Cannot connect to VPN services! The connection attempt to the VPN service timed out!

Ahmose · February 7, 2024, 9:11am

Hello everyone,
I am trying to connect to different VPN services, I use the openvpn plugin to import .ovpn files, but I always get this message "The connection attempt to the VPN service timed out. "
I tried to stop the firewall but nothing changed.
this is the output of journalctl -f

ahmose@susie:~> journalctl -f
Hint: You are currently not seeing messages from other users and the system.
      Users in the 'systemd-journal' group can see all messages. Pass -q to
      turn off this notice.
Feb 07 10:46:54 susie polkit-kde-authentication-agent-1[2416]: Finishing obtaining privileges
Feb 07 10:46:54 susie polkit-kde-authentication-agent-1[2416]: Listener adapter polkit_qt_listener_initiate_authentication_finish
Feb 07 10:46:54 susie polkit-kde-authentication-agent-1[2416]: polkit_qt_listener_initiate_authentication_finish callback for  0x557ebfdbbc00
Feb 07 10:46:54 susie polkit-kde-authentication-agent-1[2416]: Finish obtain authorization: true
Feb 07 10:46:54 susie kwin_x11[2320]: kwin_core: XCB error: 152 (BadDamage), sequence: 30838, resource id: 10618703, major code: 143 (DAMAGE), minor code: 3 (Subtract)
Feb 07 10:46:54 susie kded5[2317]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "VersionId"
Feb 07 10:46:54 susie kded5[2317]: org.kde.plasma.nm.kded: Unhandled VPN connection state change:  NetworkManager::VpnConnection::Connecting
Feb 07 10:46:54 susie plasmashell[2379]: kf.networkmanagerqt: void NetworkManager::ConnectionPrivate::onPropertiesChanged(const QVariantMap&) Unhandled property "VersionId"
Feb 07 10:47:54 susie plasmashell[2379]: Could not find the Plasmoid for Plasma::FrameSvgItem(0x557b88c65100) QQmlContext(0x557b85869650) QUrl("file:///usr/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/global/Globals.qml")
Feb 07 10:47:54 susie plasmashell[2379]: Could not find the Plasmoid for Plasma::FrameSvgItem(0x557b88c65100) QQmlContext(0x557b85869650) QUrl("file:///usr/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/global/Globals.qml")

marel · February 7, 2024, 3:33pm

You have a .ovpn file, can you please run on the command line:

> sudo openvpn --config your.ovpn

Post the output of that command here incl. the command itself. Filter out information from the output you do not want to share publicly.

Ahmose · February 7, 2024, 10:09pm

Hi,
I really appreciate your time, thank you!
here is the output:

ahmose@susie:~/Downloads> sudo openvpn --config credentials.ovpn 
[sudo] password for root: 
2024-02-07 23:49:24 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-07 23:49:24 OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
2024-02-07 23:49:24 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Enter Auth Username: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Enter Auth Password: ********************************
2024-02-07 23:50:15 TCP/UDP: Preserving recently used remote address: [AF_INET]89.33.246.54:1194
2024-02-07 23:50:15 UDPv4 link local: (not bound)
2024-02-07 23:50:15 UDPv4 link remote: [AF_INET]89.33.246.54:1194
2024-02-07 23:50:15 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-02-07 23:51:15 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-07 23:51:15 TLS Error: TLS handshake failed
2024-02-07 23:51:15 SIGUSR1[soft,tls-error] received, process restarting
2024-02-07 23:51:17 TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.102.98:1194

marel · February 7, 2024, 10:19pm

Okay, “clear” error.

Can you check the content of the .ovpn file and check the address after the line starting with “remote”, does it respond to ping? Unless you do not want to share which VPN you are using, can you share that address?

If pinging the host is working can you repeat the openvpn command but now with “–verb 3” added? That should give additional debug output on the TLS negotiations & route info.

