 28 08:30:05 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sat Jan 28 08:30:05 2017 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 28 08:30:05 2017 TLS Error: TLS handshake failed
Sat Jan 28 08:30:05 2017 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 28 08:30:05 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 28 08:30:10 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 28 08:30:10 2017 Attempting to establish TCP connection with [AF_INET]198.143.186.130:80 [nonblock]
Sat Jan 28 08:30:11 2017 TCP connection established with [AF_INET]198.143.186.130:80
Sat Jan 28 08:30:11 2017 TCPv4_CLIENT link local: [undef]
Sat Jan 28 08:30:11 2017 TCPv4_CLIENT link remote: [AF_INET]198.143.186.130:80
Sat Jan 28 08:30:12 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Sat Jan 28 08:30:12 2017 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jan 28 08:30:12 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sat Jan 28 08:30:12 2017 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 28 08:30:12 2017 TLS Error: TLS handshake failed
Sat Jan 28 08:30:12 2017 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 28 08:30:12 2017 SIGUSR1[soft,tls-error] received, process restarting
^CSat Jan 28 08:30:15 2017 SIGINT[hard,init_instance] received, process exiting
I have verified that port 1134 is not in use. I am not sure where else to go with this.
In OpenVPN
Share this post:
Responses (10)
-
Accepted Answer
Nick Howitt wrote:
????
Means port 53remote usny1-ovpn-UDP.pointtoserver.net 53
They have UDP and TCP options. Last I checked TCP 80 is not DNS. Unless someone is doing some funky non-standard DNS.
[root@gateway TCP]# cat Arizona\,\ Phoenix-tcp.ovpn
client
dev tun
proto tcp
remote usphx-ovpn-tcp.pointtoserver.com 80
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
float
auth-user-pass
auth-retry interact
ifconfig-nowarn
Last I checked TCP 80 is not DNS. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
Looking at the errors and warnings, you may have a permission error on your keys. Also it is saying "socket failed to bind ....". At a guess this is because dnsmasq is also using udp:53, but it is only a guess. You could try disabling it, but you'll then need to think about how you handle DNS on your LAN.
As an alternative, you could try their (less secure) PPTP VPN method.
I'm afraid I'm going to drop out of this thread as it is not really a ClearOS issue. Good luck.
[edit]
If the problem is dnsmasq you can try setting "port=0" in /etc/dnsmasq.conf and restarting dnsmasq, but then you cannot use ClearOS as a DNS cache for your LAN.
[/edit]
I can accept UDP conenction being an issue realted to DnsMasq in use on 53, but what about TCP? Shouldn't the TCP version work fine then? Which it doesn't. -
Accepted Answer
Looking at the errors and warnings, you may have a permission error on your keys. Also it is saying "socket failed to bind ....". At a guess this is because dnsmasq is also using udp:53, but it is only a guess. You could try disabling it, but you'll then need to think about how you handle DNS on your LAN.
As an alternative, you could try their (less secure) PPTP VPN method.
I'm afraid I'm going to drop out of this thread as it is not really a ClearOS issue. Good luck.
[edit]
If the problem is dnsmasq you can try setting "port=0" in /etc/dnsmasq.conf and restarting dnsmasq, but then you cannot use ClearOS as a DNS cache for your LAN.
[/edit] -
Accepted Answer
Nick Howitt wrote:
So what is your .ovpn file and did you get it from PureVPN? Looking at theirs, they don't use full certificates, just two files for a TLS connection.
My Config is as follows:
[root@gateway UDP]# cat New\ York-udp.ovpn
client
dev tun
proto udp
remote usny1-ovpn-UDP.pointtoserver.net 53
persist-key
persist-tun
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
I built an Ubuntu workstation to test on and I am able to connect to this server from a host behind my ClearOS. I can also connect from a windows box from behind clearOS. I just can't get ClearOS to connect directly. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
This does not look like an ClearOS issue but a PureVPN issue. Presumably you've downloaded a PureVPN config from somewhere. Where have you put their certificates and does their config point to them. There should be three certificate files, CA, Certificate and Key.
The standard OpenVPN port is 1194, but in this case, as ClearOS is acting as the client, you should not need to open any ports.
I've just been to their website and you really need to follow their instructions. They appear to need four certificate files. Also they appear to use the non-standard port, udp:53.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »