Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: VPN Connection Problem using OpenVPN
Top Forums UNIX for Beginners Questions & Answers VPN Connection Problem using OpenVPN Post 303044672 by tuxlover2020 on Saturday 29th of February 2020 09:02:30 PM
Old 02-29-2020
Thanks for the quick response. The journalctl tool is certainly powerful and useful. I'll have to spend some time learning its tricks. Here is the output:


Code:
[1583026309.3268] audit: op="connection-activate" uuid="1c9e7052-e2b0-48fd-ac99-68515e8ec322" name="gw1.lax2.slickvpn.com" pid=16353 uid=1000 result="success" 
[1583026309.3331] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: Started the VPN service, PID 23944 
[1583026309.3420] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: Saw the service appear; activating connection 
[1583026309.5335] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN plugin: state changed: starting (3) 
[1583026309.5336] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN connection: (ConnectInteractive) reply received 
nm-openvpn[23955]: OpenVPN 2.4.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2019 
nm-openvpn[23955]: library versions: OpenSSL 1.1.1d FIPS  10 Sep 2019, LZO 2.08 
nm-openvpn[23955]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 
nm-openvpn[23955]: TCP/UDP: Preserving recently used remote address: [AF_INET]104.247.220.10:443 
nm-openvpn[23955]: UDP link local: (not bound) 
nm-openvpn[23955]: UDP link remote: [AF_INET]104.247.220.10:443 
nm-openvpn[23955]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay 
fprintd.service: Succeeded. 
SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' 
nm-openvpn[23955]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 
nm-openvpn[23955]: TLS Error: TLS handshake failed 
nm-openvpn[23955]: SIGUSR1[soft,tls-error] received, process restarting 
NetworkManager[14889]: <warn>  [1583026369.8374] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN connection: connect timeout exceeded. 
nm-openvpn-serv[23944]: Connect timer expired, disconnecting. 
nm-openvpn[23955]: SIGTERM[hard,init_instance] received, process exiting 
NetworkManager[14889]: <warn>  [1583026369.8418] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN plugin: failed: connect-failed (1) 
NetworkManager[14889]: <info>  [1583026369.8420] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN plugin: state changed: stopping (5) 
NetworkManager[14889]: <info>  [1583026369.8421] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN plugin: state changed: stopped (6) 
NetworkManager[14889]: <info>  [1583026369.8466] vpn-connection[0x563d0a97a130,1c9e7052-e2b0-48fd-ac99-68515e8ec322,"gw1.lax2.slickvpn.com",0]: VPN service disappeared


I can see it is timing out but can't see why this is happening all of a sudden.
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Testing VPN Connection

Hi All: I need a script that can be timed to run every half hour to an hour to run a traceroute through a VPN to test that a connection is still up from a Win XP system. Which would be the best, C++ or Perl and what are some good resources to look at. (If anyone has a script to do this... (1 Reply)
Discussion started by: maxhewitt
1 Replies

2. Linux

vpn problem

Trying to connect to my companies VPN with vpnc but I keep getting an error that the target failed to respond. I run wireshark and see that my host sends out a few ISAKMP packets but gets no response and gives up. Any ideas what can cause this to happen? Is there someway that UDP traffic could... (0 Replies)
Discussion started by: osulinux
0 Replies

3. IP Networking

VPN Connection

Hello, I have question about VPN connection thats, I have two networks 1-Office Network 2-Home Network both are connected to internet i have in Office network PPTP VPN Server with real or static ip and on the home network all clients working with local ip Now , I need to connect to... (3 Replies)
Discussion started by: LinuxCommandos
3 Replies

4. Solaris

Solaris 10 ftp connection problem (connection refused, connection timed out)