Ahmose · February 7, 2024, 10:46pm

I use Kaspersky vpn, this is the address location-pub-kl--moldova-chisinau.aura-servers.com
and ping result:

ahmose@susie:~> ping location-pub-kl--moldova-chisinau.aura-servers.com
PING location-pub-kl--moldova-chisinau.aura-servers.com (89.33.246.54) 56(84) bytes of data.
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=1 ttl=54 time=113 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=2 ttl=54 time=109 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=3 ttl=54 time=109 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=4 ttl=54 time=111 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=5 ttl=54 time=110 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=6 ttl=54 time=109 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=7 ttl=54 time=142 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=8 ttl=54 time=140 ms
64 bytes from secret.unitoros.com (89.33.246.54): icmp_seq=9 ttl=54 time=111 ms

and this is the command with --verb 3

ahmose@susie:~/Downloads> sudo openvpn --verb 3 --config credentials.ovpn 
2024-02-08 00:39:12 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-08 00:39:12 OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
2024-02-08 00:39:12 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Enter Auth Username: 11ef75d5db3833cd8a580557e1b05b3a
Enter Auth Password: ********************************
2024-02-08 00:39:58 TCP/UDP: Preserving recently used remote address: [AF_INET]89.33.246.54:1194
2024-02-08 00:39:58 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 00:39:58 UDPv4 link local: (not bound)
2024-02-08 00:39:58 UDPv4 link remote: [AF_INET]89.33.246.54:1194
2024-02-08 00:39:58 TLS: Initial packet from [AF_INET]89.33.246.54:1194, sid=82040a5a fd228932
2024-02-08 00:39:58 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-02-08 00:40:58 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-08 00:40:58 TLS Error: TLS handshake failed
2024-02-08 00:40:58 SIGUSR1[soft,tls-error] received, process restarting
2024-02-08 00:40:58 Restart pause, 1 second(s)
2024-02-08 00:41:00 TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.102.98:1194
2024-02-08 00:41:00 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 00:41:00 UDPv4 link local: (not bound)
2024-02-08 00:41:00 UDPv4 link remote: [AF_INET]89.46.102.98:1194
2024-02-08 00:41:00 TLS: Initial packet from [AF_INET]89.46.102.98:1194, sid=6dde77ed d0006542
2024-02-08 00:42:00 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-08 00:42:00 TLS Error: TLS handshake failed
2024-02-08 00:42:00 SIGUSR1[soft,tls-error] received, process restarting
2024-02-08 00:42:00 Restart pause, 1 second(s)
2024-02-08 00:42:02 TCP/UDP: Preserving recently used remote address: [AF_INET]89.33.246.54:1194
2024-02-08 00:42:02 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 00:42:02 UDPv4 link local: (not bound)
2024-02-08 00:42:02 UDPv4 link remote: [AF_INET]89.33.246.54:1194
2024-02-08 00:42:02 TLS: Initial packet from [AF_INET]89.33.246.54:1194, sid=f1482d72 3e15eb40
2024-02-08 00:43:02 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-08 00:43:02 TLS Error: TLS handshake failed
2024-02-08 00:43:02 SIGUSR1[soft,tls-error] received, process restarting
2024-02-08 00:43:02 Restart pause, 1 second(s)
2024-02-08 00:43:04 TCP/UDP: Preserving recently used remote address: [AF_INET]89.33.246.54:1194
2024-02-08 00:43:04 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 00:43:04 UDPv4 link local: (not bound)
2024-02-08 00:43:04 UDPv4 link remote: [AF_INET]89.33.246.54:1194
2024-02-08 00:43:04 TLS: Initial packet from [AF_INET]89.33.246.54:1194, sid=2d27bffb 4878e968
2024-02-08 00:44:04 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-08 00:44:04 TLS Error: TLS handshake failed
2024-02-08 00:44:04 SIGUSR1[soft,tls-error] received, process restarting
2024-02-08 00:44:04 Restart pause, 1 second(s)
2024-02-08 00:44:06 TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.86:1194
2024-02-08 00:44:06 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 00:44:06 UDPv4 link local: (not bound)
2024-02-08 00:44:06 UDPv4 link remote: [AF_INET]185.210.218.86:1194
2024-02-08 00:44:06 TLS: Initial packet from [AF_INET]185.210.218.86:1194, sid=6c9d93db 2d6e5ddb

by the way, The vpn works well on windows and mobile phone, I have this problem only with Linux!

marel · February 7, 2024, 10:52pm

If the same VPN works with Windows/Mobile phone (also ovpn I assume) I think the problem could have to do with what the first line of debug output is try to say:

Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

Likely tumbleweed is using this newer version of OpenVPN while Windows uses on older version.

