[Scion] Unable to connect to OpenVPN server

Siddharth Mehrotra the4daspect at gmail.com
Fri Sep 6 11:44:54 CEST 2019


Hi Juan,

It worked in Ubuntu with other ISD. However, I am still wondering why I am
unable to connect using OPENVPN client in windows.

This is the log created:

Fri Sep 06 11:37:49 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)]
[LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Fri Sep 06 11:37:49 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Sep 06 11:37:49 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO
2.10
Enter Management Password:
Fri Sep 06 11:37:49 2019 MANAGEMENT: TCP Socket listening on [AF_INET]
127.0.0.1:25340
Fri Sep 06 11:37:49 2019 Need hold release from management interface,
waiting...
Fri Sep 06 11:37:49 2019 MANAGEMENT: Client connected from [AF_INET]
127.0.0.1:25340
Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'state on'
Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'log all on'
Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'echo all on'
Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'bytecount 5'
Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'hold off'
Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'hold release'
Fri Sep 06 11:37:49 2019 WARNING: No server certificate verification method
has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Sep 06 11:37:49 2019 TCP/UDP: Preserving recently used remote address:
[AF_INET]192.33.93.195:1194
Fri Sep 06 11:37:49 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Sep 06 11:37:49 2019 UDP link local: (not bound)
Fri Sep 06 11:37:49 2019 UDP link remote: [AF_INET]192.33.93.195:1194
Fri Sep 06 11:37:49 2019 MANAGEMENT: >STATE:1567762669,WAIT,,,,,,

It keeps waiting on last mentioned step. Is there any way to perform
tutorial mentioned at
https://netsec-ethz.github.io/scion-tutorials/general_scion_configuration/vpn_setup/
with
Windows OS ? Open VPN requires .ovpn file extension.

Best Regards,
Siddharth

On Fri, Aug 30, 2019 at 3:12 PM Juan A. García-Pardo <juagargi at gmail.com>
wrote:

