Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic:  VPN failure after upgrade this week  (Read 4170 times)

Offline drooghead

  • User
  • Posts: 20
VPN failure after upgrade this week
« on: 2018/08/24, 05:28:47 »
The upgrade I did on Wednesday broke the VPN on my two machines. I use openvpn to connect with vpn.ht and it immediately fails after the upgrade. I'm not sure which package is responsible and I am not yet understanding the errors. Can anyone help with this?

Offline titan

  • User
  • Posts: 312
Re: VPN failure after upgrade this week
« Reply #1 on: 2018/08/24, 09:15:24 »
Sorry not much help but are you sure it is Openvpn, I use Airvpn with Openvpn and it still is working fine after upgrades.

Offline drooghead

  • User
  • Posts: 20
Re: VPN failure after upgrade this week
« Reply #2 on: 2018/08/24, 10:31:21 »
If I run it from the command line rather than network manager I get the following results:
Code: [Select]
root@toshiro:~# openvpn /etc/openvpn/vpnht.ovpn
Fri Aug 24 18:27:24 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 30 2018
Fri Aug 24 18:27:24 2018 library versions: OpenSSL 1.1.1-pre9 (beta) 21 Aug 2018, LZO 2.10
Enter Auth Username: xxxxx
Enter Auth Password: *********
Fri Aug 24 18:28:08 2018 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Fri Aug 24 18:28:08 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 24 18:28:08 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 24 18:28:09 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]185.94.31.212:1194
Fri Aug 24 18:28:09 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Aug 24 18:28:09 2018 UDP link local: (not bound)
Fri Aug 24 18:28:09 2018 UDP link remote: [AF_INET]185.94.31.212:1194
Fri Aug 24 18:28:09 2018 TLS: Initial packet from [AF_INET]185.94.31.212:1194, sid=c14a5e78 9985c07c
Fri Aug 24 18:28:09 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Aug 24 18:28:12 2018 OpenSSL: error:1425F18C:SSL routines:ssl_choose_client_version:version too low
Fri Aug 24 18:28:12 2018 TLS_ERROR: BIO read tls_read_plaintext error
Fri Aug 24 18:28:12 2018 TLS Error: TLS object -> incoming plaintext read error
Fri Aug 24 18:28:12 2018 TLS Error: TLS handshake failed
Fri Aug 24 18:28:12 2018 SIGUSR1[soft,tls-error] received, process restarting
Fri Aug 24 18:28:12 2018 Restart pause, 5 second(s)

Offline Geier0815

  • User
  • Posts: 586
Re: VPN failure after upgrade this week
« Reply #3 on: 2018/08/24, 11:03:23 »
It seems to me that the client or the server use an too old version of ssl or tls. Please have a look in the latest changelogs. Maybe you find somethig like deprecated versions etc.

Half year ago I had a similar problem with connecting my cisco-switches via ssh. There was the root of the problem that ssl-keys shorter then 1024 bit wasn't accepted by ssh-client anymore.
Wenn Windows die Lösung ist...
kann ich dann bitte das Problem zurück haben?

Ninefix

  • Guest
Re: VPN failure after upgrade this week
« Reply #4 on: 2018/08/24, 17:17:28 »
Yuo can downgrade openssl package from version 1.1.1~~pre9-1 to 1.1.0h-4

After the openvpn should works as before.

But this is not the solution; I think you have to upgrade the server side of openvpn

Bye

Offline drooghead

  • User
  • Posts: 20
[solved] Re: VPN failure after upgrade this week
« Reply #5 on: 2018/08/24, 17:48:12 »
Thanks a lot. Your solution fixed my immediate problem. I will contact my vpn provider and tell them to update their system.


The siduction forum is awesome!

Offline finotti

  • User
  • Posts: 269
Re: VPN failure after upgrade this week
« Reply #6 on: 2018/08/25, 14:36:44 »
I had the same problem and indeed updating the VPN configuration files did solve the problem!

Offline drooghead

  • User
  • Posts: 20
Re: VPN failure after upgrade this week
« Reply #7 on: 2018/08/29, 07:15:37 »
My vpn providers aren't helpful so after looking at the bug report for openssl I changed the file
Code: [Select]
/etc/ssl/openssl.cnf

I changed the line
Code: [Select]
MinProtocol = TLSv1.2to
Code: [Select]
MinProtocol = TLSv1

and my vpn now works with openvpn again. I don't understand enough to determine if this is a bug with openssl or openvpn but this works for now with the new openssl package.

Ninefix

  • Guest
Re: VPN failure after upgrade this week
« Reply #8 on: 2018/10/06, 21:35:56 »
You can also set the directive tls-version-min 1.0 in your openvpn client config to solve the problem

I think that is would better rather than touch the openssl config itself or downgrade openssl package as I suggested before

Cheers