Hi everyone, I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies

5. SCO

Printing to Windows 7 using Samba 2.0.3 via VPN connection to SCO 3.2v5.0.6

I would like to know if anyone has a way to PRINT TO a printer attached to a Windows 7 PC, from SCO, while logged in via a VPN connection. I am able to attach to a Samba share on the SCO server for files while attached to the VPN, so I know my Samba is workling - but my print jobs return: ... (2 Replies)
Discussion started by: tbb999
2 Replies

6. IP Networking

Cisco VPN pcf and OpenVPN

I was given my pcf file to login to work from home and wanted to use OpenVPN instead of the Cisco VPN client software. Can I use this pcf file with OpenVPN? I attempted to use vpnc: http://wiki.centos.org/HowTos/vpnc but it just times out ?? (2 Replies)
Discussion started by: metallica1973
2 Replies

7. IP Networking

Cisco VPN server and client - connection drop

I have a Cisco 1841 router configured as Easy VPN Server. Here is the configuration of the router: Cisco# Cisco#show running-config Building configuration... Current configura - Pastebin.com I have a Centos 5.7 server with installed Cisco VPN client for Linux. The client successfully... (0 Replies)
Discussion started by: rcbandit
0 Replies

8. Cybersecurity

VPN Initial Connection Problem

Hey everyone. I have a problem, but it may be my lack of understanding that is the cause. Ok so I attend a technical school, and needless to say there's a lot of wannabe hackers, pranksters and what not. So from my laptop I'd like to connect to the wireless AP's around campus, but security is a... (1 Reply)
Discussion started by: Lost in Cyberia
1 Replies

9. IP Networking

Internet connection single interface through vpn

Hi. Can you please help me with a routing problem? There are 2 networks: 192.168.10.0/24 (eth0) 192.168.11.0/24 (eth0:1) The default gateway is 192.168.10.1 iPv4 routing is already enabled and working. With vpnc I've built up an VPN connection and can access my home network... (0 Replies)
Discussion started by: tschmi
0 Replies

LEARN ABOUT DEBIAN

tincd

TINCD(8)						    BSD System Manager's Manual 						  TINCD(8)

NAME

     tincd -- tinc VPN daemon

SYNOPSIS

     tincd [-cdDkKnoLRU] [--config=DIR] [--no-detach] [--debug[=LEVEL]] [--kill[=SIGNAL]] [--net=NETNAME] [--generate-keys[=BITS]]
	   [--option=[HOST.]KEY=VALUE] [--mlock] [--logfile[=FILE]] [--pidfile=FILE] [--bypass-security] [--chroot] [--user=USER] [--help]
	   [--version]

DESCRIPTION

     This is the daemon of tinc, a secure virtual private network (VPN) project.  When started, tincd will read it's configuration file to deter-
     mine what virtual subnets it has to serve and to what other tinc daemons it should connect.  It will connect to the ethertap or tun/tap
     device and set up a socket for incoming connections.  Optionally a script will be executed to further configure the virtual device.  If that
     succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc
     daemons that are part of the virtual private network.  Under Windows (not Cygwin) tinc will install itself as a service, which will be
     restarted automatically after reboots.

OPTIONS

     -c, --config=DIR
	     Read configuration files from DIR instead of /etc/tinc/.

     -D, --no-detach
	     Don't fork and detach.  This will also disable the automatic restart mechanism for fatal errors.  If not mentioned otherwise, this
	     will show log messages on the standard error output.

     -d, --debug[=LEVEL]
	     Increase debug level or set it to LEVEL (see below).

     -k, --kill[=SIGNAL]
	     Attempt to kill a running tincd (optionally with the specified SIGNAL instead of SIGTERM) and exit.  Under Windows (not Cygwin) the
	     optional argument is ignored, the service will always be stopped and removed.

     -n, --net=NETNAME
	     Connect to net NETNAME.  This will let tinc read all configuration files from /etc/tinc/ NETNAME.	Specifying .  for NETNAME is the
	     same as not specifying any NETNAME.

