1

I've recently setup VPN server for my self using Amazon Lightsail using SoftEther.

The system I'm using is Centos 7.

I'm not using firewalld, but I'm using iptables instead.

Everything was running smoothly on my desktop while I tried to connect it with my phone using an app called OpenVPN for Android.

I'm getting TLS handshake failed error and I'm not sure why this is happening.

Vpnserver is running and it is listening to port 1194.

Also I can connect to it with SoftEther client just fine - and my IP changes correctly.

I thought maybe it's due to Iptables, so I've added a line

-A INPUT -p udp -m upd --dport 1194 -j ACCEPT

but couldn't get it working.

So I tried

-I INPUT -p udp -m udp --dport 1194 -j ACCEPT

but couldn't get it working as well.

Here's my whole iptables file content for reference.

# Generated by iptables-save v1.4.21 on Sun Jan 19 22:00:27 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [3:228]
:POSTROUTING ACCEPT [3:228]
-A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source 52.79.170.1
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
COMMIT
# Completed on Sun Jan 19 22:00:27 2020

When connecting with OpenVPN for Android, I used following .ovpn file to import profile.

This file was created by Softether VPN Server

dev tun
proto udp
remote [MY IP ADDRESS] 1194
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
auth-user-pass

<ca>
-----BEGIN CERTIFICATE-----
[MY CERTIFICATE]
-----END CERTIFICATE-----

</ca>

;<cert>
;-----BEGIN CERTIFICATE-----
;
;-----END CERTIFICATE-----
;</cert>

;<key>
;-----BEGIN RSA PRIVATE KEY-----
;
;-----END RSA PRIVATE KEY-----
;</key>

I've noticed that the last two cert and keys were empty, but as this was generated by Softether VPN server itself, I'm not sure how to make it better.

Is there anything I could possibly missing here?

Thanks in advance.

Junta
  • 11
  • 2

0 Answers0