Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Having trouble with making a connection to VyprVPN

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 11.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simplyzero
      last edited by

      Hey guys,

      I've been wrangling trying to setup an OpenVPN connection to VyprVPN/Goldenfrog for a few days now. I've gone through the guide over at https://forum.pfsense.org/index.php?topic=35292.0, which seemed to be the most specific VyprVPN specific tutorial out there, but I'm still having connection issues after following the steps. I think I might be missing some pieces considering the screenshots the author linked to are now invalid.

      I wanted to set this up to alleviate some buffering issues with Netflix due to the Cogent peering issue that's going on between VZ and Cogent right now (since I'm on FiOS). I don't have too much of a problem usually, but during high peek times I can't sustain an HD stream without it dropping out constantly, so I figured I'd evaluate. Since I'm a Giganews customer, I just went ahead and added VyprVPN for the package deal instead of going through a different provider. Since they include a few connections along with a decent client, I figured I'd give this a shot. After setting everything up, I get presented with:

      Then in the logs:

      Feb 23 18:21:37 	openvpn[2163]: push_ifconfig_ipv6_remote = ::
      Feb 23 18:21:37 	openvpn[2163]: enable_c2c = DISABLED
      Feb 23 18:21:37 	openvpn[2163]: duplicate_cn = DISABLED
      Feb 23 18:21:37 	openvpn[2163]: cf_max = 0
      Feb 23 18:21:37 	openvpn[2163]: cf_per = 0
      Feb 23 18:21:37 	openvpn[2163]: max_clients = 1024
      Feb 23 18:21:37 	openvpn[2163]: max_routes_per_client = 256
      Feb 23 18:21:37 	openvpn[2163]: auth_user_pass_verify_script = '[UNDEF]'
      Feb 23 18:21:37 	openvpn[2163]: auth_user_pass_verify_script_via_file = DISABLED
      Feb 23 18:21:37 	openvpn[2163]: port_share_host = '[UNDEF]'
      Feb 23 18:21:37 	openvpn[2163]: port_share_port = 0
      Feb 23 18:21:37 	openvpn[2163]: client = ENABLED
      Feb 23 18:21:37 	openvpn[2163]: pull = ENABLED
      Feb 23 18:21:37 	openvpn[2163]: auth_user_pass_file = '/cf/conf/Vypr.pas'
      Feb 23 18:21:37 	openvpn[2163]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
      Feb 23 18:21:37 	openvpn[2163]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client3.sock
      Feb 23 18:21:37 	openvpn[2163]: WARNING: file '/cf/conf/Vypr.pas' is group or others accessible
      Feb 23 18:21:37 	openvpn[2163]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Feb 23 18:21:37 	openvpn[2163]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Feb 23 18:21:37 	openvpn[2163]: Initializing OpenSSL support for engine 'cryptodev'
      Feb 23 18:21:37 	openvpn[2163]: LZO compression initialized
      Feb 23 18:21:37 	openvpn[2163]: Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
      Feb 23 18:21:37 	openvpn[2163]: Socket Buffers: R=[42080->65536] S=[57344->65536]
      Feb 23 18:21:38 	openvpn[2163]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
      Feb 23 18:21:38 	openvpn[2163]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
      Feb 23 18:21:38 	openvpn[2163]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
      Feb 23 18:21:38 	openvpn[2163]: Local Options hash (VER=V4): '22188c5b'
      Feb 23 18:21:38 	openvpn[2163]: Expected Remote Options hash (VER=V4): 'a8f55717'
      Feb 23 18:21:38 	openvpn[2377]: UDPv4 link local (bound): [AF_INET]173.69.59.163
      Feb 23 18:21:38 	openvpn[2377]: UDPv4 link remote: [AF_INET]216.168.3.151:1194
      Feb 23 18:21:38 	openvpn[2377]: TLS: Initial packet from [AF_INET]216.168.3.151:1194, sid=138bd116 3fb27f06
      Feb 23 18:21:38 	openvpn[2377]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
      Feb 23 18:21:38 	openvpn[2377]: VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=admin@goldenfrog.com
      Feb 23 18:21:38 	openvpn[2377]: VERIFY OK: depth=0, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=us2.vpn.giganews.com, emailAddress=admin@goldenfrog.com
      Feb 23 18:21:40 	openvpn[2377]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
      Feb 23 18:21:40 	openvpn[2377]: MANAGEMENT: CMD 'state 1'
      Feb 23 18:21:40 	openvpn[2377]: MANAGEMENT: Client disconnected
      Feb 23 18:21:40 	openvpn[2377]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
      Feb 23 18:21:40 	openvpn[2377]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
      Feb 23 18:21:40 	openvpn[2377]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
      Feb 23 18:21:40 	openvpn[2377]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Feb 23 18:21:40 	openvpn[2377]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Feb 23 18:21:40 	openvpn[2377]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
      Feb 23 18:21:40 	openvpn[2377]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Feb 23 18:21:40 	openvpn[2377]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
      Feb 23 18:21:40 	openvpn[2377]: [us2.vpn.giganews.com] Peer Connection Initiated with [AF_INET]216.168.3.151:1194
      Feb 23 18:21:43 	openvpn[2377]: SENT CONTROL [us2.vpn.giganews.com]: 'PUSH_REQUEST' (status=1)
      Feb 23 18:21:43 	openvpn[2377]: AUTH: Received control message: AUTH_FAILED
      Feb 23 18:21:43 	openvpn[2377]: TCP/UDP: Closing socket
      Feb 23 18:21:43 	openvpn[2377]: SIGTERM[soft,auth-failure] received, process exiting
      

