0

I am following this guide and I cannot setup a VPN server and ping it which is the first step.

https://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html

what happens is that I cannot ping 10.8.0.2 from the server and 10.8.0.1 from the client as stated in the guide. though tun0 interface appears in both server and client and when I attemp to connect to server is see logs both on the server and the client which I interpret that they communicate with each other. I don't know how to start debugging this issue.

client config

remote 148.251.143.94 443
dev tun
proto tcp-client
ifconfig 10.8.0.2 10.8.0.1
secret ta.key
verb 5

server config

dev tun
proto tcp
ifconfig 10.8.0.1 10.8.0.2
secret kets/ta.key
verb 6

client log:

Mon Jan 15 14:12:22 2018 us=454846 Outgoing Static Key Encryption: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jan 15 14:12:22 2018 us=454890 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Jan 15 14:12:22 2018 us=454933 Outgoing Static Key Encryption: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 15 14:12:22 2018 us=455047 Incoming Static Key Encryption: Cipher 'BF-CBC' initialized with 128 bit key
Mon Jan 15 14:12:22 2018 us=455068 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Jan 15 14:12:22 2018 us=455096 Incoming Static Key Encryption: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jan 15 14:12:22 2018 us=455474 TUN/TAP device tun0 opened
Mon Jan 15 14:12:22 2018 us=455518 TUN/TAP TX queue length set to 100
Mon Jan 15 14:12:22 2018 us=455552 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jan 15 14:12:22 2018 us=455589 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Jan 15 14:12:22 2018 us=458664 /usr/bin/ip addr add dev tun0 local 10.8.0.2 peer 10.8.0.1
Mon Jan 15 14:12:22 2018 us=462941 Data Channel MTU parms [ L:1546 D:1450 EF:46 EB:393 ET:0 EL:3 ]
Mon Jan 15 14:12:22 2018 us=463028 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto TCPv4_CLIENT,ifconfig 10.8.0.1 10.8.0.2,cipher BF-CBC,auth SHA1,keysize 128,secret'
Mon Jan 15 14:12:22 2018 us=463054 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto TCPv4_SERVER,ifconfig 10.8.0.2 10.8.0.1,cipher BF-CBC,auth SHA1,keysize 128,secret'
Mon Jan 15 14:12:22 2018 us=463094 TCP/UDP: Preserving recently used remote address: [AF_INET]148.251.143.94:443
Mon Jan 15 14:12:22 2018 us=463133 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Jan 15 14:12:22 2018 us=463161 Attempting to establish TCP connection with [AF_INET]148.251.143.94:443 [nonblock]
Mon Jan 15 14:12:23 2018 us=463407 TCP connection established with [AF_INET]148.251.143.94:443
Mon Jan 15 14:12:23 2018 us=463454 TCP_CLIENT link local: (not bound)
Mon Jan 15 14:12:23 2018 us=463464 TCP_CLIENT link remote: [AF_INET]148.251.143.94:443
rWMon Jan 15 14:12:23 2018 us=555120 Connection reset, restarting [0]
Mon Jan 15 14:12:23 2018 us=555192 TCP/UDP: Closing socket
Mon Jan 15 14:12:23 2018 us=555270 Closing TUN/TAP interface
Mon Jan 15 14:12:23 2018 us=555312 /usr/bin/ip addr del dev tun0 local 10.8.0.2 peer 10.8.0.1
Mon Jan 15 14:12:23 2018 us=584197 SIGUSR1[soft,connection-reset] received, process restarting
Mon Jan 15 14:12:23 2018 us=584235 Restart pause, 5 second(s)

server log:

Mon Jan 15 10:44:46 2018 us=688711 MULTI: multi_create_instance called
Mon Jan 15 10:44:46 2018 us=688764 Re-using SSL/TLS context
Mon Jan 15 10:44:46 2018 us=688828 Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Mon Jan 15 10:44:46 2018 us=688846 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Mon Jan 15 10:44:46 2018 us=688873 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'
Mon Jan 15 10:44:46 2018 us=688880 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'
Mon Jan 15 10:44:46 2018 us=688898 TCP connection established with [AF_INET6]::ffff:46.209.11.146:41912
Mon Jan 15 10:44:46 2018 us=688906 TCPv6_SERVER link local: (not bound)
Mon Jan 15 10:44:46 2018 us=688914 TCPv6_SERVER link remote: [AF_INET6]::ffff:46.209.11.146:41912
Mon Jan 15 10:44:47 2018 us=600257 46.209.11.146 TCPv6_SERVER READ [92] from [AF_INET6]::ffff:46.209.11.146:41912: P_??? kid=7 [ 4114583015 2485465082 3854031848 2485687898 4043797693 2733821008 3551115941 657634580 4080887663 553580923 4080980629 2631660472 665707228 1385866580 4031312028 2050149634 346564806 479243997 2692639409 1434557404 ]
Mon Jan 15 10:44:47 2018 us=600314 46.209.11.146 TLS Error: unknown opcode received from [AF_INET6]::ffff:46.209.11.146:41912 op=21
Mon Jan 15 10:44:47 2018 us=600374 46.209.11.146 Fatal TLS error (check_tls_errors_co), restarting
Mon Jan 15 10:44:47 2018 us=600401 46.209.11.146 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Jan 15 10:44:47 2018 us=600460 TCP/UDP: Closing socket
milad zahedi
  • 101
  • 3
  • I also should note that udp did not work so I had to change it to tcp – milad zahedi Jan 15 '18 at 10:51
  • 1
    For TCP operation, one peer **must use --proto tcp-server** and the other **must use --proto tcp-client**. Try to explicitly set ```proto tcp-server``` on the server side instead of proto tcp – ALex_hha Jan 16 '18 at 11:18
  • @ALex_hha I followed your suggestion, an new error line is added to the server log. unknown opcode received from [AF_INET6]::ffff:46.209.11.146:41338 op=0 – milad zahedi Jan 16 '18 at 11:53

0 Answers0