"Waiting for server response" on OpenVPN
5,693
I finally resolved my problem : It was due to my router, I hasn't updated it for a long time. And at the end of the update, everything was working :)
Thanks
Related videos on Youtube
Author by
Lulucmy
Updated on September 18, 2022Comments
-
Lulucmy over 1 year
I created a VPN with OpenVPN on my Rapsberry Pi 3 (Ubuntu Mate) with this tutorial : http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing . But when I try to connect my computer on my VPN with Tunnelblick, I have this error :
Here is the log file :
2016-12-18 21:48:55 us=588356 Current Parameter Settings: 2016-12-18 21:48:55 us=588588 config = '/.../config.ovpn' 2016-12-18 21:48:55 us=588603 mode = 0 2016-12-18 21:48:55 us=588613 show_ciphers = DISABLED 2016-12-18 21:48:55 us=588623 show_digests = DISABLED 2016-12-18 21:48:55 us=588632 show_engines = DISABLED 2016-12-18 21:48:55 us=588641 genkey = DISABLED 2016-12-18 21:48:55 us=588651 key_pass_file = '[UNDEF]' 2016-12-18 21:48:55 us=588661 show_tls_ciphers = DISABLED 2016-12-18 21:48:55 us=588670 Connection profiles [default]: 2016-12-18 21:48:55 us=588683 proto = udp 2016-12-18 21:48:55 us=588693 local = '[UNDEF]' 2016-12-18 21:48:55 us=588703 local_port = 0 2016-12-18 21:48:55 us=588712 remote = 'MYIP' 2016-12-18 21:48:55 us=588722 remote_port = 1194 2016-12-18 21:48:55 us=588731 remote_float = DISABLED 2016-12-18 21:48:55 us=588741 bind_defined = DISABLED 2016-12-18 21:48:55 us=588750 bind_local = DISABLED 2016-12-18 21:48:55 us=588760 connect_retry_seconds = 5 2016-12-18 21:48:55 us=588769 connect_timeout = 10 2016-12-18 21:48:55 us=588778 NOTE: --mute triggered... 2016-12-18 21:48:55 us=588799 255 variation(s) on previous 20 message(s) suppressed by --mute 2016-12-18 21:48:55 us=588812 OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov 17 2016 2016-12-18 21:48:55 us=588830 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09 2016-12-18 21:48:55 us=589832 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1339 2016-12-18 21:48:55 us=589940 Need hold release from management interface, waiting... 2016-12-18 21:48:55 us=998065 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1339 2016-12-18 21:48:55 *Tunnelblick: openvpnstart starting OpenVPN 2016-12-18 21:48:56 *Tunnelblick: Established communication with OpenVPN 2016-12-18 21:48:56 *Tunnelblick: Obtained passphrase from the Keychain 2016-12-18 21:48:56 us=15623 MANAGEMENT: CMD 'pid' 2016-12-18 21:48:56 us=15778 MANAGEMENT: CMD 'state on' 2016-12-18 21:48:56 us=15946 MANAGEMENT: CMD 'state' 2016-12-18 21:48:56 us=16068 MANAGEMENT: CMD 'bytecount 1' 2016-12-18 21:48:56 us=16155 MANAGEMENT: CMD 'hold release' 2016-12-18 21:48:56 us=16395 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2016-12-18 21:48:56 us=37387 MANAGEMENT: CMD 'password [...]' 2016-12-18 21:48:56 us=37565 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2016-12-18 21:48:56 us=38716 Control Channel Authentication: tls-auth using INLINE static key file 2016-12-18 21:48:56 us=38788 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2016-12-18 21:48:56 us=38840 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2016-12-18 21:48:56 us=38914 LZO compression initialized 2016-12-18 21:48:56 us=39034 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ] 2016-12-18 21:48:56 us=39119 Socket Buffers: R=[196724->196724] S=[9216->9216] 2016-12-18 21:48:56 us=39180 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 2016-12-18 21:48:56 us=39241 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' 2016-12-18 21:48:56 us=39289 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' 2016-12-18 21:48:56 us=39340 Local Options hash (VER=V4): '272f1b58' 2016-12-18 21:48:56 us=39392 Expected Remote Options hash (VER=V4): 'a2e63101' 2016-12-18 21:48:56 us=39444 UDPv4 link local: [undef] 2016-12-18 21:48:56 us=39496 UDPv4 link remote: [AF_INET]myip:1194 2016-12-18 21:48:56 us=39561 MANAGEMENT: >STATE:1482094136,WAIT,,, 2016-12-18 21:48:56 us=39689 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 2016-12-18 21:48:58 us=416600 UDPv4 WRITE [42] to [AF_INET]MYIP:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 2016-12-18 21:49:03 us=192515 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 2016-12-18 21:49:11 us=502022 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 2016-12-18 21:49:27 us=831284 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0
Here is the config file :
local 192.168.1.21 dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/NissaVPN.crt key /etc/openvpn/easy-rsa/keys/NissaVPN.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem server 10.8.0.0 255.255.255.0 ifconfig 10.8.0.1 10.8.0.2 push "route 10.8.0.1 255.255.255.255" push "route 10.8.0.0 255.255.255.0" push "route 192.168.1.21 255.255.255.0" push "dhcp-option DNS 192.168.1.1" push "redirect-gateway def1" client-to-client duplicate-cn keepalive 10 120 tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 cipher AES-128-CBC comp-lzo user nobody group nogroup persist-key persist-tun status /var/log/openvpn-status.log 20 log /var/log/openvpn.log verb 1
Here is the default RSA key :
client dev tun proto udp remote MYIP 1194 resolv-retry infinite nobind persist-key persist-tun mute-replay-warnings ns-cert-type server key-direction 1 cipher AES-128-CBC comp-lzo verb 1 mute 20
Here is the openvpn firewall file :
#!/bin/sh iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.21
What can I do to repair it? I disabled my firewall and my router is configured.
-
Daniel B over 7 yearsThere aren’t enough details. Please provide both the client and server config file, including the complete
verb 3
client log. -
Lulucmy over 7 yearsHello, I just added the logs and the files. Thanks you :)
-
Daniel B over 7 yearsIt’s still not
verb 3
, but whatever. I assumeMYIP
is your (current) external IP address, right? From where did you try connecting to that? From behind your router? When you say “router is configured”, does that mean you set up a port forwarding for port 1194 UDP? -
Lulucmy over 7 yearsYes, I set up a port forwarding, I tried to connect in my house. Sorry, but I don't know what is "verb 3" :/ ...
-
Daniel B over 7 yearsYour router probably doesn’t support hairpin NAT. So connecting to your public IP address will not work. Connect to your internal IP address. // It’s an option,
verb
osity. You currently haveverb 1
. To diagnose errors, you’ll need to ramp that up. -
Lulucmy over 7 yearsThanks @DanielB , I configured NAT on my router, but I updated the log file to verb 6 because I was already on verb 3.
-
-
Ravindra Bawane over 7 yearsGlad you were able to fix it yourself. What firmware was your router running before the update? What model is your router? And what firmware are you at now where the issue is resolved? This could all be helpful to others experiencing similar issues.
-
Lulucmy over 7 yearsIt is a Livebox (French router)
-
Lulucmy over 7 yearsBut I can go on web... Do you recommend me to open a new post ?
-
Ravindra Bawane over 7 yearsIf you're having a new issue, yes, create a new question.