"Waiting for server response" on OpenVPN

ubuntu vpn openvpn raspberry-pi mate

5,693

I finally resolved my problem : It was due to my router, I hasn't updated it for a long time. And at the end of the update, everything was working :)

Thanks

5,693

Lulucmy

Updated on September 18, 2022

Comments

Lulucmy over 1 year

I created a VPN with OpenVPN on my Rapsberry Pi 3 (Ubuntu Mate) with this tutorial : http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing . But when I try to connect my computer on my VPN with Tunnelblick, I have this error :

Here is the log file :

2016-12-18 21:48:55 us=588356 Current Parameter Settings:
2016-12-18 21:48:55 us=588588   config = '/.../config.ovpn'
2016-12-18 21:48:55 us=588603   mode = 0
2016-12-18 21:48:55 us=588613   show_ciphers = DISABLED
2016-12-18 21:48:55 us=588623   show_digests = DISABLED
2016-12-18 21:48:55 us=588632   show_engines = DISABLED
2016-12-18 21:48:55 us=588641   genkey = DISABLED
2016-12-18 21:48:55 us=588651   key_pass_file = '[UNDEF]'
2016-12-18 21:48:55 us=588661   show_tls_ciphers = DISABLED
2016-12-18 21:48:55 us=588670 Connection profiles [default]:
2016-12-18 21:48:55 us=588683   proto = udp
2016-12-18 21:48:55 us=588693   local = '[UNDEF]'
2016-12-18 21:48:55 us=588703   local_port = 0
2016-12-18 21:48:55 us=588712   remote = 'MYIP'
2016-12-18 21:48:55 us=588722   remote_port = 1194
2016-12-18 21:48:55 us=588731   remote_float = DISABLED
2016-12-18 21:48:55 us=588741   bind_defined = DISABLED
2016-12-18 21:48:55 us=588750   bind_local = DISABLED
2016-12-18 21:48:55 us=588760   connect_retry_seconds = 5
2016-12-18 21:48:55 us=588769   connect_timeout = 10
2016-12-18 21:48:55 us=588778 NOTE: --mute triggered...
2016-12-18 21:48:55 us=588799 255 variation(s) on previous 20 message(s) suppressed by --mute
2016-12-18 21:48:55 us=588812 OpenVPN 2.3.12 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Nov 17 2016
2016-12-18 21:48:55 us=588830 library versions: OpenSSL 1.0.2j  26 Sep 2016, LZO 2.09
2016-12-18 21:48:55 us=589832 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1339
2016-12-18 21:48:55 us=589940 Need hold release from management interface, waiting...
2016-12-18 21:48:55 us=998065 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1339
2016-12-18 21:48:55 *Tunnelblick: openvpnstart starting OpenVPN
2016-12-18 21:48:56 *Tunnelblick: Established communication with OpenVPN
2016-12-18 21:48:56 *Tunnelblick: Obtained passphrase from the Keychain
2016-12-18 21:48:56 us=15623 MANAGEMENT: CMD 'pid'
2016-12-18 21:48:56 us=15778 MANAGEMENT: CMD 'state on'
2016-12-18 21:48:56 us=15946 MANAGEMENT: CMD 'state'
2016-12-18 21:48:56 us=16068 MANAGEMENT: CMD 'bytecount 1'
2016-12-18 21:48:56 us=16155 MANAGEMENT: CMD 'hold release'
2016-12-18 21:48:56 us=16395 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2016-12-18 21:48:56 us=37387 MANAGEMENT: CMD 'password [...]'
2016-12-18 21:48:56 us=37565 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2016-12-18 21:48:56 us=38716 Control Channel Authentication: tls-auth using INLINE static key file
2016-12-18 21:48:56 us=38788 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-12-18 21:48:56 us=38840 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2016-12-18 21:48:56 us=38914 LZO compression initialized
2016-12-18 21:48:56 us=39034 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2016-12-18 21:48:56 us=39119 Socket Buffers: R=[196724->196724] S=[9216->9216]
2016-12-18 21:48:56 us=39180 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
2016-12-18 21:48:56 us=39241 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2016-12-18 21:48:56 us=39289 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2016-12-18 21:48:56 us=39340 Local Options hash (VER=V4): '272f1b58'
2016-12-18 21:48:56 us=39392 Expected Remote Options hash (VER=V4): 'a2e63101'
2016-12-18 21:48:56 us=39444 UDPv4 link local: [undef]
2016-12-18 21:48:56 us=39496 UDPv4 link remote: [AF_INET]myip:1194
2016-12-18 21:48:56 us=39561 MANAGEMENT: >STATE:1482094136,WAIT,,,
2016-12-18 21:48:56 us=39689 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0
2016-12-18 21:48:58 us=416600 UDPv4 WRITE [42] to [AF_INET]MYIP:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:03 us=192515 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:11 us=502022 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0
2016-12-18 21:49:27 us=831284 UDPv4 WRITE [42] to [AF_INET]myip:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0

Here is the config file :

local 192.168.1.21
dev tun
proto udp 
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/NissaVPN.crt 
key /etc/openvpn/easy-rsa/keys/NissaVPN.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem 
server 10.8.0.0 255.255.255.0
ifconfig 10.8.0.1 10.8.0.2
push "route 10.8.0.1 255.255.255.255"
push "route 10.8.0.0 255.255.255.0"
push "route 192.168.1.21 255.255.255.0" 
push "dhcp-option DNS 192.168.1.1" 
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

Here is the default RSA key :

client
dev tun
proto udp
remote MYIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20

Here is the openvpn firewall file :

#!/bin/sh
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.21

What can I do to repair it? I disabled my firewall and my router is configured.

Daniel B over 7 years

There aren’t enough details. Please provide both the client and server config file, including the complete verb 3 client log.
Lulucmy over 7 years

Hello, I just added the logs and the files. Thanks you :)
Daniel B over 7 years

It’s still not verb 3, but whatever. I assume MYIP is your (current) external IP address, right? From where did you try connecting to that? From behind your router? When you say “router is configured”, does that mean you set up a port forwarding for port 1194 UDP?
Lulucmy over 7 years

Yes, I set up a port forwarding, I tried to connect in my house. Sorry, but I don't know what is "verb 3" :/ ...
Daniel B over 7 years

Your router probably doesn’t support hairpin NAT. So connecting to your public IP address will not work. Connect to your internal IP address. // It’s an option, verbosity. You currently have verb 1. To diagnose errors, you’ll need to ramp that up.
Lulucmy over 7 years

Thanks @DanielB , I configured NAT on my router, but I updated the log file to verb 6 because I was already on verb 3.

Ravindra Bawane over 7 years

Glad you were able to fix it yourself. What firmware was your router running before the update? What model is your router? And what firmware are you at now where the issue is resolved? This could all be helpful to others experiencing similar issues.
Lulucmy over 7 years

It is a Livebox (French router)
Lulucmy over 7 years

But I can go on web... Do you recommend me to open a new post ?
Ravindra Bawane over 7 years

If you're having a new issue, yes, create a new question.