Ahmose · February 8, 2024, 7:52am

Actually it was the kaspersky vpn application for windows and android, didn’t try an openvpn application though, however making it work on opensuse is the most important for me.
i have checked if i can downgrade openvpn to older versions but i found nothing but a 2.4 version on a home repository which i’m scared to try!

marel · February 8, 2024, 8:08am

Why downgrading OpenVPN? The warning gives good guidance (“please add”) on what you can do with the up-to-date version of Tumbleweed.

Okay, so under the hood Windows/Andriod might not use OpenVPN, indeed likely it is using the private Catapult Hydra protocol I read.

Looking better, not sure I would chose Kaspersky.

Ahmose · February 8, 2024, 8:39am

Because I tried this:

ahmose@susie:~/Downloads> sudo openvpn --data-ciphers-fallback BF-CBC --config credentials.ovpn 
[sudo] password for root: 
2024-02-08 10:29:03 OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
2024-02-08 10:29:03 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Enter Auth Username: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Enter Auth Password: ********************************
2024-02-08 10:29:41 Cipher BF-CBC not supported
2024-02-08 10:29:41 Exiting due to fatal error

I used kaspersky products because it is the easiest to access in Egypt as we suffer from vpn websites being blocked, lots of websites are blocked, cannot purchase online products with any of hard currencies but kaspersky accepts EGP, that’s why!
please tell me if you have a suggestion of a vpn that i could just try to make sure it will work.

Ahmose · February 8, 2024, 8:42am

something came to my mind now as i heard that many vpn services are not working here
could my ISP be able to block the openvpn protocol meanwhile it didn’t block the Catapuly hydra!!!

marel · February 8, 2024, 8:53am

Okay, you tried data-ciphers-fallback, would be good to mention that discussing things, I can not see what you are doing. Likely OpenVPN on Tumbleweed is not going to work

Apparently it is a fight between “let’s have a default that works” and “let’s not weaken security too easily”.

See see https://www.spinics.net/linux/fedora/fedora-users/msg513152.html

Okay, understood. Too bad hard currencies are not supported, what about Bitcoinand other options.

I did check but Kaspersky is also offering wireguard, is that an option or is that somehow blocked?

marel · February 8, 2024, 9:11am

Checking the log you provided I see UDP is used, one thing you can also try is TCP.

You can find that in the .ovpn file, change “proto upd” to “proto tcp”. If that also does not work, please post once more the output but with --verb 5 so that packets are logged using the R and W characters.

Ahmose · February 8, 2024, 12:02pm

Bitcoin and crypto is illegal here, and maybe the main reason for wanting a vpn is to reach binance and kucoin websites etc…
wireguard is connected but no data received!

Ahmose · February 8, 2024, 12:03pm

tried the tcp port but nothing new.
this is the --verb 5 command output:

