Post is pinned.
Rules for this community (which should be obvious) and some G+ community FAQs:
- Before asking questions check the links in the "About this community box
- Especially read the FAQ before posting (inside the app or linked in the about this community box)
- Do not make a new post that is just an answer or follow up question to another post
- Also do not post unrelated questions in old/existing posts, make a new post for that.
- No advertisements for VPN services or other services
- Remember this a spare time project, so don't expect commercial level of support
- to get the latest beta (there is not always one available), join this community and follow the beta link of the community
- there is not always a beta version available, often after a few days of testing the beta version becomes the stable version
- Please post in English or German
Commenting is disabled for this post.

Post has attachment

Post has attachment
PIVPN and OpenVPN for Android tls-crypt issue

Hello
I had installed an openvpn server version 2.4.3 using pivpn (Just few clicks to select some options : "Simplest" OpenVPN setup and configuration, designed for Raspberry Pi, available at http://www.pivpn.io/)

This version use Control Channel: TL Sv1.2 and cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384

pivpn generates also client ovpn configurations including certificats and keys .

I had successfully connected to openvpn server with windows 7 and Raspbian Stretch clients with ovpn configuration files generated by pivpn.

But with openVPN for android i get an error ; openvpn server in Raspberrypi detect an tls-crypt unwrap error: packet authentication failed

Is anybody succeed to work with pivpn generated server and openVPN for android ?

Kind regards

Daniel

Extract from openvpn.log of the server

raspberrypi ovpn-server[345]: x:53853 TLS: Initial packet from [AF_INET]x:53853, sid=e3e82d4a 80dc53f8
raspberrypi ovpn-server[345]: x:53853 tls-crypt unwrap error: packet authentication failed
raspberrypi ovpn-server[345]: x:53853 TLS Error: tls-crypt unwrapping failed from [AF_INET]x:53853
raspberrypi ovpn-server[345]: x:53853 Fatal TLS error (check_tls_errors_co), restarting
raspberrypi ovpn-server[345]: x:53853 SIGUSR1[soft,tls-error] received, client-instance restarting

Extract from log displaying error

TCP connection established with
[AF_INET]xx.xx.xx.xx:443
• MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
• TCP_CLIENT link local: (not bound)
• TCP_CLIENT link remote:
[AF_INET]xx.xx.xx.xx:443
• MANAGEMENT: >STATE:1544185240,WAIT,,,,,,
• 2018-12-07 13:20:40 Connection reset,
restarting [0]

Extract from client opvn file generated by pivpn

client
dev tun
proto tcp
remote xx.xx.xx.xx 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_xxxxxxxxxxxx name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3

<ca>
----BEGIN CERTIFICATE----
...............................................................
...............................................................
...............................................................
----END CERTIFICATE----
</ca>
<cert>
----BEGIN CERTIFICATE----
...............................................................
...............................................................
...............................................................
----END CERTIFICATE----
</cert>
<key>
----BEGIN ENCRYPTED PRIVATE KEY----
...............................................................
...............................................................
...............................................................
----END ENCRYPTED PRIVATE KEY----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
----BEGIN OpenVPN Static key V1----
...............................................................
...............................................................
...............................................................
----END OpenVPN Static key V1----
</tls-crypt>

Post has attachment

Hey everybody,

do you know how to fix the Problem:

"Process exited with exit valua 135"

I didnt found something in the FAQ or in the Posts here.

I can connect to my VPN but everytime i try to connect to my Server via ssh it crashes with the Message above. The same crash occurs when i try to reach a HTTP Website on my local Network. So long story short: OpenVPN crashes when i connect to a Server in my local Network.

Thanks and Kind regards

I need to connect to my server through VPN for a private network.
But unfortunately, for I'm in China, OpenVPN seemd to be checked by GFW and the speed of the connection downed to only 10KB/s.
What's worse, the port will be blocked after around 10 minutes' connection.
So are there any VPN tools which have not been checked yet?
Or how should I do to bypass its DPI package check?

Post has attachment
How to fix this:
Photo

Since Nvidia Shield updated to Oreo 8.0 I have gotten a strange problem. Every now and then when I'm starting up a stream in a stream app that goes throu the vpn tunnel I have to reconnect to my vpn provider for the app to be able to connect to it's server. As long as the stream is active it's ok but if I want to see a new movie or new episode of a serie it sometimes can't connect to it's server and to fix it I must go into openVPN and press the reconnect button for it to work again.

Post has attachment
Override DNS Settings with quad9.net?

I have http://quad9.net 9.9.9.9 and 149.112.112.112 set for our dns's on our router, 2 PCs and 2 Androids. I also am using a Private Internet Access script on all these devices, pushing this dns via OpenVPN. On dnsleaktest.com I see that these dns's are being pushed correctly.

On our PCs, I test https://dnssec.vs.uni-due.de/ for DNSSEC and it passes just fine.

On our Androids, using OpenVPN for Android, I also add these dns's in the Override DNS Settings section, but this does not pass DNSSEC. I suspect it is because on the Androids, there also is a field "searchDomain" to be filled in. The default is blinkt.de. When I change that to quad9.net, I get the same result -- failing the DNSSEC tests.

Any suggestions?

I tried this on an nVidia Shield and got it to connect, however the connection is so unstable and slow, that it is not usable.
Same OpenVPN server (Synology NAS) delivers data at ISP max speed to a normal Windows OpenVPN client, so something is off with the Shield and I cannot see what it should be.

Any ideas? Thanks
Wait while more posts are being loaded