OpenVPN connection problem

[Beaker]

I have tried to configure my router as VPN server, so I could connect to it from my other devices, but it doesn't seem to work.
Router: TP-Link WR1043ND-v3
Gargoyle: 1.9.1
Configuration:

Router is connected to the Connect Box:

Code: Select all

https://www.upc.ch/dam/www-upc-cablecom-ch/Support/manuals/en/int/Manual%20Wlan%20Connect%20Box%20Modem_1115_EN.PDF

Config file was downloaded and unpacked into appropriate directory in my notebook.

But when I am trying to connect, the log show errors:

Code: Select all

Sat Mar 18 13:25:34 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Sat Mar 18 13:25:34 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Mar 18 13:25:34 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Sat Mar 18 13:25:34 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Mar 18 13:25:34 2017 Need hold release from management interface, waiting...
Sat Mar 18 13:25:35 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Mar 18 13:25:35 2017 MANAGEMENT: CMD 'state on'
Sat Mar 18 13:25:35 2017 MANAGEMENT: CMD 'log all on'
Sat Mar 18 13:25:35 2017 MANAGEMENT: CMD 'hold off'
Sat Mar 18 13:25:35 2017 MANAGEMENT: CMD 'hold release'
Sat Mar 18 13:25:35 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 18 13:25:35 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 18 13:25:35 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:25:35 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Mar 18 13:25:35 2017 UDP link local: (not bound)
Sat Mar 18 13:25:35 2017 UDP link remote: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:25:35 2017 MANAGEMENT: >STATE:1489839935,WAIT,,,,,,
Sat Mar 18 13:26:35 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Mar 18 13:26:35 2017 TLS Error: TLS handshake failed
Sat Mar 18 13:26:35 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Mar 18 13:26:35 2017 MANAGEMENT: >STATE:1489839995,RECONNECTING,tls-error,,,,,
Sat Mar 18 13:26:35 2017 Restart pause, 5 second(s)
Sat Mar 18 13:26:40 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:26:40 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Mar 18 13:26:40 2017 UDP link local: (not bound)
Sat Mar 18 13:26:40 2017 UDP link remote: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:26:40 2017 MANAGEMENT: >STATE:1489840000,WAIT,,,,,,
Sat Mar 18 13:27:40 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Mar 18 13:27:40 2017 TLS Error: TLS handshake failed
Sat Mar 18 13:27:40 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Mar 18 13:27:40 2017 MANAGEMENT: >STATE:1489840060,RECONNECTING,tls-error,,,,,
Sat Mar 18 13:27:40 2017 Restart pause, 5 second(s)
Sat Mar 18 13:27:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:27:45 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Mar 18 13:27:45 2017 UDP link local: (not bound)
Sat Mar 18 13:27:45 2017 UDP link remote: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:27:45 2017 MANAGEMENT: >STATE:1489840065,WAIT,,,,,,
Sat Mar 18 13:28:17 2017 SIGTERM[hard,] received, process exiting
Sat Mar 18 13:28:17 2017 MANAGEMENT: >STATE:1489840097,EXITING,SIGTERM,,,,,

Even when I am already connected to network and I am trying the vpn, I get the same error:

Code: Select all

Sat Mar 18 13:22:15 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Sat Mar 18 13:22:15 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Mar 18 13:22:15 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Enter Management Password:
Sat Mar 18 13:22:15 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Mar 18 13:22:15 2017 Need hold release from management interface, waiting...
Sat Mar 18 13:22:16 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Mar 18 13:22:16 2017 MANAGEMENT: CMD 'state on'
Sat Mar 18 13:22:16 2017 MANAGEMENT: CMD 'log all on'
Sat Mar 18 13:22:16 2017 MANAGEMENT: CMD 'hold off'
Sat Mar 18 13:22:16 2017 MANAGEMENT: CMD 'hold release'
Sat Mar 18 13:22:16 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 18 13:22:16 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 18 13:22:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:22:16 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Mar 18 13:22:16 2017 UDP link local: (not bound)
Sat Mar 18 13:22:16 2017 UDP link remote: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:22:16 2017 MANAGEMENT: >STATE:1489839736,WAIT,,,,,,
Sat Mar 18 13:23:16 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Mar 18 13:23:16 2017 TLS Error: TLS handshake failed
Sat Mar 18 13:23:16 2017 SIGUSR1[soft,tls-error] received, process restarting
Sat Mar 18 13:23:16 2017 MANAGEMENT: >STATE:1489839796,RECONNECTING,tls-error,,,,,
Sat Mar 18 13:23:16 2017 Restart pause, 5 second(s)
Sat Mar 18 13:23:21 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:23:21 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Mar 18 13:23:21 2017 UDP link local: (not bound)
Sat Mar 18 13:23:21 2017 UDP link remote: [AF_INET]192.168.0.87:1194
Sat Mar 18 13:23:21 2017 MANAGEMENT: >STATE:1489839801,WAIT,,,,,,
Sat Mar 18 13:23:26 2017 SIGTERM[hard,] received, process exiting
Sat Mar 18 13:23:26 2017 MANAGEMENT: >STATE:1489839806,EXITING,SIGTERM,,,,,

although, in this case, router see the device in the connected list.

[ispyisail]

Have you opened the correct ports?

[ispyisail]

Need a network diagram

What client are you using?

From the public IP address on the server side you need to open / direct ports to the gargoyle router/VPN server

in your case 1194

[Beaker]

Hi,

Thanks for reply. Diagram is simple:

ISP->Connect BOX -> Router
I have put the Connect Box in Modem/Bridge mode, so it should allow all traffic go through. Now the router has a public IP assigned, but it didn't helped.

I have also generated a new keys/client files. Still can't connect.

[ispyisail]

I have also generated a new keys/client files. Still can't connect.

Gargoyle does this?

What client are you using?

[ispyisail]

At some point you will also need to do a fail safe reset.

Sometimes the config gets corrupt and thats the only way to fix it

[Beaker]

Gargoyle does this?

What client are you using?

Yes:

I don't understand, what do you mean by "client".
OpenVPN version on router? Or installed in my laptop?

At some point you will also need to do a fail safe reset.

Sometimes the config gets corrupt and thats the only way to fix it

Ok, what exactly this "fail safe reset" do? Will all the settings go back to the default sets?

[ispyisail]

When I say "Client"

To connect to the server what are you using?

https://openvpn.net/index.php/open-sour ... loads.html

or

another gargoyle router

or

something else

[ispyisail]

Ok, what exactly this "fail safe reset" do? Will all the settings go back to the default sets?

yes, you loose everything

Just re-flash your router if you don't know how to do a failsafe reset

[Beaker]

When I say "Client"

To connect to the server what are you using?

https://openvpn.net/index.php/open-sour ... loads.html

or

another gargoyle router

or

something else

I am using TP-Link TL-WR1043N/ND v2 ith the Gargoyle v1.9.1, that was downloaded from this webpage.
Plugin plugin-gargoyle-openvpn v1.9.1-1 was pre-installed.

The OpenVPN software on my laptop was downloaded from the link you gave above. The same exact version.

yes, you loose everything

Just re-flash your router if you don't know how to do a failsafe reset

After all I went through, to make it work the way I want; flashing, making extroot, installing adblock, creating white lists, adding all MS spying servers and few others to blacklist, making a backup, etc. starting from scratch doesn't sound good...