newbie_dude Posted January 8, 2016 Share Posted January 8, 2016 I hoping I'm doing something stupid. My server configuration is attached. I use Viscosity in my mac for VPN. But I can't seem to connect to my unraid server It fails on TLS handshake. I've opened port 1194 in my router. Here is what I see on client side: Jan 08 14:32:22: Viscosity Mac 1.5.11 (1314) Jan 08 14:32:22: Viscosity OpenVPN Engine Started Jan 08 14:32:22: Running on Mac OS X 10.7.5 Jan 08 14:32:22: --------- Jan 08 14:32:22: Checking reachability status of connection... Jan 08 14:32:22: Connection is reachable. Starting connection attempt. Jan 08 14:32:22: OpenVPN 2.3.8 x86_64-apple-darwin [sSL (OpenSSL)] [LZO] [PKCS11] [MH] [iPv6] built on Sep 23 2015 Jan 08 14:32:22: library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.09 Jan 08 14:32:23: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.puyVrx/ta.key' as a OpenVPN static key file Jan 08 14:32:23: UDPv4 link local: [undef] Jan 08 14:32:23: UDPv4 link remote: [AF_INET]99.XXX.XXX.XXX:1194 Jan 08 14:33:23: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Jan 08 14:33:23: TLS Error: TLS handshake failed Jan 08 14:33:23: SIGUSR1[soft,tls-error] received, process restarting Do I need to open more ports? Or is there something else with the configuration that's incorrect? Thanks for your help! Quote Link to comment
s34nDROID Posted January 9, 2016 Share Posted January 9, 2016 I'm having some issues configuring this as well. I have the plugin installed. But it I can't figure out what ip I need to forward to on my router. Do I open the ports for my IP to the unRaid server? I did a port scan on my unRaid and 1194 didn't come back as being open. Is that normal? Quote Link to comment
peter_sm Posted January 9, 2016 Author Share Posted January 9, 2016 Forward the port for Unraid IP. Quote Link to comment
zarfx4 Posted January 10, 2016 Share Posted January 10, 2016 Im having issues connecting as well....I setup the server several days ago..following all the instructions (after my one idiotic oversight) and then proceeded to create a user. I created a user for iOS, and therefore went to my Cert folder and opened the ZIP file to install the profile file first, then loaded the opvn file. Ive tried 2 different ports for the server, and I get the same issue....it finds the server, but hangs in the "connecting" phase. Here it the logs from the OPENVPN app.....any thoughts on why it wont connect? Appreciate the help!!!!! 2016-01-09 18:33:58 Connecting to 24.xxxxxxxxxxxxxx:XXxX (24.xxxxxxxxxxxxxx) via UDPv4 2016-01-09 18:33:58 EVENT: CONNECTING 2016-01-09 18:33:58 Tunnel Options:V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client 2016-01-09 18:33:58 Peer Info: IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177 IV_VER=3.0 IV_PLAT=ios IV_NCP=1 IV_LZO=1 2016-01-09 18:33:59 VERIFY OK: depth=1 cert. version : 3 serial number : EC:2E:8A:D0:3D:58:52:CE issuer name : CN=Easy-RSA CA subject name : CN=Easy-RSA CA issued on : 2015-12-31 03:23:12 expires on : 2025-12-28 03:23:12 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=true key usage : Key Cert Sign, CRL Sign 2016-01-09 18:33:59 VERIFY OK: depth=0 cert. version : 3 serial number : 01 issuer name : CN=Easy-RSA CA subject name : CN=server issued on : 2015-12-31 03:23:13 expires on : 2025-12-28 03:23:13 signed using : RSA with SHA-256 RSA key size : 2048 bits basic constraints : CA=false key usage : Digital Signature, Key Encipherment ext key usage : TLS Web Server Authentication 2016-01-09 18:34:07 EVENT: DISCONNECTED 2016-01-09 18:34:07 Raw stats on disconnect: BYTES_IN : 5672 BYTES_OUT : 10824 PACKETS_IN : 10 PACKETS_OUT : 35 KEEPALIVE_TIMEOUT : 1 N_RECONNECT : 1 2016-01-09 18:34:07 Performance stats on disconnect: CPU usage (microseconds): 426654 Network bytes per CPU second: 38663 Tunnel bytes per CPU second: 0 2016-01-09 18:34:07 ----- OpenVPN Stop ----- Quote Link to comment
peter_sm Posted January 10, 2016 Author Share Posted January 10, 2016 Can you attach your router settings (portforward) and server settings ? //Peter Quote Link to comment
zarfx4 Posted January 10, 2016 Share Posted January 10, 2016 Hi Peter, See attached screenshots. THANKS! Quote Link to comment
peter_sm Posted January 10, 2016 Author Share Posted January 10, 2016 You are connecting your client to your WAN IP? if you are using iOS try the "inline file" :-) We have almost same settings, I have these that differ,see image. EDIT Added my router settings as well. //Peter Quote Link to comment
zarfx4 Posted January 11, 2016 Share Posted January 11, 2016 Thanks Peter!!!! I made the changes to the Server settings and then created/used the inline option. Assume that leaving this port open is "OK" as nothing can connect to OpenVPN w/o the Cert details correct? And I should be able to edit the inline file to replace the WAN IP to a Dynamic Hose such as DuckDNS correct (vs. the static IP it inserted into the file?) Appreciate your help. Love your work and dedication!! Quote Link to comment