     -K, --generate-keys[=BITS]
	     Generate public/private RSA keypair and exit.  If BITS is omitted, the default length will be 2048 bits.  When saving keys to exist-
	     ing files, tinc will not delete the old keys, you have to remove them manually.

     -o, --option=[HOST.]KEY=VALUE
	     Without specifying a HOST, this will set server configuration variable KEY to VALUE.  If specified as HOST.KEY=VALUE, this will set
	     the host configuration variable KEY of the host named HOST to VALUE.  This option can be used more than once to specify multiple con-
	     figuration variables.

     -L, --mlock
	     Lock tinc into main memory.  This will prevent sensitive data like shared private keys to be written to the system swap files/parti-
	     tions.

     --logfile[=FILE]
	     Write log entries to a file instead of to the system logging facility.  If FILE is omitted, the default is /var/log/tinc.NETNAME.log.

     --pidfile=FILE
	     Write PID to FILE instead of /var/run/tinc.NETNAME.pid. Under Windows this option will be ignored.

     --bypass-security
	     Disables encryption and authentication of the meta protocol.  Only useful for debugging.

     -R, --chroot
	     With this option tinc chroots into the directory where network config is located (/etc/tinc/NETNAME if -n option is used, or to the
	     directory specified with -c option) after initialization.

     -U, --user=USER
	     setuid to the specified USER after initialization.

     --help  Display short list of options.

     --version
	     Output version information and exit.

SIGNALS

     ALRM    Forces tincd to try to connect to all uplinks immediately.  Usually tincd attempts to do this itself, but increases the time it waits
	     between the attempts each time it failed, and if tincd didn't succeed to connect to an uplink the first time after it started, it
	     defaults to the maximum time of 15 minutes.

     HUP     Partially rereads configuration files.  Connections to hosts whose host config file are removed are closed.  New outgoing connections
	     specified in tinc.conf will be made.  If the --logfile option is used, this will also close and reopen the log file, useful when log
	     rotation is used.

     INT     Temporarily increases debug level to 5.  Send this signal again to revert to the original level.

     USR1    Dumps the connection list to syslog.

     USR2    Dumps virtual network device statistics, all known nodes, edges and subnets to syslog.

     WINCH   Purges all information remembered about unreachable nodes.

DEBUG LEVELS

     The tinc daemon can send a lot of messages to the syslog.	The higher the debug level, the more messages it will log.  Each level inherits
     all messages of the previous level:

     0	     This will log a message indicating tincd has started along with a version number.	It will also log any serious error.

     1	     This will log all connections that are made with other tinc daemons.

     2	     This will log status and error messages from scripts and other tinc daemons.

     3	     This will log all requests that are exchanged with other tinc daemons. These include authentication, key exchange and connection list
	     updates.

     4	     This will log a copy of everything received on the meta socket.

     5	     This will log all network traffic over the virtual private network.

FILES

     /etc/tinc/
	     Directory containing the configuration files tinc uses.  For more information, see tinc.conf(5).

     /var/run/tinc.NETNAME.pid
	     The PID of the currently running tincd is stored in this file.

BUGS

     The BindToInterface option may not work correctly.

     The cryptography in tinc is not well tested yet. Use it at your own risk!

     If you find any bugs, report them to tinc@tinc-vpn.org.

TODO

     A lot, especially security auditing.

SEE ALSO

     tinc.conf(5), http://www.tinc-vpn.org/, http://www.cabal.org/.

     The full documentation for tinc is maintained as a Texinfo manual.  If the info and tinc programs are properly installed at your site, the
     command info tinc should give you access to the complete manual.

     tinc comes with ABSOLUTELY NO WARRANTY.  This is free software, and you are welcome to redistribute it under certain conditions; see the file
     COPYING for details.

AUTHORS

     Ivo Timmermans
     Guus Sliepen <guus@tinc-vpn.org>

     And thanks to many others for their contributions to tinc!

								   June 1, 2019
All times are GMT -4. The time now is 11:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy