• 1 Post
  • 10 Comments
Joined 6 months ago
cake
Cake day: May 9th, 2024

help-circle
  • 2024-05-12 23:51:46 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    2024-05-12 23:51:47 TCP/UDP: Preserving recently used remote address: ***********
    2024-05-12 23:51:47 Socket Buffers: R=[212992->212992] S=[212992->212992]
    2024-05-12 23:51:47 UDPv4 link local: (not bound)
    2024-05-12 23:51:47 UDPv4 link remote: ******************
    2024-05-12 23:51:47 TLS: Initial packet from *************
    2024-05-12 23:51:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    2024-05-12 23:51:47 VERIFY OK: depth=1, C=IN, ***************
    2024-05-12 23:51:47 VERIFY OK: depth=0, C=IN, ***************
    2024-05-12 23:51:48 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 3072 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH
    2024-05-12 23:51:48 [vpn.*******] Peer Connection Initiated with ****************
    2024-05-12 23:51:48 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
    2024-05-12 23:51:48 TLS: tls_multi_process: initial untrusted session promoted to trusted
    2024-05-12 23:51:49 SENT CONTROL [vpn.iitd.ac.in]: 'PUSH_REQUEST' (status=1)
    2024-05-12 23:51:49 PUSH: Received control message: ************
    2024-05-12 23:51:49 OPTIONS IMPORT: --ifconfig/up options modified
    2024-05-12 23:51:49 OPTIONS IMPORT: route options modified
    2024-05-12 23:51:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    2024-05-12 23:51:49 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
    2024-05-12 23:51:49 ERROR: Failed to apply push options
    2024-05-12 23:51:49 Failed to open tun/tap interface
    2024-05-12 23:51:49 SIGUSR1[soft,process-push-msg-failed] received, process restarting
    2024-05-12 23:51:49 Restart pause, 1 second(s)
    

    this repeats over and over, i killed it, also i tried to connect with our vpn a year or 2 ago this method, and had same/similar errors even back then, and it only used to worked with network manager

    sorry for editing it heavily, but would love to not be doxxed



  • 
    #####******************############**************
    STUFF I HAVE WRITTEN
    ##############*************************
    Intentionally not written nicely to be able to distinguish
    ######################***************************
    remote had the my college's vpn domain vpn.coll.eg.e
    CA had college's certificate file name (in the same dir as config)
    cert myid.crt
    key myid.key
    
    
    ##############################################
    # Sample client-side OpenVPN 2.0 config file #
    # for connecting to multi-client server.     #
    #                                            #
    # This configuration can be used by multiple #
    # clients, however each client should have   #
    # its own cert and key files.                #
    #                                            #
    # On Windows, you might want to rename this  #
    # file so it has a .ovpn extension           #
    ##############################################
    
    # Specify that we are a client and that we
    # will be pulling certain config file directives
    # from the server.
    client
    
    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    dev tun
    
    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel
    # if you have more than one.  On XP SP2,
    # you may need to disable the firewall
    # for the TAP adapter.
    ;dev-node MyTap
    
    # Are we connecting to a TCP or
    # UDP server?  Use the same setting as
    # on the server.
    ;proto tcp
    proto udp
    
    # The hostname/IP and port of the server.
    # You can have multiple remote entries
    # to load balance between the servers.
    ;remote my-server-1 1194
    ;remote my-server-2 1194
    remote 
    port 1194
    
    # Choose a random host from the remote
    # list for load-balancing.  Otherwise
    # try hosts in the order specified.
    ;remote-random
    
    # Keep trying indefinitely to resolve the
    # host name of the OpenVPN server.  Very useful
    # on machines which are not permanently connected
    # to the internet such as laptops.
    resolv-retry infinite
    
    # Most clients don't need to bind to
    # a specific local port number.
    nobind
    
    # Downgrade privileges after initialization (non-Windows only)
    ;user nobody
    ;group nobody
    
    # Try to preserve some state across restarts.
    persist-key
    persist-tun
    
    # If you are connecting through an
    # HTTP proxy to reach the actual OpenVPN
    # server, put the proxy server/IP and
    # port number here.  See the man page
    # if your proxy server requires
    # authentication.
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]
    
    # Wireless networks often produce a lot
    # of duplicate packets.  Set this flag
    # to silence duplicate packet warnings.
    ;mute-replay-warnings
    
    # SSL/TLS parms.
    # See the server config file for more
    # description.  It's best to use
    # a separate .crt/.key file pair
    # for each client.  A single ca
    # file can be used for all clients.
    ca 
    cert 
    key 
    
    # Verify server certificate by checking
    # that the certicate has the nsCertType
    # field set to "server".  This is an
    # important precaution to protect against
    # a potential attack discussed here:
    #  http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the nsCertType
    # field set to "server".  The build-key-server
    # script in the easy-rsa folder will do this.
    ;ns-cert-type server
    
    # If a tls-auth key is used on the server
    # then every client must also have the key.
    tls-auth ta.key 1
    
    # Select a cryptographic cipher.
    # If the cipher option is used on the server
    # then you must also specify it here.
    cipher AES-128-CBC
    ;cipher BF-CBC
    
    # Enable compression on the VPN link.
    # Don't enable this unless it is also
    # enabled in the server config file.
    comp-lzo
    
    # Set log file verbosity.
    verb 3
    
    # Silence repeating messages
    ;mute 20
    
    route-method exe
    route-delay 2
    
    auth-user-pass
    


  • with my college, they are not even up to current openvpn versions, if i use a verbose vpn app on phone (open vpn for android on fdroid), i have to use compatibility settings to even connect, they even use older encryption standards and compression settings, what i think is coincidentally something in my system updated which may not work with their current configs, and on my phone it is somehow still working