Open VPN stuck at "waiting for server reply"

R

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
I managed to get OpenVPN server to work at one point and got the client setup on both my work XP Laptop and Android phone. Both have worked flawlessly. On my phone, at random, it stopped working all the time. One day it will work, the other day it wont. It will just get stuck at "waiting for server reply". I know it's not firewall as I have the port wide open with no IP based filtering.

Any reason this would happen? Is there any way I can troubleshoot this? The laptop is actually connected and working fine right now so I know it's not the server.


On the phone I get (have to type so not word per word)


TLS Error: TLS failed to occur within 60 seconds
TLS handshake failed
Click to expand...


I'm at work now and have no way of getting a screenshot off my phone so I can post a screenshot if it helps. When I'm home I also wont be able to troubleshoot because I'll be on my own network...
 
Last edited:
If you're using your phone why not disable WiFi and connect through your cellular data connection? That's an excellent way to troubleshoot whether or not its the local network you're on.
 
Bummer. If it was me I'd get a tcpdump from the OpenVPN server to see if it's even getting any traffic.
 
Just checked the server, it looks like it's getting similar errors.


Sat Dec 21 12:39:05 2013 us=647616 MULTI: multi_create_instance called
Sat Dec 21 12:39:05 2013 us=649552 *.*.*.*:42734 Re-using SSL/TLS context
Sat Dec 21 12:39:05 2013 us=650089 *.*.*.*:42734 LZO compression initialized
Sat Dec 21 12:39:05 2013 us=650512 *.*.*.*:42734 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Dec 21 12:39:05 2013 us=651192 *.*.*.*:42734 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Dec 21 12:39:05 2013 us=651510 *.*.*.*:42734 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Dec 21 12:39:05 2013 us=652097 *.*.*.*:42734 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Dec 21 12:39:05 2013 us=652417 *.*.*.*:42734 Local Options hash (VER=V4): '530fdded'
Sat Dec 21 12:39:05 2013 us=653029 *.*.*.*:42734 Expected Remote Options hash (VER=V4): '41690919'
Sat Dec 21 12:39:05 2013 us=653365 *.*.*.*:42734 TLS: Initial packet from *.*.*.*:42734, sid=68da768c accedc55
Sat Dec 21 12:40:05 2013 us=348905 *.*.*.*:42734 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Dec 21 12:40:05 2013 us=349394 *.*.*.*:42734 TLS Error: TLS handshake failed
Sat Dec 21 12:40:05 2013 us=349550 *.*.*.*:42734 SIGUSR1[soft,tls-error] received, client-instance restarting
Sat Dec 21 12:40:07 2013 us=52994 MULTI: multi_create_instance called
Sat Dec 21 12:40:07 2013 us=53240 *.*.*.*:51002 Re-using SSL/TLS context
Sat Dec 21 12:40:07 2013 us=53278 *.*.*.*:51002 LZO compression initialized
Sat Dec 21 12:40:07 2013 us=53339 *.*.*.*:51002 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Dec 21 12:40:07 2013 us=53353 *.*.*.*:51002 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Dec 21 12:40:07 2013 us=53408 *.*.*.*:51002 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Dec 21 12:40:07 2013 us=53420 *.*.*.*:51002 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Dec 21 12:40:07 2013 us=53436 *.*.*.*:51002 Local Options hash (VER=V4): '530fdded'
Sat Dec 21 12:40:07 2013 us=53450 *.*.*.*:51002 Expected Remote Options hash (VER=V4): '41690919'
Sat Dec 21 12:40:07 2013 us=53501 *.*.*.*:51002 TLS: Initial packet from *.*.*.*:51002, sid=a0597993 a4d6e10b
Click to expand...


(If any of this info can reveel anything private plz let me know, I don't know what half that stuff means)




I guess I should try the basics. Going to reboot my phone...
 
Yeah reboot did not do it. Also I'm starting to think the issue is more with the phone and not openvpn. I think that last android update really screwed it. It took about 3 minutes just to load google. I rarely browse the web on the phone so never really noticed till now. The local stuff on my LAN is fine though.
 
11940, but I'm starting to think it was my phone. Any web page I tried to visit would not load. It just sat forever. Though when I tested from my parent's house I could load web pages but the VPN would act the same way. Oddly at home it works semi fine, though I'm not in a position to test VPN as it wont work internally. I guess I could change the config IP to the firewall's external IP and connect to my ISP provided wireless and test that way... going to try that now.

Edit: ok so that did not work, but I'm getting different errors. Think it somehow still sees that I'm coming in from the inside and does not like that. I work Monday so I'll test again. I just applied another update to my phone.
 
Last edited:
Yeah not working, but I'm starting to think this is an issue with my phone in general and not openvpn. I'll have to do some more general testing and troubleshoot from there.
 
Are you using a pre-shared key in order to setup your tunnel? If so, make sure that the key matches on both ends. I had a similar issue and it ended up being that I did not copy the PSK properly.
 
Oh it works at times, it's just that now it stopped working, but occasionally does work. I first discovered at my parent's house it would not work. Then I went to work, and it worked, but now it does not work there either anymore. But when I was trying to load a web page it was taking bloody ages and nothing was happening, so definitely something screwy since the last android update. The internet seems to work on it now that I'm home but kinda hard to test VPN from inside. Though not sure why it was not working when I connected to the ISP provided equipment, which is outside of the NAT though it may be pfsense not liking traffic from an 192.168 range on the outside interface. I go back to work tomorrow so I will test again. That's about the only thing I miss from my DSL, is I could pull as many IPs as I wanted so I would just do that to test stuff like this.
 
Do you have any other devices that can run OpenVPN? It would be useful to test with another client just for comparison purposes.
 
Yeah laptop was working fine but not the phone. But now the phone works (I'm at work now)... so yeah this is weird. I don't think it was actually Openvpn though, the phone was in general acting really strange and I realized after.
 
You must log in or register to reply here.
Back
Top