[Scion] Unable to connect to OpenVPN server

Fri Sep 6 12:38:09 CEST 2019

Hi Siddharth,
Even if you were able to connect to the VPN using a Windows client, the
next step would be to make the SCIONLab AS run in Windows, which is not
supported yet.
In the future we will want to support Windows and the VPN client file will
be one of the things we will need to check.
Thanks and best regards,

Juan A.

On Fri, Sep 6, 2019 at 11:45 AM Siddharth Mehrotra <the4daspect at gmail.com>
wrote:

> Hi Juan,
>
> It worked in Ubuntu with other ISD. However, I am still wondering why I am
> unable to connect using OPENVPN client in windows.
>
> This is the log created:
>
> Fri Sep 06 11:37:49 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)]
> [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
> Fri Sep 06 11:37:49 2019 Windows version 6.2 (Windows 8 or greater) 64bit
> Fri Sep 06 11:37:49 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO
> 2.10
> Enter Management Password:
> Fri Sep 06 11:37:49 2019 MANAGEMENT: TCP Socket listening on [AF_INET]
> 127.0.0.1:25340
> Fri Sep 06 11:37:49 2019 Need hold release from management interface,
> waiting...
> Fri Sep 06 11:37:49 2019 MANAGEMENT: Client connected from [AF_INET]
> 127.0.0.1:25340
> Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'state on'
> Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'log all on'
> Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'echo all on'
> Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'bytecount 5'
> Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'hold off'
> Fri Sep 06 11:37:49 2019 MANAGEMENT: CMD 'hold release'
> Fri Sep 06 11:37:49 2019 WARNING: No server certificate verification method
> has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
> Fri Sep 06 11:37:49 2019 TCP/UDP: Preserving recently used remote address:
> [AF_INET]192.33.93.195:1194
> Fri Sep 06 11:37:49 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
> Fri Sep 06 11:37:49 2019 UDP link local: (not bound)
> Fri Sep 06 11:37:49 2019 UDP link remote: [AF_INET]192.33.93.195:1194
> Fri Sep 06 11:37:49 2019 MANAGEMENT: >STATE:1567762669,WAIT,,,,,,
>
> It keeps waiting on last mentioned step. Is there any way to perform
> tutorial mentioned at
>
> https://netsec-ethz.github.io/scion-tutorials/general_scion_configuration/vpn_setup/
> with
> Windows OS ? Open VPN requires .ovpn file extension.
>
> Best Regards,
> Siddharth
>
> On Fri, Aug 30, 2019 at 3:12 PM Juan A. García-Pardo <juagargi at gmail.com>
> wrote:
>
> > Hi Siddharth,
> > I just found the problem. Go to the Coordinator and attach your user AS
> to
> > another point other than ISD18 (WISC). There is a problem with that
> > attachment point for some time now, so don't use it.
> > Thanks and regards,
> >
> > Juan A.
> >
> >
> > On Fri, Aug 30, 2019 at 2:50 PM Siddharth Mehrotra <
> the4daspect at gmail.com>
> > wrote:
> >
> >> HI Juan,
> >>
> >> I tried with standalone Ubuntu 16.04 machine now and it reports
> following
> >> same error:
> >>
> >> Aug 30 14:41:21 siddharth-ThinkPad-T480 anacron[965]: Job `cron.daily'
> >> terminated (mailing output)
> >> Aug 30 14:41:21 siddharth-ThinkPad-T480 anacron[965]: anacron: Can't
> >> find sendmail at /usr/sbin/sendmail, not mailing output
> >> Aug 30 14:41:21 siddharth-ThinkPad-T480 anacron[965]: Can't find
> >> sendmail at /usr/sbin/sendmail, not mailing output
> >> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
> >> TLS key negotiation failed to occur within 60 seconds (check your
> >> network connectivity)
> >> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
> >> TLS handshake failed
> >> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]:
> >> SIGUSR1[soft,tls-error] received, process restarting
> >> Aug 30 14:41:24 siddharth-ThinkPad-T480 ovpn-client[963]: Restart
> >> pause, 2 second(s)
> >> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: WARNING: No
> >> server certificate verification method has been enabled.  See
> >> http://openvpn.net/howto.html#mitm for more info.
> >> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: Socket
> >> Buffers: R=[212992->212992] S=[212992->212992]
> >> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
> >> local: [undef]
> >> Aug 30 14:41:26 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
> >> remote: [AF_INET]128.105.21.208:1194
> >> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
> >> TLS key negotiation failed to occur within 60 seconds (check your
> >> network connectivity)
> >> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
> >> TLS handshake failed
> >> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]:
> >> SIGUSR1[soft,tls-error] received, process restarting
> >> Aug 30 14:42:27 siddharth-ThinkPad-T480 ovpn-client[963]: Restart
> >> pause, 2 second(s)
> >> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: WARNING: No
> >> server certificate verification method has been enabled.  See
> >> http://openvpn.net/howto.html#mitm for more info.