ahmose@susie:~/Downloads> sudo openvpn --verb 5 --config credentials.ovpn 
[sudo] password for root: 
2024-02-08 13:55:55 us=153405 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-08 13:55:55 us=153475 Current Parameter Settings:
2024-02-08 13:55:55 us=153486   config = 'credentials.ovpn'
2024-02-08 13:55:55 us=153494   mode = 0
2024-02-08 13:55:55 us=153500   persist_config = DISABLED
2024-02-08 13:55:55 us=153507   persist_mode = 1
2024-02-08 13:55:55 us=153513   show_ciphers = DISABLED
2024-02-08 13:55:55 us=153520   show_digests = DISABLED
2024-02-08 13:55:55 us=153527   show_engines = DISABLED
2024-02-08 13:55:55 us=153533   genkey = DISABLED
2024-02-08 13:55:55 us=153539   genkey_filename = '[UNDEF]'
2024-02-08 13:55:55 us=153546   key_pass_file = '[UNDEF]'
2024-02-08 13:55:55 us=153553   show_tls_ciphers = DISABLED
2024-02-08 13:55:55 us=153560   connect_retry_max = 0
2024-02-08 13:55:55 us=153566 Connection profiles [0]:
2024-02-08 13:55:55 us=153572   proto = udp
2024-02-08 13:55:55 us=153579   local = '[UNDEF]'
2024-02-08 13:55:55 us=153585   local_port = '[UNDEF]'
2024-02-08 13:55:55 us=153591   remote = 'location-pub-kl--moldova-chisinau.aura-servers.com'
2024-02-08 13:55:55 us=153599   remote_port = '1194'
2024-02-08 13:55:55 us=153606   remote_float = DISABLED
2024-02-08 13:55:55 us=153612   bind_defined = DISABLED
2024-02-08 13:55:55 us=153619   bind_local = DISABLED
2024-02-08 13:55:55 us=153625   bind_ipv6_only = DISABLED
2024-02-08 13:55:55 us=153632   connect_retry_seconds = 1
2024-02-08 13:55:55 us=153639   connect_timeout = 120
2024-02-08 13:55:55 us=153645   socks_proxy_server = '[UNDEF]'
2024-02-08 13:55:55 us=153652   socks_proxy_port = '[UNDEF]'
2024-02-08 13:55:55 us=153659   tun_mtu = 1500
2024-02-08 13:55:55 us=153665   tun_mtu_defined = ENABLED
2024-02-08 13:55:55 us=153672   link_mtu = 1500
2024-02-08 13:55:55 us=153678   link_mtu_defined = DISABLED
2024-02-08 13:55:55 us=153685   tun_mtu_extra = 0
2024-02-08 13:55:55 us=153691   tun_mtu_extra_defined = DISABLED
2024-02-08 13:55:55 us=153697   tls_mtu = 1250
2024-02-08 13:55:55 us=153704   mtu_discover_type = -1
2024-02-08 13:55:55 us=153710   fragment = 0
2024-02-08 13:55:55 us=153718   mssfix = 1492
2024-02-08 13:55:55 us=153724   mssfix_encap = ENABLED
2024-02-08 13:55:55 us=153731   mssfix_fixed = DISABLED
2024-02-08 13:55:55 us=153738   explicit_exit_notification = 0
2024-02-08 13:55:55 us=153744   tls_auth_file = '[UNDEF]'
2024-02-08 13:55:55 us=153751   key_direction = not set
2024-02-08 13:55:55 us=153757   tls_crypt_file = '[UNDEF]'
2024-02-08 13:55:55 us=153763   tls_crypt_v2_file = '[UNDEF]'
2024-02-08 13:55:55 us=153770 Connection profiles END
2024-02-08 13:55:55 us=153777   remote_random = DISABLED
2024-02-08 13:55:55 us=153783   ipchange = '[UNDEF]'
2024-02-08 13:55:55 us=153789   dev = 'tun'
2024-02-08 13:55:55 us=153796   dev_type = '[UNDEF]'
2024-02-08 13:55:55 us=153803   dev_node = '[UNDEF]'
2024-02-08 13:55:55 us=153809   lladdr = '[UNDEF]'
2024-02-08 13:55:55 us=153815   topology = 1
2024-02-08 13:55:55 us=153822   ifconfig_local = '[UNDEF]'
2024-02-08 13:55:55 us=153829   ifconfig_remote_netmask = '[UNDEF]'
2024-02-08 13:55:55 us=153835   ifconfig_noexec = DISABLED
2024-02-08 13:55:55 us=153841   ifconfig_nowarn = DISABLED
2024-02-08 13:55:55 us=153848   ifconfig_ipv6_local = '[UNDEF]'
2024-02-08 13:55:55 us=153854   ifconfig_ipv6_netbits = 0
2024-02-08 13:55:55 us=153861   ifconfig_ipv6_remote = '[UNDEF]'
2024-02-08 13:55:55 us=153867   shaper = 0
2024-02-08 13:55:55 us=153874   mtu_test = 0
2024-02-08 13:55:55 us=153880   mlock = DISABLED
2024-02-08 13:55:55 us=153887   keepalive_ping = 0
2024-02-08 13:55:55 us=153893   keepalive_timeout = 0
2024-02-08 13:55:55 us=153900   inactivity_timeout = 0
2024-02-08 13:55:55 us=153906   session_timeout = 0
2024-02-08 13:55:55 us=153913   inactivity_minimum_bytes = 0
2024-02-08 13:55:55 us=153920   ping_send_timeout = 0
2024-02-08 13:55:55 us=153926   ping_rec_timeout = 0
2024-02-08 13:55:55 us=153932   ping_rec_timeout_action = 0
