April 6th OpenVPN Maintenance

Advanced feature discussion, beta programs and unsupported "Labs" features.
6 posts Page 1 of 1
by wkeller » Sat Apr 07, 2018 9:42 am
After the OpenVPN Maintenance last night (https://sonicstatus.com/2018/04/06/open ... tenance-2/), the OpenVPN client on my dd-wrt router that had been working flawlessly stopped connecting.

In hopes of reducing the amount of time spent figuring out what is wrong, I as hoping that you should share more specifics on what the maintenance involved.

Thank you.
by guarino » Sat Apr 07, 2018 12:12 pm
Sorry to hear that! The only change was increasing the amount of memory available to the host, which just required I shut it down long enough to allocate the memory. No settings or package changes. The original post I made containing the specifics was made on another thread:

viewtopic.php?f=10&t=5862&start=20#p37034

You may want to look through that thread a bit, as after looking through the logs it seems your client may only support TLS 1.0. It appears to have been failing since around 4pm yesterday, so before the maintenance. The tldr of that thread would be that you'll want to look into a newer openvpn client for your router (firmware upgrade hopefully), or point it at beta.vpn.sonic.net for now which currently still has TLS 1.0 support as a workaround.
Justin Guarino
Sonic System Operations
by wkeller » Sat Apr 07, 2018 6:54 pm
Thank you for this information guarino. It sounds like the timing of my issues and the update may just be coincidence. I'll have to crank up the debug level and see if the anything bore useful then "TLS Error: TLS handshake failed" shows up.
by wkeller » Sat Apr 07, 2018 7:24 pm
Issue appears resolved.

I forced TLS 1.2 by adding the flowing to my config:

Code: Select all

tls-version-min 1.2


I'm not sure why it is necessary to force this, but it is working. Thank you for pointing me in the right direction.
by daveszy » Fri Apr 13, 2018 12:36 pm
I couldn't get VPN to work through Tunnelblick so I used the macOS OpenVPN Connect Client instead. I had to dig around to find the download for that application but it turned up here https://docs.openvpn.net/connecting/connecting-to-access-server-with-macos/ It seems streamlined and simple. Any reason not to use this version?
by guarino » Sun Apr 15, 2018 12:17 pm
daveszy wrote:
I couldn't get VPN to work through Tunnelblick so I used the macOS OpenVPN Connect Client instead. I had to dig around to find the download for that application but it turned up here https://docs.openvpn.net/connecting/connecting-to-access-server-with-macos/ It seems streamlined and simple. Any reason not to use this version?


Not that I know of, it's the version I'd recommend. Version 2.5.0.120 (note the .120) in particular as their support has mentioned it contains a bug fix related to issues with the client losing its connection after ~6 hours.
Justin Guarino
Sonic System Operations
6 posts Page 1 of 1

Who is online

In total there are 3 users online :: 0 registered, 0 hidden and 3 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 3 guests