I’m trying to replace my current VPN with an OpenVPN server - using yunohost official app.
When I install it, the log file raises not error.
The web interface is working too.
But I’m trying to connect using networkmanager (on Kubuntu).
I’m following this instructions: https://github.com/Kloadut/openvpn_ynh
But the connection to the VPN is not working, after a while it fails. And if I use a wrong password, it fails immediately - this make me think that the connection is (partly) working.
Any idea ? Is my configuration wrong ?
Thanks a lot
(French version)
Bonjour à tous,
J’essaye de remplacer mon VPN actuel par un serveur OpenVPN - en utilisant l’application yunohost officielle.
Après installation, le fichier log ne me renvoie aucune erreur.
L’interface web fonctionne également (même si elle est différente de celle d’OpenVPN “classique”).
Mais je n’arrive pas à me connecter avec networkmanager (sur Kubuntu).
Je suis ces instructions: https://github.com/Kloadut/openvpn_ynh
Mais la connexion ne se fait pas, après quelques temps c’est un échec. Et si j’utilise un mauvais mot de passe, la connexion échoue directement - ce qui me fait penser que la connexion se fait partiellement.
Here the error raised when I use the command line tool (Is it the good one ? openvpn myfile.ovpn)
WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
Socket Buffers: R=[212992->131072] S=[212992->131072]
UDPv4 link local: [undef]
UDPv4 link remote: [AF_INET]192.168.1.6:1194
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 2 second(s)
You have to configure the file /etc/openvpn/yunohost.conf . The self-signed which was created at the time of installation should be moved to a folder (eg. /donain.tld/) then change the location of the following lines to this location.
ca /domain.tld/ca.pem
cert /domain.tld/crt.pem
key /donain.tld/key.pem
dh /domain.tld/dh.pem
Uninstall openvpn then reinstall it again. copy dh.pem from /etc/yunohost/certs/domail.tld to /etc/yunohost/certs/yunohost.org
Edit the /etc/openvpn/yunohost.conf.
Change :
ca /etc/yunohost/certs/yunohost.org/ca.pem
cert /etc/yunohost/certs/yunohost.org/crt.pem
key /etc/yunohost/certs/yunohost.org/key.pem
dh /etc/yunohost/certs/yunohost.org/dh.pem
Do service openvpn restart
Import domail.tld.ovpn to openvpn client. Under vpn in authentication change the type to password.Use your username and password. Import the Ca certificate from the openvpn page.
Sun Apr 24 18:26:44 2016 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
Sun Apr 24 18:26:44 2016 library versions: OpenSSL 1.0.2g-fips 1 Mar 2016, LZO 2.08
Enter Auth Username:
Enter Auth Password:
Sun Apr 24 18:26:57 2016 WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
Sun Apr 24 18:26:57 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Apr 24 18:26:57 2016 UDPv4 link local: [undef]
Sun Apr 24 18:26:57 2016 UDPv4 link remote: [AF_INET]X.X.X.X:1194
Sun Apr 24 18:26:57 2016 WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
Sun Apr 24 18:27:57 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 24 18:27:57 2016 TLS Error: TLS handshake failed
Sun Apr 24 18:27:57 2016 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 24 18:27:57 2016 Restart pause, 2 second(s)
At least this time the line: UDPv4 link remote: [AF_INET]X.X.X.X:1194 don’t show a local address, but the good IP.
You have to put the certificate which yunohost produced itself first time in one folder and point that in openvpn/yunohost.conf file.
Try all the certificate in the folders /etc/yunohst/certs/ one by one.
I had the same error which was solved by pointing the right certificate files.
Don’t forgot to restart the openvpn after each change.
Sorry I’m not sure to understand what do you mean: is it on the server side ?
What certificate do I have to try ?
The config on the client remains the same ?
Pour un test client je récupère le fichier .ovpn sur la page web de l’application et en mode console je lance la commande:
openvpn “fichier.ovpn”
avec networkmanager, j’ai mis la conf toute simple, import du fichier ca, lzo et authentification par password
J’ai également testé sur android avec openvpn pour android, j’ai importé le fichier .ovpn, modifié l’option “remplacer les params DNS par le serveur”.
Comme mon serveur est hébergé, j’ai une ip fixe.
Normalement la connexion s’effectue, je vérifie avec firefox sur le site monip.com (par exemple) que je suis sur l’adresse ip de mon serveur.
Idem, un connection timeout.
Tu as moyen d’exporter ton fichier de conf (de networkmanager) pour que je vois le contenu, histoire de vérifier que ma config’ est là bonne ? (en virant le nom de domaine évidemment)
Merci