2024-02-08 13:55:55 us=153939   ping_timer_remote = DISABLED
2024-02-08 13:55:55 us=153945   remap_sigusr1 = 0
2024-02-08 13:55:55 us=153951   persist_tun = DISABLED
2024-02-08 13:55:55 us=153958   persist_local_ip = DISABLED
2024-02-08 13:55:55 us=153964   persist_remote_ip = DISABLED
2024-02-08 13:55:55 us=153970   persist_key = DISABLED
2024-02-08 13:55:55 us=153977   passtos = DISABLED
2024-02-08 13:55:55 us=153983   resolve_retry_seconds = 1000000000
2024-02-08 13:55:55 us=153990   resolve_in_advance = DISABLED
2024-02-08 13:55:55 us=153996   username = '[UNDEF]'
2024-02-08 13:55:55 us=154003   groupname = '[UNDEF]'
2024-02-08 13:55:55 us=154010   chroot_dir = '[UNDEF]'
2024-02-08 13:55:55 us=154016   cd_dir = '[UNDEF]'
2024-02-08 13:55:55 us=154023   writepid = '[UNDEF]'
2024-02-08 13:55:55 us=154029   up_script = '[UNDEF]'
2024-02-08 13:55:55 us=154035   down_script = '[UNDEF]'
2024-02-08 13:55:55 us=154042   down_pre = DISABLED
2024-02-08 13:55:55 us=154048   up_restart = DISABLED
2024-02-08 13:55:55 us=154055   up_delay = DISABLED
2024-02-08 13:55:55 us=154061   daemon = DISABLED
2024-02-08 13:55:55 us=154067   log = DISABLED
2024-02-08 13:55:55 us=154073   suppress_timestamps = DISABLED
2024-02-08 13:55:55 us=154080   machine_readable_output = DISABLED
2024-02-08 13:55:55 us=154086   nice = 0
2024-02-08 13:55:55 us=154093   verbosity = 5
2024-02-08 13:55:55 us=154099   mute = 0
2024-02-08 13:55:55 us=154106   gremlin = 0
2024-02-08 13:55:55 us=154112   status_file = '[UNDEF]'
2024-02-08 13:55:55 us=154118   status_file_version = 1
2024-02-08 13:55:55 us=154125   status_file_update_freq = 60
2024-02-08 13:55:55 us=154132   occ = ENABLED
2024-02-08 13:55:55 us=154138   rcvbuf = 0
2024-02-08 13:55:55 us=154144   sndbuf = 0
2024-02-08 13:55:55 us=154151   mark = 0
2024-02-08 13:55:55 us=154157   sockflags = 0
2024-02-08 13:55:55 us=154164   fast_io = DISABLED
2024-02-08 13:55:55 us=154170   comp.alg = 0
2024-02-08 13:55:55 us=154176   comp.flags = 24
2024-02-08 13:55:55 us=154183   route_script = '[UNDEF]'
2024-02-08 13:55:55 us=154189   route_default_gateway = '[UNDEF]'
2024-02-08 13:55:55 us=154196   route_default_metric = 0
2024-02-08 13:55:55 us=154202   route_noexec = DISABLED
2024-02-08 13:55:55 us=154209   route_delay = 0
2024-02-08 13:55:55 us=154215   route_delay_window = 30
2024-02-08 13:55:55 us=154222   route_delay_defined = DISABLED
2024-02-08 13:55:55 us=154228   route_nopull = DISABLED
2024-02-08 13:55:55 us=154235   route_gateway_via_dhcp = DISABLED
2024-02-08 13:55:55 us=154241   allow_pull_fqdn = DISABLED
2024-02-08 13:55:55 us=154249   management_addr = '[UNDEF]'
2024-02-08 13:55:55 us=154256   management_port = '[UNDEF]'
2024-02-08 13:55:55 us=154262   management_user_pass = '[UNDEF]'
2024-02-08 13:55:55 us=154269   management_log_history_cache = 250
2024-02-08 13:55:55 us=154275   management_echo_buffer_size = 100
2024-02-08 13:55:55 us=154282   management_client_user = '[UNDEF]'
2024-02-08 13:55:55 us=154289   management_client_group = '[UNDEF]'
2024-02-08 13:55:55 us=154295   management_flags = 0
2024-02-08 13:55:55 us=154302   shared_secret_file = '[UNDEF]'
2024-02-08 13:55:55 us=154309   key_direction = not set
2024-02-08 13:55:55 us=154316   ciphername = 'BF-CBC'
2024-02-08 13:55:55 us=154322   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
2024-02-08 13:55:55 us=154329   authname = 'SHA1'
2024-02-08 13:55:55 us=154335   engine = DISABLED
2024-02-08 13:55:55 us=154342   replay = ENABLED
2024-02-08 13:55:55 us=154349   mute_replay_warnings = DISABLED
2024-02-08 13:55:55 us=154355   replay_window = 64
2024-02-08 13:55:55 us=154362   replay_time = 15
2024-02-08 13:55:55 us=154368   packet_id_file = '[UNDEF]'
2024-02-08 13:55:55 us=154375   test_crypto = DISABLED
2024-02-08 13:55:55 us=154382   tls_server = DISABLED
2024-02-08 13:55:55 us=154388   tls_client = ENABLED
2024-02-08 13:55:55 us=154395   ca_file = '[INLINE]'
2024-02-08 13:55:55 us=154401   ca_path = '[UNDEF]'
2024-02-08 13:55:55 us=154408   dh_file = '[UNDEF]'
