OpenVPN Service

Advanced feature discussion, beta programs and unsupported "Labs" features.
115 posts Page 12 of 12
by ankh » Thu Aug 23, 2018 8:35 am
I downloaded and installed a fresh copy of the Mac client and now get connected to the VPN properly. Appears to be the same version as before but hey, it works.
Did that per suggestion from Support after I asked them again.


I still see just three 'wait' spinners with either Firefox or Safari if I click the "Connect" button on the page https://ovpn.sonic.net/?src=connect
by timyu94 » Mon Oct 29, 2018 6:13 pm
I've been using OVPN for a whole home VPN connection via a PFSense server and upgraded to 75 mbps IPBB a bit over a month ago. For the 45 mbps IPBB service the connection to Sonics OVPN server was pretty much maxed out at all times at line speed. With the upgrade to IPBB75 it seems the connection maxes out around 50-60 mbps hardwired whereas with it off the connection is 75-80 mbps.

I was wondering if this is a limitation on Sonics VPN side which may be optimized for the previous top FTTN tier of 50 mbps. If so is there any possibility that the connection can be enhanced so that a VPN connected to it can run at line speed on the new IPBB 75 tier.

For reference my PFSense build is on a chinese qotom mini pc running AES-NI enabled Intel i3-5015u with 2gb ram. Should be enough for 300-400 mbps of OVPN thoroughput.
by nhcuccia » Wed Dec 05, 2018 2:42 pm
I'm currently running the OpenVPN client on an Asus RT-AC3100 wifi router, running the most recent Asus firmware version (not ASUSWRT-Merlin). When I tried using the client.ovpn from ovpn.sonic.net (using 'username' and not 'username@sonic.net' as my login), the logs on my wifi router indicated that the TLS handshake was failing. After that, I obtained a client.ovpn from the beta.vpn.sonic.net using the same credentials; with this file, the connection was successful, and I'm currently happy.

My main question: What are the differences between the two services that may result in the issues that the behavior that I've observed? I've seen discussion of username vs. username@sonic.net and TLSv1.0 vs. TLSv1.2, but was wondering whether or not there were other differences that might result in such behavior.
by mike.ely » Wed Dec 05, 2018 3:15 pm
nhcuccia wrote:
What are the differences between the two services that may result in the issues that the behavior that I've observed? I've seen discussion of username vs. username@sonic.net and TLSv1.0 vs. TLSv1.2, but was wondering whether or not there were other differences that might result in such behavior.

The symptoms you are seeing combined with the fact that you are successful logging in to beta.vpn suggests that your router is only supporting TLS1.0. The fact that I see the following in the logs from your IP confirms it:

Code: Select all

OpenSSL: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'

At this point your solutions would be, in no particular order:
  • Convince Asus to update their firmware.
  • Update your router to a third-party firmware that does support TLS 1.2
  • Use beta.vpn which means you'll have to tolerate things going 'bump' unpredictably (it is "beta" after all) not to mention living with the knowledge you are using a TLS version that's badly broken - check your favourite search engine for "tls 1.0 vulnerabilities" if you want more information
I'm a little surprised that Asus continues to ship such an out of date VPN client, especially on their higher-end routers. But unfortunately that is exactly what appears to be the case here.
Sonic Operations
by nhcuccia » Wed Dec 05, 2018 4:07 pm
Thanks. I can live with Beta. Will see what I can find over at Asus. Along those lines, when I was using Asuswrt-Merlin (the third-party firmware for this device), I had no problem with using prod. I only encountered issues when I reverted back to the Asus-supplied firmware in order to take advantage of other functionality not in Merlin.
115 posts Page 12 of 12

Who is online

In total there are 2 users online :: 0 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: No registered users and 2 guests