      Here's what I have setup:



      I've tried toggling 256 bit encryption to 128 bit, no go. Switched the port to 443, but that didn't work either. Enabled the LZO algorithm on and off, as well as TLS'ing the packets, but nothing has worked.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        well this seems to point to auth, password username issue

        AUTH: Received control message: AUTH_FAILED

        I assume you have your username and password in here
        /cf/conf/Vypr.pas

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          simplyzero
          last edited by

          @johnpoz:

          well this seems to point to auth, password username issue

          AUTH: Received control message: AUTH_FAILED

          I assume you have your username and password in here
          /cf/conf/Vypr.pas

          Yeah, I do. Username is on the first line, password on the second.

          I think the permissions look okay:

          -rw-r–r--  1 root  wheel      27 Feb 24 12:00 Vypr.pas

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
            

            Someone else just recently mentioned that BF-CBC had to be set on their VPN connection. Try changing AES to BF-CBC.
            and pick 128 bit key - like the next message suggests
            and there are some messages about MTU - but I would try sorting out the cipher first, before messing with MTU settings.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • S
              simplyzero
              last edited by

              @phil.davis:

              WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
              

              Someone else just recently mentioned that BF-CBC had to be set on their VPN connection. Try changing AES to BF-CBC.
              and pick 128 bit key - like the next message suggests
              and there are some messages about MTU - but I would try sorting out the cipher first, before messing with MTU settings.

              Thanks. I did change that to BF-CBC after looking through the log, but still no such luck with it fully connecting, unfortunately. I still get that auth message at the very end of the log like without the change, which continues to be perplexing. I have logged into the Vyprvpn portal with the username and password combination successfully, as well as used the client before on a Windows machine to test account connectivity, and all was well. However, pfsense seems to still have trouble.

              1 Reply Last reply Reply Quote 0
              • S
                simplyzero
                last edited by

                Interesting enough, it managed to connect after the trial was over and it charged my card. Strange. Support couldn't explain that one either, but maybe it was just some sort of fluke.

                However, when the OpenVPN connection sets up and connects to Vyprvpn, I no longer can access anything out on the Internet on any connected machine. I don't have any rule sets for the whole LAN segment to route out via Vyprvpn, etc. If I disable it, then I can get back out to the Internet.

                Also looks like I keep getting messages of:

                Mar 1 20:24:25 	openvpn[41699]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18477269 / time = (1393696330) Sat Mar 1 12:52:10 2014 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
                

                Any ideas what that could be?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.