FFV Posted January 18, 2016 Share Posted January 18, 2016 I'm probably missing something basic here but I've tried a couple times and cannot get it to work. Can anyone tell me what I'm doing wrong? Running Unraid v 6.1.7 1. Installed the Server plugin 2. Defined the path to store config files 3. Installed Easy-RSA 4. Click on the Generate keys and certificates -- after this point the Dynamix GUI hangs for a few seconds, reloads and the red X remains. Log shows nothing happens after this point. Jan 18 19:17:51 Aegir emhttp: cmd: /usr/local/emhttp/plugins/dynamix.plugin.manager/scripts/plugin install https://raw.githubusercontent.com/petersm1/openvpnserver/master/openvpn_server_x64.plg Jan 18 19:17:52 Aegir logger: plugin: skipping: /boot/packages/tcl-8.6.2-x86_64-2.txz already exists Jan 18 19:17:52 Aegir logger: plugin: running: /boot/packages/tcl-8.6.2-x86_64-2.txz Jan 18 19:17:52 Aegir logger: plugin: skipping: /boot/packages/expect-5.44.1.15-x86_64-2.txz already exists Jan 18 19:17:52 Aegir logger: plugin: running: /boot/packages/expect-5.44.1.15-x86_64-2.txz Jan 18 19:17:52 Aegir logger: plugin: creating: /boot/packages/openvpn-2.3.9-x86_64-1.txz - downloading from URL http://mirrors.slackware.com/slackware/slackware64-current/slackware64/n/openvpn-2.3.9-x86_64-1.txz Jan 18 19:17:53 Aegir logger: plugin: checking: /boot/packages/openvpn-2.3.9-x86_64-1.txz - MD5 Jan 18 19:17:53 Aegir logger: plugin: running: /boot/packages/openvpn-2.3.9-x86_64-1.txz Jan 18 19:17:53 Aegir logger: plugin: creating: /boot/config/plugins/openvpnserver/openvpnserver-2015.12.23.tar.gz - downloading from URL https://github.com/petersm1/openvpnserver/archive/2015.12.23.tar.gz Jan 18 19:17:55 Aegir logger: plugin: running: anonymous Jan 18 19:17:55 Aegir logger: plugin: creating: /var/local/emhttp/plugins/openvpnserver/check-my-ip.sh - from INLINE content Jan 18 19:17:55 Aegir logger: plugin: setting: /var/local/emhttp/plugins/openvpnserver/check-my-ip.sh - mode to 0770 Jan 18 19:17:55 Aegir logger: plugin: creating: /var/log/plugins/openvpnserver - from INLINE content Jan 18 19:18:39 Aegir rc.openvpnserver[21632]: Plugin configuration for certs written Jan 18 19:18:44 Aegir php: /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver 'download_easy-rsa' Jan 18 19:18:50 Aegir php: /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver 'create_server_cert' Thanks in advance! Quote Link to comment
peter_sm Posted January 18, 2016 Author Share Posted January 18, 2016 Generate certs take a wile, did you also save "Server Config" so there are 3 green marker. //Peter Quote Link to comment
FFV Posted January 18, 2016 Share Posted January 18, 2016 Hi Peter, I saved the server config file and have a green arrow next to that. As soon as I press the generate certificates and keys button the text Aborting without confirmation appears on the bottom. Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 Can you do this in a putty session /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver create_server_cert Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 Tried that just now. Not sure what the expected result should be... Screenshot attached. Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 You see that the directory doesn't exist ? Try move away from user share and use disk instead , maybe you didn't save settings? Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 I tried again, using disk1 instead of user but getting the same results unfortunately. init-pki complete; you may now create a CA or requests. Your newly created PKI dir is: /mnt/disk1/appdata/myVPNserver/easy-rsa/easyrsa3/pki /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory Checking in the Easyrsa folder there is indeed no folder called PKI. Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 Try this /usr/local/emhttp/plugins/openvpnserver/scripts/rc.openvpnserver download_easy-rsa and post your /boot/config/plugins/openvpnserver/openvpnserver.cfg //Peter Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 Done. Config file attached. (I edited out the duckdns address) Thanks for your help with this! openvpnserver.cfg Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 What was the output of the command ? And can you see any files in easyRsa folder? Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 Can you post the other config file as well? Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 It could be a permission issue! Try set chmod 777 on easyrsa file or post all files in easyrsa3 folder with ls -al so I can see Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 Alright, here we go; -output of the command -config file -file in easy-rsa I'll Google to learn how to set the chmod 777 in the meantime (pretty new to this ) openvpnserver_cert.cfg easyrsafolder.pdf easyrsacmd.pdf Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 can you cd in to easyrsa3 folder an do ls -al Quote Link to comment
peter_sm Posted January 19, 2016 Author Share Posted January 19, 2016 You see that the directory doesn't exist ? Try move away from user share and use disk instead , maybe you didn't save settings? Something is wrong on your system, you have a missing libs! /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory What more plugins do you have installed ? Please post syslog //Peter Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 can you cd in to easyrsa3 folder an do ls -al Attached here; http://lime-technology.com/forum/index.php?action=dlattach;topic=35435.0;attach=31021 Quote Link to comment
FFV Posted January 19, 2016 Share Posted January 19, 2016 You see that the directory doesn't exist ? Try move away from user share and use disk instead , maybe you didn't save settings? Something is wrong on your system, you have a missing libs! /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory /usr/bin/expect: error while loading shared libraries: libtcl8.6.so: cannot open shared object file: No such file or directory What more plugins do you have installed ? Please post syslog //Peter Syslog attached Plugins installed; Powerdown package 2.18 OpenVPN Server TUN mode Community Applications Dynamic webGui unRAID Server OS syslog.pdf Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.