2024-02-08 13:55:55 us=154414   cert_file = '[UNDEF]'
2024-02-08 13:55:55 us=154421   extra_certs_file = '[UNDEF]'
2024-02-08 13:55:55 us=154427   priv_key_file = '[UNDEF]'
2024-02-08 13:55:55 us=154434   pkcs12_file = '[UNDEF]'
2024-02-08 13:55:55 us=154441   cipher_list = '[UNDEF]'
2024-02-08 13:55:55 us=154447   cipher_list_tls13 = '[UNDEF]'
2024-02-08 13:55:55 us=154453   tls_cert_profile = '[UNDEF]'
2024-02-08 13:55:55 us=154460   tls_verify = '[UNDEF]'
2024-02-08 13:55:55 us=154467   tls_export_cert = '[UNDEF]'
2024-02-08 13:55:55 us=154473   verify_x509_type = 0
2024-02-08 13:55:55 us=154479   verify_x509_name = '[UNDEF]'
2024-02-08 13:55:55 us=154486   crl_file = '[UNDEF]'
2024-02-08 13:55:55 us=154492   ns_cert_type = 0
2024-02-08 13:55:55 us=154499   remote_cert_ku[i] = 65535
2024-02-08 13:55:55 us=154506   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154512   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154519   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154526   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154532   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154538   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154545   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154551   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154558   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154564   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154571   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154577   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154584   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154590   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154597   remote_cert_ku[i] = 0
2024-02-08 13:55:55 us=154603   remote_cert_eku = 'TLS Web Server Authentication'
2024-02-08 13:55:55 us=154610   ssl_flags = 192
2024-02-08 13:55:55 us=154617   tls_timeout = 2
2024-02-08 13:55:55 us=154623   renegotiate_bytes = -1
2024-02-08 13:55:55 us=154630   renegotiate_packets = 0
2024-02-08 13:55:55 us=154637   renegotiate_seconds = 3600
2024-02-08 13:55:55 us=154644   handshake_window = 60
2024-02-08 13:55:55 us=154650   transition_window = 3600
2024-02-08 13:55:55 us=154657   single_session = DISABLED
2024-02-08 13:55:55 us=154663   push_peer_info = DISABLED
2024-02-08 13:55:55 us=154670   tls_exit = DISABLED
2024-02-08 13:55:55 us=154676   tls_crypt_v2_metadata = '[UNDEF]'
2024-02-08 13:55:55 us=154683   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154690   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154696   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154703   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154710   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154716   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154723   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154729   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154736   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154742   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154749   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154755   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154762   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154769   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154776   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154782   pkcs11_protected_authentication = DISABLED
2024-02-08 13:55:55 us=154789   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154796   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154802   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154809   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154816   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154822   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154829   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154835   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154842   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154848   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154855   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154861   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154868   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154874   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154881   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154887   pkcs11_private_mode = 00000000
