KevinE Posted March 9 Share Posted March 9 Getting the following issues trying to get this connection up. Header of my ovpn is included as well. Newb VPN guy here. My extraparams is --cap-add=NET_ADMIN --dns=8.8.8.8 --sysctl net.ipv6.conf.all.disable_ipv6=1 Tried running Privileged on and off. 2024-03-09 09:39:39 Initialization Sequence Completed 2024-03-09 09:39:55 Authenticate/Decrypt packet error: packet HMAC authentication failed 2024-03-09 09:40:15 [yvr-002.vpn.privado.io] Inactivity timeout (--ping-restart), restarting 2024-03-09 09:40:15 SIGUSR1[soft,ping-restart] received, process restarting 2024-03-09 09:40:15 Restart pause, 1 second(s) 2024-03-09 09:40:16 TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.248.113:1194 2024-03-09 09:40:16 TCP/UDP: Preserving recently used remote address: [AF_INET]71.19.248.113:1194 2024-03-09 09:40:16 Socket Buffers: R=[212992->986432] S=[212992->986432] 2024-03-09 09:40:16 UDPv4 link local: (not bound) 2024-03-09 09:40:16 UDPv4 link remote: [AF_INET]71.19.248.113:1194 2024-03-09 09:40:16 TLS: Initial packet from [AF_INET]71.19.248.113:1194, sid=f58dd431 b754607e 2024-03-09 09:40:16 VERIFY OK: depth=1, CN=Privado 2024-03-09 09:40:16 VERIFY KU OK 2024-03-09 09:40:16 Validating certificate extended key usage 2024-03-09 09:40:16 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2024-03-09 09:40:16 VERIFY EKU OK 2024-03-09 09:40:16 VERIFY OK: depth=0, CN=yvr-002.vpn.privado.io 2024-03-09 09:40:16 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512 2024-03-09 09:40:16 [yvr-002.vpn.privado.io] Peer Connection Initiated with [AF_INET]71.19.248.113:1194 2024-03-09 09:40:16 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2024-03-09 09:40:16 TLS: tls_multi_process: initial untrusted session promoted to trusted 2024-03-09 09:40:18 SENT CONTROL [yvr-002.vpn.privado.io]: 'PUSH_REQUEST' (status=1) 2024-03-09 09:40:18 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,route-gateway 172.21.60.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.60.95 255.255.254.0,peer-id 1' 2024-03-09 09:40:18 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results 2024-03-09 09:40:18 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified 2024-03-09 09:40:18 Socket Buffers: R=[986432->986432] S=[986432->986432] 2024-03-09 09:40:18 OPTIONS IMPORT: --ifconfig/up options modified 2024-03-09 09:40:18 OPTIONS IMPORT: route options modified 2024-03-09 09:40:18 OPTIONS IMPORT: route-related options modified 2024-03-09 09:40:18 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2024-03-09 09:40:18 Using peer cipher 'AES-256-CBC' 2024-03-09 09:40:18 Preserving previous TUN/TAP instance: tun0 2024-03-09 09:40:18 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. 2024-03-09 09:40:18 net_route_v4_del: 0.0.0.0/0 via 172.21.20.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:18 net_route_v4_del: 71.19.248.113/32 via 172.17.0.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:18 net_route_v4_del: 0.0.0.0/1 via 172.21.20.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:18 net_route_v4_del: 128.0.0.0/1 via 172.21.20.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:18 Closing TUN/TAP interface 2024-03-09 09:40:18 net_addr_v4_del: 172.21.20.109 dev tun0 2024-03-09 09:40:19 net_route_v4_best_gw query: dst 0.0.0.0 2024-03-09 09:40:19 net_route_v4_best_gw result: via 172.17.0.1 dev eth0 2024-03-09 09:40:19 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03 2024-03-09 09:40:19 GDG6: remote_host_ipv6=n/a 2024-03-09 09:40:19 net_route_v6_best_gw query: dst :: 2024-03-09 09:40:19 sitnl_send: rtnl: generic error (-101): Network is unreachable 2024-03-09 09:40:19 ROUTE6: default_gateway=UNDEF 2024-03-09 09:40:19 TUN/TAP device tun0 opened 2024-03-09 09:40:19 net_iface_mtu_set: mtu 1500 for tun0 2024-03-09 09:40:19 net_iface_up: set tun0 up 2024-03-09 09:40:19 net_addr_v4_add: 172.21.60.95/23 dev tun0 2024-03-09 09:40:19 Data Channel: cipher 'AES-256-CBC', auth 'SHA1', peer-id: 1 2024-03-09 09:40:19 Timers: ping 20, ping-restart 40 2024-03-09 09:40:19 Protocol options: explicit-exit-notify 5 2024-03-09 09:40:22 net_route_v4_add: 71.19.248.113/32 via 172.17.0.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:22 net_route_v4_add: 0.0.0.0/1 via 172.21.60.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:22 net_route_v4_add: 128.0.0.0/1 via 172.21.60.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:22 net_route_v4_add: 0.0.0.0/0 via 172.21.60.1 dev [NULL] table 0 metric -1 2024-03-09 09:40:22 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected. 2024-03-09 09:40:22 add_route_ipv6(::/0 -> :: metric -1) dev tun0 2024-03-09 09:40:22 net_route_v6_add: ::/0 via :: dev tun0 table 0 metric -1 2024-03-09 09:40:22 sitnl_send: rtnl: generic error (-13): Permission denied 2024-03-09 09:40:22 ERROR: Linux route add command failed Am I supposed to comment out the setting for openvpn version < 2.5??? client dev tun proto udp remote yvr-002.vpn.privado.io 1194 resolv-retry infinite nobind persist-key persist-tun persist-remote-ip tls-client #block-outside-dns route-ipv6 ::/0 route 0.0.0.0 0.0.0.0 vpn_gateway route-delay 3 # if you're using openvpn versions later than 2.5 uncomment the following: data-ciphers AES-256-CBC data-ciphers-fallback AES-256-CBC # openvpn versions <= 2.5 use the following default settings: #auth SHA256 #cipher AES-256-CBC #tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA remote-cert-tls server auth-user-pass verb 3 <ca> -----BEGIN CERTIFICATE----- Link to comment
Rysz Posted March 9 Share Posted March 9 Please post in the respective support topic instead: 1 Link to comment
ich777 Posted March 9 Share Posted March 9 53 minutes ago, KevinE said: Tried running Privileged on and off. I still don't get it why people are doing that. Never ever enable Privileged mode! Privado is working fine AFAIK. Please us the support thread that @Rysz pointed out (you'll also find that when you go to the Docker page -> click on the container icon -> click on Support. Link to comment
Recommended Posts