18
Help required, Certain VPN does not connect and times out (lemmy.ml)
submitted 6 months ago by sga@lemmy.ml to c/archlinux@lemmy.ml
19 comments fedilink hide all child comments

Can someone help, i have been having trouble connected with my home universities vpn, for past 15-20days, it is an openvpn connection, so i have been using networkmanager-openvpn to import my config files, and they have worked previously, but for last 15-20 days i get connection timed out, all certificates used are correct, i have tried to connect on cli,

Connection activation failed: The connection attempt timed out

and it suggests to check journalctl logs (nothing erroneous i could find) i am also able to connect with this vpn with my phone (with openvpn official app with same files), and also i am able to connect to proton's vpns with my laptop, so i guess my device is not completely broken, i have tried to redownload my certificate files, recreating vpn profile, reinstalling networkmanager, nothing worked

you are viewing a single comment's thread
view the rest of the comments
[-] Max_P@lemmy.max-p.me 1 points 6 months ago

Check the logs, but it's probably related to the deprecation of compression. OpenVPN 2.6 now requires a flag client-side to enable it as it is known to be the cause of too many vulnerabilities.

Add

comp-lzo yes
allow-compression yes

To your config and try again. If it still doesn't work set log level to 4, redact personal info and post the logs.

[-] sga@lemmy.ml 1 points 6 months ago

compression was already enabled in config (the config is given to us by institute), i will reply with logs

[-] sga@lemmy.ml 1 points 6 months ago

i tried to change the verbosity level in config (it was 3, i did with 4 and 6), nothing came, and for some reason, nothing is coming in journalctl logs also

[-] Max_P@lemmy.max-p.me 1 points 6 months ago

You can try running it directly, sudo openvpn --config yourconf.ovpn

That will also tell us if NetworkManager is at fault.

[-] sga@lemmy.ml 1 points 6 months ago* (last edited 6 months ago) 
2024-05-12 23:51:46 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-05-12 23:51:47 TCP/UDP: Preserving recently used remote address: ***********
2024-05-12 23:51:47 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-05-12 23:51:47 UDPv4 link local: (not bound)
2024-05-12 23:51:47 UDPv4 link remote: ******************
2024-05-12 23:51:47 TLS: Initial packet from *************
2024-05-12 23:51:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-05-12 23:51:47 VERIFY OK: depth=1, C=IN, ***************
2024-05-12 23:51:47 VERIFY OK: depth=0, C=IN, ***************
2024-05-12 23:51:48 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 3072 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH
2024-05-12 23:51:48 [vpn.*******] Peer Connection Initiated with ****************
2024-05-12 23:51:48 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-05-12 23:51:48 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-05-12 23:51:49 SENT CONTROL [vpn.iitd.ac.in]: 'PUSH_REQUEST' (status=1)
2024-05-12 23:51:49 PUSH: Received control message: ************
2024-05-12 23:51:49 OPTIONS IMPORT: --ifconfig/up options modified
2024-05-12 23:51:49 OPTIONS IMPORT: route options modified
2024-05-12 23:51:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-05-12 23:51:49 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
2024-05-12 23:51:49 ERROR: Failed to apply push options
2024-05-12 23:51:49 Failed to open tun/tap interface
2024-05-12 23:51:49 SIGUSR1[soft,process-push-msg-failed] received, process restarting
2024-05-12 23:51:49 Restart pause, 1 second(s)

this repeats over and over, i killed it, also i tried to connect with our vpn a year or 2 ago this method, and had same/similar errors even back then, and it only used to worked with network manager

sorry for editing it heavily, but would love to not be doxxed

[-] Max_P@lemmy.max-p.me 3 points 6 months ago 
ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

That's your error. So I think

data-ciphers AES-128-CBC

In your config should resolve this. Basically there's some issues with CBC and it's now off by default.

load more comments (3 replies)
this post was submitted on 12 May 2024
18 points (100.0% liked)

Arch Linux

7175 readers
1 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
k_o_t@lemmy.ml