2024-02-08 13:55:55 us=154893   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154900   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154907   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154913   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154919   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154926   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154932   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154938   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154944   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154951   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154957   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154963   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154970   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154977   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154983   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154990   pkcs11_cert_private = DISABLED
2024-02-08 13:55:55 us=154996   pkcs11_pin_cache_period = -1
2024-02-08 13:55:55 us=155003   pkcs11_id = '[UNDEF]'
2024-02-08 13:55:55 us=155009   pkcs11_id_management = DISABLED
2024-02-08 13:55:55 us=155017   server_network = 0.0.0.0
2024-02-08 13:55:55 us=155024   server_netmask = 0.0.0.0
2024-02-08 13:55:55 us=155032   server_network_ipv6 = ::
2024-02-08 13:55:55 us=155039   server_netbits_ipv6 = 0
2024-02-08 13:55:55 us=155045   server_bridge_ip = 0.0.0.0
2024-02-08 13:55:55 us=155053   server_bridge_netmask = 0.0.0.0
2024-02-08 13:55:55 us=155063   server_bridge_pool_start = 0.0.0.0
2024-02-08 13:55:55 us=155070   server_bridge_pool_end = 0.0.0.0
2024-02-08 13:55:55 us=155077   ifconfig_pool_defined = DISABLED
2024-02-08 13:55:55 us=155084   ifconfig_pool_start = 0.0.0.0
2024-02-08 13:55:55 us=155091   ifconfig_pool_end = 0.0.0.0
2024-02-08 13:55:55 us=155098   ifconfig_pool_netmask = 0.0.0.0
2024-02-08 13:55:55 us=155105   ifconfig_pool_persist_filename = '[UNDEF]'
2024-02-08 13:55:55 us=155112   ifconfig_pool_persist_refresh_freq = 600
2024-02-08 13:55:55 us=155119   ifconfig_ipv6_pool_defined = DISABLED
2024-02-08 13:55:55 us=155125   ifconfig_ipv6_pool_base = ::
2024-02-08 13:55:55 us=155132   ifconfig_ipv6_pool_netbits = 0
2024-02-08 13:55:55 us=155139   n_bcast_buf = 256
2024-02-08 13:55:55 us=155146   tcp_queue_limit = 64
2024-02-08 13:55:55 us=155152   real_hash_size = 256
2024-02-08 13:55:55 us=155159   virtual_hash_size = 256
2024-02-08 13:55:55 us=155166   client_connect_script = '[UNDEF]'
2024-02-08 13:55:55 us=155172   learn_address_script = '[UNDEF]'
2024-02-08 13:55:55 us=155180   client_disconnect_script = '[UNDEF]'
2024-02-08 13:55:55 us=155186   client_crresponse_script = '[UNDEF]'
2024-02-08 13:55:55 us=155193   client_config_dir = '[UNDEF]'
2024-02-08 13:55:55 us=155200   ccd_exclusive = DISABLED
2024-02-08 13:55:55 us=155206   tmp_dir = '/tmp'
2024-02-08 13:55:55 us=155213   push_ifconfig_defined = DISABLED
2024-02-08 13:55:55 us=155220   push_ifconfig_local = 0.0.0.0
2024-02-08 13:55:55 us=155227   push_ifconfig_remote_netmask = 0.0.0.0
2024-02-08 13:55:55 us=155234   push_ifconfig_ipv6_defined = DISABLED
2024-02-08 13:55:55 us=155241   push_ifconfig_ipv6_local = ::/0
2024-02-08 13:55:55 us=155248   push_ifconfig_ipv6_remote = ::
2024-02-08 13:55:55 us=155254   enable_c2c = DISABLED
2024-02-08 13:55:55 us=155261   duplicate_cn = DISABLED
2024-02-08 13:55:55 us=155267   cf_max = 0
2024-02-08 13:55:55 us=155274   cf_per = 0
2024-02-08 13:55:55 us=155281   cf_initial_max = 100
2024-02-08 13:55:55 us=155287   cf_initial_per = 10
2024-02-08 13:55:55 us=155294   max_clients = 1024
