I am using IPFIRE. I actually had already a running OPENVPN system, but i wanted to upgrade from 2048 to 4096 bit encryption (Root certificate). And now nothing is working at all
I made an new ROOT certificate Using 4096 bit. As Host i wrote in the Certificate XX.dd-dns.de, same as in the global settings. My OpenVPN ip range is set to 10.162.79.0/255.255.255.0
In RoadWarrior i took the option redirect Gateway. And i fixed a static IP like 10.162.79.17/30.
I activatetd TLS in global settings. I am using SHA512 and AES CBC 256bit.
On my mobile OPENVPN app i installed the certificate, installed the ta KEY fpr TLS and did not change the rest, cause i was running before properly.
but if i rty to connect the log is showing the fllowing problems:
"TLS-Error: TLS handshake failed.
TLS ERROR: BIO read tls-read_plaintext error
SIGUSR! soft, tls-error]: received, process restarting
UDP link local: (not bound)
VERIFY ERROR: depth 1 error=self signed certificate in certificatechain: C:DE,0=ku, CN= CA
OpenSSL: error 1416F086:SSL
routines: tls_process_server_certificate :certificate verify failed
Do you have any idea how i can fix it? i’m driving crazy
puh, i kind of managed it. The problem was my password. it was accepted, but not wporking (to long/complicated).
i get connected now. But still have some issues.
Thank you for the Advice wit AES encrcyption. I did change it to AES-256-GCM…But…
it is only working with my mobile, if i set OpenVPN (Android Lineage) to AES-256-CBC (Ipfire is set to gcm). If i change the mobile to AES-256-GCM there is smetime an encyrption error, saying there isthe following:
WARNING: "cipher is used inconsistently local cipher = AES-256-GCM, remote cipher AES-25--CBC
AEAD Decryt error: cipher final failed
What is kind of weiered, because i set as i said before ipfire to GBC.
I am using for WLAN the ip Range : 192.168.150.1/24 for OpenVpn 10.162.79.0/24.
But if i set the Roadwarrior to the dynamic- or even static range of 10.162.79.0/24. i get connected to the firewall, but do not get into the internet. I am using the IPFIRE system not in a blocked way, so it should actually work? I even made a rule that allows OPENVPN to get acces to all the other networks (Green, Red, Blue) but it dosen’t make a difference.
The only thing that is working is to set up another static ip range 192.168.34.0/24. if i am using that one, it is working. But for my music- server i need a different ip range as the actually used 0.162.79.0/24 to control the bitrate.
Ah sorry, answering your question before… I was talking about the log on OPENVPN on the Androidclient (From F-Droidstore)
Do you have any idea how to fix it?
the password issue sounds like you bumped into bug #11725.
both OpenVPN server and client have to use the same cipher. Since AES-GCM has different initialisation
vectors (IV), perhaps the Android app is using a different one than you IPFire machine. I have no idea
what is going on here, have you tried googling the error message?
have you looked at the firewall logs? Is the “redirect gateway” option set?
Please mind your spelling, it is hard to understand your posts.
i managed it somehow to fix these problems. I am connected without any Problems (according to OpenVPN Android log). I actually had internet connection at the beginning. By now, i am still connected to the network, but the internet is not working. It is annoying, i did not change anything.
If i am trying to connect via VPN in Linux mint, it is just not connecting at all.
i made some pictures, perhaps the problem is obvious?
i managed it somehow to fix these problems. I am connected without any Problems (according to
OpenVPN Android log). I actually had internet connection at the beginning. By now, i am still
connected to the network, but the internet is not working. It is annoying, i did not change anything.
What do you mean by “internet is not working”? Do you get timeouts? Does a ping or mtr work?
If i am trying to connect via VPN in Linux mint, it is just not connecting at all.
By “internet is not working” i meant that i do not get accsess to any website. Which IP shpuld i ping? Mtr i don’t know, to be honest.
well, any IP which is normally responding to pings would be sufficient. People often use 8.8.8.8, 1.1.1.1 or heise.de; IPFire also has a ping service which is called ping.ipfire.org.
mtr combines the outputs of ping and traceroute and is especially useful for routing
debugging or gathering insights about the connection characteristics. It is available via
Pakfire, and I can only recommend it.
How do i open the log from linux mint? There is no error or anything i can see. It just stops trying to connect within a second.
Good morning all,
you can also start the connection with the terminal via sudo openvpn --config CONNECTIONNAME-To-IPFire.ovpn
to get in there a full log.
In here --> Changed my home OS & need to make OpenVPN work again you can also found some additional informations according OpenVPN and Ubuntu whereby i tested it with an Linux Mint 19.3 on the other side. May you can get there also some informations.