Sonic.net

After the OpenVPN Maintenance last night (https://sonicstatus.com/2018/04/06/open ... tenance-2/), the OpenVPN client on my dd-wrt router that had been working flawlessly stopped connecting.

In hopes of reducing the amount of time spent figuring out what is wrong, I as hoping that you should share more specifics on what the maintenance involved.

Thank you.

Sorry to hear that! The only change was increasing the amount of memory available to the host, which just required I shut it down long enough to allocate the memory. No settings or package changes. The original post I made containing the specifics was made on another thread:

viewtopic.php?f=10&t=5862&start=20#p37034

You may want to look through that thread a bit, as after looking through the logs it seems your client may only support TLS 1.0. It appears to have been failing since around 4pm yesterday, so before the maintenance. The tldr of that thread would be that you'll want to look into a newer openvpn client for your router (firmware upgrade hopefully), or point it at beta.vpn.sonic.net for now which currently still has TLS 1.0 support as a workaround.

Thank you for this information guarino. It sounds like the timing of my issues and the update may just be coincidence. I'll have to crank up the debug level and see if the anything bore useful then "TLS Error: TLS handshake failed" shows up.

Issue appears resolved.

I forced TLS 1.2 by adding the flowing to my config: I'm not sure why it is necessary to force this, but it is working. Thank you for pointing me in the right direction.

I couldn't get VPN to work through Tunnelblick so I used the macOS OpenVPN Connect Client instead. I had to dig around to find the download for that application but it turned up here https://docs.openvpn.net/connecting/con ... ith-macos/ It seems streamlined and simple. Any reason not to use this version?

daveszy wrote:I couldn't get VPN to work through Tunnelblick so I used the macOS OpenVPN Connect Client instead. I had to dig around to find the download for that application but it turned up here https://docs.openvpn.net/connecting/con ... ith-macos/ It seems streamlined and simple. Any reason not to use this version?

Not that I know of, it's the version I'd recommend. Version 2.5.0.120 (note the .120) in particular as their support has mentioned it contains a bug fix related to issues with the client losing its connection after ~6 hours.