2024-02-08 13:55:55 us=155300   max_routes_per_client = 256
2024-02-08 13:55:55 us=155307   auth_user_pass_verify_script = '[UNDEF]'
2024-02-08 13:55:55 us=155313   auth_user_pass_verify_script_via_file = DISABLED
2024-02-08 13:55:55 us=155321   auth_token_generate = DISABLED
2024-02-08 13:55:55 us=155327   auth_token_lifetime = 0
2024-02-08 13:55:55 us=155334   auth_token_secret_file = '[UNDEF]'
2024-02-08 13:55:55 us=155340   port_share_host = '[UNDEF]'
2024-02-08 13:55:55 us=155347   port_share_port = '[UNDEF]'
2024-02-08 13:55:55 us=155353   vlan_tagging = DISABLED
2024-02-08 13:55:55 us=155360   vlan_accept = all
2024-02-08 13:55:55 us=155366   vlan_pvid = 1
2024-02-08 13:55:55 us=155373   client = ENABLED
2024-02-08 13:55:55 us=155379   pull = ENABLED
2024-02-08 13:55:55 us=155386   auth_user_pass_file = 'stdin'
2024-02-08 13:55:55 us=155394 OpenVPN 2.6.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]
2024-02-08 13:55:55 us=155409 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
Enter Auth Username: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Enter Auth Password: ********************************
2024-02-08 13:56:49 us=577236 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-02-08 13:56:50 us=149698 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-02-08 13:56:50 us=149976 TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.86:1194
2024-02-08 13:56:50 us=150108 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 13:56:50 us=150163 UDPv4 link local: (not bound)
2024-02-08 13:56:50 us=150193 UDPv4 link remote: [AF_INET]185.210.218.86:1194
WR2024-02-08 13:56:50 us=264085 TLS: Initial packet from [AF_INET]185.210.218.86:1194, sid=f49fc762 cb41c14d
2024-02-08 13:56:50 us=264288 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WWWWW2024-02-08 13:57:50 us=560235 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-08 13:57:50 us=560343 TLS Error: TLS handshake failed
2024-02-08 13:57:50 us=560699 TCP/UDP: Closing socket
2024-02-08 13:57:50 us=560802 SIGUSR1[soft,tls-error] received, process restarting
2024-02-08 13:57:50 us=560880 Restart pause, 1 second(s)
2024-02-08 13:57:51 us=563686 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-02-08 13:57:52 us=145173 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-02-08 13:57:52 us=145420 TCP/UDP: Preserving recently used remote address: [AF_INET]185.210.218.86:1194
2024-02-08 13:57:52 us=145585 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 13:57:52 us=145651 UDPv4 link local: (not bound)
2024-02-08 13:57:52 us=145701 UDPv4 link remote: [AF_INET]185.210.218.86:1194
WR2024-02-08 13:57:52 us=257800 TLS: Initial packet from [AF_INET]185.210.218.86:1194, sid=e390364a 7dd291ab
WWWWW2024-02-08 13:58:52 us=275587 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-02-08 13:58:52 us=275685 TLS Error: TLS handshake failed
2024-02-08 13:58:52 us=276004 TCP/UDP: Closing socket
2024-02-08 13:58:52 us=276096 SIGUSR1[soft,tls-error] received, process restarting
2024-02-08 13:58:52 us=276163 Restart pause, 1 second(s)
2024-02-08 13:58:53 us=278950 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-02-08 13:58:54 us=144200 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-02-08 13:58:54 us=144446 TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.102.98:1194
2024-02-08 13:58:54 us=144550 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-08 13:58:54 us=144593 UDPv4 link local: (not bound)
2024-02-08 13:58:54 us=144624 UDPv4 link remote: [AF_INET]89.46.102.98:1194
WR2024-02-08 13:58:54 us=256012 TLS: Initial packet from [AF_INET]89.46.102.98:1194, sid=30bf3f92 ffd38b16
WWWWW

marel · February 9, 2024, 5:31pm

A pity also TCP does not work and -verb 5 gives also no additional details.

I think you still have two options if you want to stick with Kaspersky:

Use your Windows machine or mobile phone or proxy
Downgrade openvpn

I wouldn’t be too afraid using and older version of openvpn.

Ahmose · February 9, 2024, 6:02pm

Thank you for your support and your time, I really appreciate!