Notebook

これは日々の作業を通して学んだことや毎日の生活で気づいたことをを記録しておく備忘録である。

HTML ファイル生成日時: 2024/12/21 11:44:57.596 (台灣標準時)

OpenVPN の問題 (2023 年 07 月中旬)

OpenVPN を使ってみたら、以下のようなメッセージが表示されて、 vpngate.net の VPN サーバーに接続できなかったでござる。


# # /usr/pkg/sbin/openvpn --data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC --config vpngate_vpn148949900.opengw.net_tcp_1613.ovpn
2023-07-11 17:24:52 OpenVPN 2.6.5 x86_64--netbsd [SSL (OpenSSL)] [LZO] [LZ4] [MH/PKTINFO] [AEAD]
2023-07-11 17:24:52 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2023-07-11 17:24:52 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-07-11 17:24:52 TCP/UDP: Preserving recently used remote address: [AF_INET]153.167.126.44:1613
2023-07-11 17:24:52 Socket Buffers: R=[32768->32768] S=[32768->32768]
2023-07-11 17:24:52 Attempting to establish TCP connection with [AF_INET]153.167.126.44:1613
2023-07-11 17:24:52 TCP connection established with [AF_INET]153.167.126.44:1613
2023-07-11 17:24:52 TCPv4_CLIENT link local: (not bound)
2023-07-11 17:24:52 TCPv4_CLIENT link remote: [AF_INET]153.167.126.44:1613
2023-07-11 17:24:52 TLS: Initial packet from [AF_INET]153.167.126.44:1613, sid=7dec3829 b71b4311
2023-07-11 17:24:53 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-07-11 17:24:53 OpenSSL: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
2023-07-11 17:24:53 TLS_ERROR: BIO read tls_read_plaintext error
2023-07-11 17:24:53 TLS Error: TLS object -> incoming plaintext read error
2023-07-11 17:24:53 TLS Error: TLS handshake failed
2023-07-11 17:24:53 Fatal TLS error (check_tls_errors_co), restarting
2023-07-11 17:24:53 SIGUSR1[soft,tls-error] received, process restarting
2023-07-11 17:24:53 Restart pause, 1 second(s)

メッセージを読むと、サーバーとクライアントの両方で使える共通の TLS protocol がないことが問題のようでござる。クライアント側でどの TLS protocol を使うかは、 --tls-version-min と --tls-version-max の二つの オプションで決められるようでござる。 --tls-version-min 1.0 オプション を加えてみるように言われているので、試してみるでござる。


# /usr/pkg/sbin/openvpn --tls-version-min 1.0 --data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC --config vpngate_vpn148949900.opengw.net_tcp_1613.ovpn
2023-07-11 17:25:32 OpenVPN 2.6.5 x86_64--netbsd [SSL (OpenSSL)] [LZO] [LZ4] [MH/PKTINFO] [AEAD]
2023-07-11 17:25:32 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2023-07-11 17:25:32 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-07-11 17:25:32 TCP/UDP: Preserving recently used remote address: [AF_INET]153.167.126.44:1613
2023-07-11 17:25:32 Socket Buffers: R=[32768->32768] S=[32768->32768]
2023-07-11 17:25:32 Attempting to establish TCP connection with [AF_INET]153.167.126.44:1613
2023-07-11 17:25:32 TCP connection established with [AF_INET]153.167.126.44:1613
2023-07-11 17:25:32 TCPv4_CLIENT link local: (not bound)
2023-07-11 17:25:32 TCPv4_CLIENT link remote: [AF_INET]153.167.126.44:1613
2023-07-11 17:25:32 TLS: Initial packet from [AF_INET]153.167.126.44:1613, sid=8b232b8e 0e319d46
2023-07-11 17:25:33 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2023-07-11 17:25:33 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2023-07-11 17:25:33 VERIFY OK: depth=0, CN=opengw.net
2023-07-11 17:25:33 Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-07-11 17:25:33 [opengw.net] Peer Connection Initiated with [AF_INET]153.167.126.44:1613
2023-07-11 17:25:33 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-07-11 17:25:33 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-07-11 17:25:35 SENT CONTROL [opengw.net]: 'PUSH_REQUEST' (status=1)
2023-07-11 17:25:35 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.85 10.211.1.86,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.86,redirect-gateway def1'
2023-07-11 17:25:35 OPTIONS IMPORT: --ifconfig/up options modified
2023-07-11 17:25:35 OPTIONS IMPORT: route options modified
2023-07-11 17:25:35 OPTIONS IMPORT: route-related options modified
2023-07-11 17:25:35 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-07-11 17:25:35 Using peer cipher 'AES-128-CBC'
2023-07-11 17:25:35 TUN/TAP device /dev/tun0 opened
2023-07-11 17:25:35 /sbin/ifconfig tun0 10.211.1.85 10.211.1.86 mtu 1500 netmask 255.255.255.255 up
2023-07-11 17:25:35 /sbin/route add -net 153.167.126.44 10.20.30.1 -netmask 255.255.255.255
add net 153.167.126.44: gateway 10.20.30.1
2023-07-11 17:25:35 /sbin/route add -net 0.0.0.0 10.211.1.86 -netmask 128.0.0.0
add net 0.0.0.0: gateway 10.211.1.86
2023-07-11 17:25:35 /sbin/route add -net 128.0.0.0 10.211.1.86 -netmask 128.0.0.0
add net 128.0.0.0: gateway 10.211.1.86
2023-07-11 17:25:35 Initialization Sequence Completed
2023-07-11 17:25:35 Data Channel: cipher 'AES-128-CBC', auth 'SHA1'
2023-07-11 17:25:35 Timers: ping 3, ping-restart 10

今度は、上手くいったようでござる。



Frequently accessed files

  1. Computer___Python/20220518_0.html
  2. Computer___Network/20230726_00.html
  3. Misc___Taiwan/20240207_00.html
  4. Computer___Network/20230516_00.html
  5. Computer___FreeBSD/20220621_0.html
  6. Computer___Python/20220715_0.html
  7. Computer___Network/20230508_00.html
  8. Food___Taiwan/20220429_0.html
  9. Computer___Network/20240130_00.html
  10. Computer___NetBSD/20220817_3.html
  11. Computer___Python/20220410_0.html
  12. Computer___Network/20240416_00.html
  13. Computer___NetBSD/20230119_00.html
  14. Computer___Debian/20210223_1.html
  15. Computer___Python/20221013_0.html
  16. Computer___Python/20210124_0.html
  17. Computer___NetBSD/20220428_0.html
  18. Computer___NetBSD/20220818_1.html
  19. Computer___NetBSD/20240101_02.html
  20. Science___Math/20220420_0.html
  21. Computer___Python/20240101_00.html
  22. Computer___NetBSD/20220808_0.html
  23. Computer___TeX/20230503_00.html
  24. Science___Astronomy/20220503_0.html
  25. Computer___NetBSD/20230515_00.html
  26. Computer___Network/20220413_1.html
  27. Computer___NetBSD/20210127_0.html
  28. Computer___TeX/20231107_00.html
  29. Computer___Python/20220816_1.html
  30. Computer___Python/20230717_01.html


HTML file generated by Kinoshita Daisuke.