> Hi Siddharth,
> I just found the problem. Go to the Coordinator and attach your user AS to
> another point other than ISD18 (WISC). There is a problem with that
> attachment point for some time now, so don't use it.
> Thanks and regards,
>
> Juan A.
>
>
> On Fri, Aug 30, 2019 at 2:50 PM Siddharth Mehrotra <the4daspect at gmail.com>
> wrote:
>
>> HI Juan,
>>
>> I tried with standalone Ubuntu 16.04 machine now and it reports following
>> same error:
>>
>> Aug 30 14:41:21 siddharth-ThinkPad-T480 anacron[965]: Job `cron.daily'
>> terminated (mailing output)
>> Aug 30 14:41:21 siddharth-ThinkPad-T480 anacron[965]: anacron: Can't
>> find sendmail at /usr/sbin/sendmail, not mailing output
>> Aug 30 14:41:21 siddharth-ThinkPad-T480 anacron[965]: Can't find
>> sendmail at /usr/sbin/sendmail, not mailing output
>> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
>> TLS key negotiation failed to occur within 60 seconds (check your
>> network connectivity)
>> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
>> TLS handshake failed
>> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]:
>> SIGUSR1[soft,tls-error] received, process restarting
>> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]: Restart
>> pause, 2 second(s)
>> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: WARNING: No
>> server certificate verification method has been enabled.  See
>> http://openvpn.net/howto.html#mitm for more info.
>> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: Socket
>> Buffers: R=[212992->212992] S=[212992->212992]
>> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
>> local: [undef]
>> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
>> remote: [AF_INET]128.105.21.208:1194
>> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
>> TLS key negotiation failed to occur within 60 seconds (check your
>> network connectivity)
>> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
>> TLS handshake failed
>> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]:
>> SIGUSR1[soft,tls-error] received, process restarting
>> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]: Restart
>> pause, 2 second(s)
>> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: WARNING: No
>> server certificate verification method has been enabled.  See
>> http://openvpn.net/howto.html#mitm for more info.
>> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: Socket
>> Buffers: R=[212992->212992] S=[212992->212992]
>> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
>> local: [undef]
>> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
>> remote: [AF_INET]128.105.21.208:1194
>> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
>> TLS key negotiation failed to occur within 60 seconds (check your
>> network connectivity)
>> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
>> TLS handshake failed
>> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]:
>> SIGUSR1[soft,tls-error] received, process restarting
>> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]: Restart
>> pause, 2 second(s)
>> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: WARNING: No
>> server certificate verification method has been enabled.  See
>> http://openvpn.net/howto.html#mitm for more info.
>> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: Socket
>> Buffers: R=[212992->212992] S=[212992->212992]
>> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
>> local: [undef]
>> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
>> remote: [AF_INET]128.105.21.208:1194
>>
>> On performing ip a command inside SCION network, I can see only: *lo,
>> enp0s3 and docker0.*
>>
>> While in local machine I have: *lo, enp0s31f6, wlp3s0 and docker0.*
>>
>> Best,
>> Siddharth
>>
>>
>> On Fri, Aug 30, 2019 at 1:05 PM Juan A. García-Pardo <juagargi at gmail.com>
>> wrote:
>>
>> > Hi Siddharth,
>> > We don't have any experience with OpenVPN for Windows. I would suggest
>> > these two steps to troubleshoot your setup:
>> > - Check with a VM that your user AS runs correctly. Since we have lots
>> of
>> > experience in Ubuntu 16.04, install first a VM like that, or eve better,
>> > install the Vagrant-Virtual Box VM that you see being installed in the
>> > `run.sh` script in your configuration from the Coordinator.
>> > - If the previous step worked, check only the VPN connection. As you
>> were
>> > saying, it will probably fail. Tell us and we will investigate further.
>> > Thanks and best regards,
>> >
>> > Juan A.
>> >
>> >
>> > On Fri, Aug 30, 2019 at 11:36 AM Siddharth Mehrotra <
>> the4daspect at gmail.com>
>> > wrote:
>> >
>> >> Hi all,
>> >>
>> >> I am trying to connect to SCION Lab via VPN.
>> >>
>> >> I am currently using Windows OS and have been able to run SCION
>> >> successfully but can't connect to SCION Lab. I added the config file
>> from
>> >> SCION folder to the OPEN VPN directory however I am unable to connect &
>> >> can't find tun0.
>> >>
>> >> The error report from OPENVPN GUI is as:
>> >>
>> >> Fri Aug 30 09:24:22 2019 TCP/UDP: Preserving recently used remote
>> address:
>> >> [AF_INET]192.33.93.195:1194
>> >> Fri Aug 30 09:24:22 2019 Socket Buffers: R=[65536->65536]
>> S=[65536->65536]
>> >> Fri Aug 30 09:24:22 2019 UDP link local: (not bound)
>> >> Fri Aug 30 09:24:22 2019 UDP link remote: [AF_INET]192.33.93.195:1194
>> >> Fri Aug 30 09:24:22 2019 MANAGEMENT: >STATE:1567149862,WAIT,,,,,,
>> >> Fri Aug 30 09:25:22 2019 TLS Error: TLS key negotiation failed to occur
>> >> within 60 seconds (check your network connectivity)
>> >> Fri Aug 30 09:25:22 2019 TLS Error: TLS handshake failed
>> >> Fri Aug 30 09:25:22 2019 SIGUSR1[soft,tls-error] received, process
>> >> restarting
>> >> Fri Aug 30 09:25:22 2019 MANAGEMENT:
>> >> >STATE:1567149922,RECONNECTING,tls-error,,,,,
>> >> Fri Aug 30 09:25:22 2019 Restart pause, 5 second(s)
>> >>
>> >> Not sure if I am doing something wrong or it's server error.
>> >>
>> >>
>> >>
>> https://drive.google.com/file/d/1Tz8zgPEGBGmJNumdlj0FGUm1s3QH_6-a/view?usp=sharing
>> >> : Log File
>> >>
>> >> Best regards,
>> >> Siddharth
>> >> -----------------------------------------
>> >> Siddharth Mehrotra
>> >> Graduate Student
>> >> Media Computing Group - i10
>> >> RWTH Aachen University, Germany.
>> >> https://hci.rwth-aachen.de/mehrotra
>> >> <
>> >>
>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhci.rwth-aachen.de%2Fmehrotra&data=02%7C01%7Canthie%40microsoft.com%7Cf4f74c79b7e549ccf57408d700518b24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636978222542028359&sdata=ps4RQIMrjansy%2BoTUsEh1PABCkWssk3rGP4dXJASs04%3D&reserved=0
>> >> >
>> >> _______________________________________________
>> >> Scion mailing list
>> >> Scion at lists.inf.ethz.ch
>> >> https://lists.inf.ethz.ch/mailman/listinfo/scion
>> >>
>> >
>> _______________________________________________
>> Scion mailing list
>> Scion at lists.inf.ethz.ch
>> https://lists.inf.ethz.ch/mailman/listinfo/scion
>>
>


More information about the Scion mailing list