> >> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: Socket
> >> Buffers: R=[212992->212992] S=[212992->212992]
> >> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
> >> local: [undef]
> >> Aug 30 14:42:29 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
> >> remote: [AF_INET]128.105.21.208:1194
> >> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
> >> TLS key negotiation failed to occur within 60 seconds (check your
> >> network connectivity)
> >> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]: TLS Error:
> >> TLS handshake failed
> >> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]:
> >> SIGUSR1[soft,tls-error] received, process restarting
> >> Aug 30 14:43:29 siddharth-ThinkPad-T480 ovpn-client[963]: Restart
> >> pause, 2 second(s)
> >> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: WARNING: No
> >> server certificate verification method has been enabled.  See
> >> http://openvpn.net/howto.html#mitm for more info.
> >> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: Socket
> >> Buffers: R=[212992->212992] S=[212992->212992]
> >> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
> >> local: [undef]
> >> Aug 30 14:43:31 siddharth-ThinkPad-T480 ovpn-client[963]: UDPv4 link
> >> remote: [AF_INET]128.105.21.208:1194
> >>
> >> On performing ip a command inside SCION network, I can see only: *lo,
> >> enp0s3 and docker0.*
> >>
> >> While in local machine I have: *lo, enp0s31f6, wlp3s0 and docker0.*
> >>
> >> Best,
> >> Siddharth
> >>
> >>
> >> On Fri, Aug 30, 2019 at 1:05 PM Juan A. García-Pardo <
> juagargi at gmail.com>
> >> wrote:
> >>
> >> > Hi Siddharth,
> >> > We don't have any experience with OpenVPN for Windows. I would suggest
> >> > these two steps to troubleshoot your setup:
> >> > - Check with a VM that your user AS runs correctly. Since we have lots
> >> of
> >> > experience in Ubuntu 16.04, install first a VM like that, or eve
> better,
> >> > install the Vagrant-Virtual Box VM that you see being installed in the
> >> > `run.sh` script in your configuration from the Coordinator.
> >> > - If the previous step worked, check only the VPN connection. As you
> >> were
> >> > saying, it will probably fail. Tell us and we will investigate
> further.
> >> > Thanks and best regards,
> >> >
> >> > Juan A.
> >> >
> >> >
> >> > On Fri, Aug 30, 2019 at 11:36 AM Siddharth Mehrotra <
> >> the4daspect at gmail.com>
> >> > wrote:
> >> >
> >> >> Hi all,
> >> >>
> >> >> I am trying to connect to SCION Lab via VPN.
> >> >>
> >> >> I am currently using Windows OS and have been able to run SCION
> >> >> successfully but can't connect to SCION Lab. I added the config file
> >> from
> >> >> SCION folder to the OPEN VPN directory however I am unable to
> connect &
> >> >> can't find tun0.
> >> >>
> >> >> The error report from OPENVPN GUI is as:
> >> >>
> >> >> Fri Aug 30 09:24:22 2019 TCP/UDP: Preserving recently used remote
> >> address:
> >> >> [AF_INET]192.33.93.195:1194
> >> >> Fri Aug 30 09:24:22 2019 Socket Buffers: R=[65536->65536]
> >> S=[65536->65536]
> >> >> Fri Aug 30 09:24:22 2019 UDP link local: (not bound)
> >> >> Fri Aug 30 09:24:22 2019 UDP link remote: [AF_INET]
> 192.33.93.195:1194
> >> >> Fri Aug 30 09:24:22 2019 MANAGEMENT: >STATE:1567149862,WAIT,,,,,,
> >> >> Fri Aug 30 09:25:22 2019 TLS Error: TLS key negotiation failed to
> occur
> >> >> within 60 seconds (check your network connectivity)
> >> >> Fri Aug 30 09:25:22 2019 TLS Error: TLS handshake failed
> >> >> Fri Aug 30 09:25:22 2019 SIGUSR1[soft,tls-error] received, process
> >> >> restarting
> >> >> Fri Aug 30 09:25:22 2019 MANAGEMENT:
> >> >> >STATE:1567149922,RECONNECTING,tls-error,,,,,
> >> >> Fri Aug 30 09:25:22 2019 Restart pause, 5 second(s)
> >> >>
> >> >> Not sure if I am doing something wrong or it's server error.
> >> >>
> >> >>
> >> >>
> >>
> https://drive.google.com/file/d/1Tz8zgPEGBGmJNumdlj0FGUm1s3QH_6-a/view?usp=sharing
> >> >> : Log File
> >> >>
> >> >> Best regards,
> >> >> Siddharth
> >> >> -----------------------------------------
> >> >> Siddharth Mehrotra
> >> >> Graduate Student
> >> >> Media Computing Group - i10
> >> >> RWTH Aachen University, Germany.
> >> >> https://hci.rwth-aachen.de/mehrotra
> >> >> <
> >> >>
> >>
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhci.rwth-aachen.de%2Fmehrotra&data=02%7C01%7Canthie%40microsoft.com%7Cf4f74c79b7e549ccf57408d700518b24%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636978222542028359&sdata=ps4RQIMrjansy%2BoTUsEh1PABCkWssk3rGP4dXJASs04%3D&reserved=0
> >> >> >
> >> >> _______________________________________________
> >> >> Scion mailing list
> >> >> Scion at lists.inf.ethz.ch
> >> >> https://lists.inf.ethz.ch/mailman/listinfo/scion
> >> >>
> >> >
> >> _______________________________________________
> >> Scion mailing list
> >> Scion at lists.inf.ethz.ch
> >> https://lists.inf.ethz.ch/mailman/listinfo/scion
> >>
> >
> _______________________________________________
> Scion mailing list
> Scion at lists.inf.ethz.ch
> https://lists.inf.ethz.ch/mailman/listinfo/scion
>