TLS Error while connecting, Ubuntu 18.04 LTS
sriramgkn opened this issue · 21 comments
I am using the latest version of protonvpn-cli, and have openresolv installed. I get the same "unable to manage ipv6" error while connecting, as in the previously resolved issue. I have confirmed that it is NOT an authentication issue, and NOT a version issue (I am using the latest 1.1.2). It is a TLS handshake error, mostly because I'm using my university's ethernet.
My partial log file is as follows -
Tue Jan 15 20:15:42 2019 us=925822 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Tue Jan 15 20:15:42 2019 us=925834 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Tue Jan 15 20:15:42 2019 us=926573 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jan 15 20:15:42 2019 us=927151 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jan 15 20:15:42 2019 us=927185 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jan 15 20:15:42 2019 us=927279 Control Channel MTU parms [ L:1654 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Tue Jan 15 20:15:42 2019 us=972976 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Tue Jan 15 20:15:42 2019 us=973095 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jan 15 20:15:42 2019 us=973139 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jan 15 20:15:42 2019 us=973949 TCP/UDP: Preserving recently used remote address: [AF_INET]185.161.200.10:443
Tue Jan 15 20:15:42 2019 us=974005 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jan 15 20:15:42 2019 us=974027 UDP link local: (not bound)
Tue Jan 15 20:15:42 2019 us=974047 UDP link remote: [AF_INET]185.161.200.10:443
Tue Jan 15 20:15:42 2019 us=974063 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Jan 15 20:15:44 2019 us=227453 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1)
Tue Jan 15 20:15:48 2019 us=796384 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1)
Tue Jan 15 20:15:57 2019 us=9265 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1)
Tue Jan 15 20:16:03 2019 us=921110 event_wait : Interrupted system call (code=4)
Tue Jan 15 20:16:03 2019 us=921272 TCP/UDP: Closing socket
Tue Jan 15 20:16:03 2019 us=921311 SIGTERM[hard,] received, process exiting
Please suggest a solution.
Full log file:
connection_log.txt
@xilopaint @mazen160 please help.
No... Will check it out
Please, tell here if it works.
Thanks for reporting the issue. It seems to be a client-side issue at your OS setup. Please check:
https://forums.openvpn.net/viewtopic.php?t=25217
@mazen160 Thanks for responding. Interesting issue indeed.
@xilopaint As suggested in the link you sent, I installed and started the Ubuntu NTP client, as explained here. However I didn't add specific servers to the ntp.conf file; I just let it run with the default ubuntu servers. No fruit, still getting precisely the same errors in log.
@xilopaint should I add the specific protonvpn servers I'm connecting to in the ntp.conf file?
Like server 108.59.0.40
?
This is how my NTP configuration file looks: ntp_conf.txt
Kindly let me know what you think. Thanks.
Typing ntpq -p
gives:
remote refid st t when poll reach delay offset jitter
==============================================================================
0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 0.000 0.000
ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 0.000 0.000
+ntp-a2.nict.go. .NICT. 1 u 77 512 377 101.382 -0.899 1.582
+ntp-a3.nict.go. .NICT. 1 u 85 512 377 101.579 -1.136 0.824
+ntp-b3.nict.go. .NICT. 1 u 95 512 377 102.096 -0.782 1.227
*ntp-b2.nict.go. .NICT. 1 u 173 512 377 102.222 -0.749 3.301
-time1.isu.net.s 209.51.161.238 2 u 253 256 377 426.062 4.027 3.140
Also, typing service ntp status
gives:
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2019-01-17 15:44:02 IST; 7h ago
Docs: man:ntpd(8)
Main PID: 4360 (ntpd)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/ntp.service
└─4360 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 127:133
Jan 17 22:02:14 ubuntu16-04 ntpd[4360]: unable to create socket on wlp3s0 (16) for fe80::3252:cbff:fe29:72d1%
Jan 17 22:02:14 ubuntu16-04 ntpd[4360]: failed to init interface for address fe80::3252:cbff:fe29:72d1%3
Jan 17 22:02:14 ubuntu16-04 ntpd[4360]: new interface(s) found: waking up resolver
Jan 17 22:02:16 ubuntu16-04 ntpd[4360]: Listen normally on 17 wlp3s0 [fe80::3252:cbff:fe29:72d1%3]:123
Jan 17 22:02:16 ubuntu16-04 ntpd[4360]: new interface(s) found: waking up resolver
Jan 17 22:17:40 ubuntu16-04 ntpd[4360]: Deleting interface #15 lo, ::1#123, interface stats: received=0, sent
Jan 17 22:17:40 ubuntu16-04 ntpd[4360]: Deleting interface #17 wlp3s0, fe80::3252:cbff:fe29:72d1%3#123, inter
Jan 17 22:18:05 ubuntu16-04 ntpd[4360]: Listen normally on 18 lo [::1]:123
Jan 17 22:18:05 ubuntu16-04 ntpd[4360]: Listen normally on 19 wlp3s0 [fe80::3252:cbff:fe29:72d1%3]:123
Jan 17 22:18:05 ubuntu16-04 ntpd[4360]: new interface(s) found: waking up resolver
@sriramgkn Do you receive the same TLS error if you use a different port (not udp/443)? At least 80, 4569, 1194, and 5060 should be defined in the conffile(s)/available to try.
@sriramgkn do you still have this issue?
Yes. Does not work with university LAN, but works with public internet (eg. mobile data tethered to laptop via usb)
@crimsun How do I use those ports? I am using the command line version of Proton VPN, and can only see tcp and udp.
Yes. Does not work with university LAN, but works with public internet (eg. mobile data tethered to laptop via usb)
It should be an issue on your end as stated by @mazen160 before.
Have you tried to connect to OpenVPN directly using the configuration files? If it doesn't work there's nothing we can do.
@crimsun How do I use those ports? I am using the command line version of Proton VPN, and can only see tcp and udp.
Have you already tried to connect using TCP?
@sriramgkn are you still interested in this issue?
@xilopaint I tried connecting with TCP as well, doesn't connect. It is very likely an issue with university ethernet, which controls IPV6.
Right now I'm not interested in the issue.
I'm closing the issue now.
In summary, the issue is that IPV6 address of all devices connected to university ethernet is that of a common PC owned and controlled by the university. Despite this, free VPN services in Windows work. However in Ubuntu, I'm yet to find a free VPN that works around this. Regards.
@sriramgkn what do you mean with "controls IPv6"? protonvpn-cli doesn't support IPv6 so it disables this protocol in your machine once connected and enable it again once disconnected.
When connected to university ethernet, my IPV4 address is unique to my laptop, but I fail the IPV6 leak test. The observed IPV6 address is that of a central computer belonging to university. Although ProtonVPN doesn't use IPV6, I have read that devices must not fail the IPV6 leak test.
As such, the IPV6 leak is the only difference I've noticed as of now between connecting to university ethernet versus a public network. As I already said earlier, pvpn works fine when connected to the public network.