1
I have an Raspberry Pi running an open VPN server on my LAN. I moved this server from one location to another (at the old location, it was working just fine).
NOW my android devices are running on the same LAN as the server, they are not connecting. Their log files aren't giving me much, as they aren't getting any packets returned from the server. This was also happening to my Ubuntu Laptop. I changed the .ovpn file to include the "float" option. That did the trick. I added the "float" option to one of my android devices, no such luck. Other than those options, the configurations for all clients are IDENTICAL.
Here's the server's log when I attempt to connect:
Tue Jun 23 10:29:56 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:29:58 2015 192.168.1.78:38397 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1435055390) Tue Jun 23 10:29:50 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Jun 23 10:29:58 2015 192.168.1.78:38397 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.78:38397
Tue Jun 23 10:30:00 2015 192.168.1.78:47823 Re-using SSL/TLS context
Tue Jun 23 10:30:00 2015 192.168.1.78:47823 LZO compression initialized
Tue Jun 23 10:30:00 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:30:00 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:30:02 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:30:02 2015 192.168.1.78:47823 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1435055400) Tue Jun 23 10:30:00 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Jun 23 10:30:02 2015 192.168.1.78:47823 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.78:47823
Tue Jun 23 10:30:04 2015 192.168.1.78:47823 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1435055400) Tue Jun 23 10:30:00 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Jun 23 10:30:04 2015 192.168.1.78:47823 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.78:47823
Tue Jun 23 10:30:04 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:30:06 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:30:06 2015 192.168.1.78:47823 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1435055400) Tue Jun 23 10:30:00 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Jun 23 10:30:06 2015 192.168.1.78:47823 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.78:47823
Tue Jun 23 10:30:08 2015 192.168.1.78:47823 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1435055400) Tue Jun 23 10:30:00 2015 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Tue Jun 23 10:30:08 2015 192.168.1.78:47823 TLS Error: incoming packet authentication failed from [AF_INET]192.168.1.78:47823
Tue Jun 23 10:30:10 2015 192.168.1.78:48396 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jun 23 10:30:10 2015 192.168.1.78:48396 TLS Error: TLS handshake failed
Tue Jun 23 10:30:10 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Tue Jun 23 10:30:14 2015 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
When I remove the devices from my LAN, they connect.
I'm not seeing anything when I look in my ip-tables firewall logs (located in /var/log/messages I believe).
This also ain't working with my desktop client (adding the 'float' option won't work either), but I haven't done much troubleshooting on that, So that's no biggie as of now.
I only ask for suggestions and comments or further clarification requests.
client
dev tun
proto udp
remote notrealaddress.ovpn.net ####
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20
;added
float
(This is my Ubuntu x86 config, it connects, but an identical config on an android or windows client won't on the SAME NETWORK)
John Sater
Posted 2015-06-23T10:57:18.310
Reputation: 11
is your
notrealaddress.ovpn.netan IP address or a DNS name ? – dotvotdot – 2016-02-17T12:59:32.623