I’m trying to set up an OpenVPN server so I can use the OpenVPN for Android app to connect my smartphone to my home Internet connection when I’m using public Wi-Fi. I’ve heard plenty of horror stories about eavesdropping when working with sensitive information.
I followed the directions in chapters 14 & 15 of the OpenSUSE 12.3 documentation to generate certificates/keys via YaST and then set up the server. I have also set up my router and firewall to allow UDP connections over port 1194.
When I try to connect to my server from my phone, this is what I get:
No process running.
Running on Galaxy Nexus (tuna) google, Android AP 17, version 0.5.36a, official build
Log cleared.
Building configuration…
started Socket Thread
P:Initializing Google Breakpad!
P:OpenVPN 2.3.1+dspatch3 android-14-armeabi-v7a [SSLLL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr 1 2013
Network Status: CONNECTED UMTS to mobile epc.tmobile.com
P:Protecting socket fd 4
P:UDP link local (bound): [AF_INET][undef]:1194
P:UDP link remote: [AF_INET]myserver’sIPaddress:1194
P:TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
P:TLS Error: TLS object → incoming plaintext read error
P:TLS Error: TLS handshake failed
P:SIGUSR1[soft,tls-error] received, process restarting
P:SIGINT[hard,init_instance] received, process exiting
And this a sample of what I see on my server’s log file:
Sat Apr 6 11:53:25 2013 us=547639 MULTI: multi_create_instance called
Sat Apr 6 11:53:25 2013 us=547697 208.54.40.146:23379 Re-using SSL/TLS context
Sat Apr 6 11:53:25 2013 us=547746 208.54.40.146:23379 LZO compression initialized
Sat Apr 6 11:53:25 2013 us=547951 208.54.40.146:23379 Control Channel MTU parms L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 6 11:53:25 2013 us=547968 208.54.40.146:23379 Data Channel MTU parms L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 6 11:53:25 2013 us=548038 208.54.40.146:23379 Local Options String: ‘V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Sat Apr 6 11:53:25 2013 us=548060 208.54.40.146:23379 Expected Remote Options String: ‘V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Sat Apr 6 11:53:25 2013 us=548089 208.54.40.146:23379 Local Options hash (VER=V4): ‘530fdded’
Sat Apr 6 11:53:25 2013 us=548105 208.54.40.146:23379 Expected Remote Options hash (VER=V4): ‘41690919’
Sat Apr 6 11:53:25 2013 us=548159 208.54.40.146:23379 TLS: Initial packet from 208.54.40.146:23379, sid=6a7e4ac8 179a3e34
Sat Apr 6 11:53:27 2013 us=856742 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:27 2013 us=859302 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:27 2013 us=863038 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:30 2013 us=152719 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:30 2013 us=160260 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:31 2013 us=347855 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:32 2013 us=582402 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:34 2013 us=865135 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:36 2013 us=58333 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:36 2013 us=218931 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:37 2013 us=388154 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:43 2013 us=293033 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:43 2013 us=958659 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:45 2013 us=762473 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:53:46 2013 us=94859 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:54:01 2013 us=478333 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:54:01 2013 us=490800 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:54:01 2013 us=499982 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:54:02 2013 us=773840 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Sat Apr 6 11:54:25 2013 us=946897 208.54.40.146:23379 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Apr 6 11:54:25 2013 us=946915 208.54.40.146:23379 TLS Error: TLS handshake failed
Sat Apr 6 11:54:25 2013 us=947026 208.54.40.146:23379 SIGUSR1[soft,tls-error] received, client-instance restarting
Can you help me understand this problem?