Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Problems with vpn road warrior " tls-crypt unwrap error: packet too short "
« previous
next »
Print
Pages: [
1
]
Author
Topic: Problems with vpn road warrior " tls-crypt unwrap error: packet too short " (Read 2298 times)
litusbdn
Newbie
Posts: 21
Karma: 0
Problems with vpn road warrior " tls-crypt unwrap error: packet too short "
«
on:
October 25, 2021, 10:05:08 pm »
Good evening,
We have tried to set up a vpn road warrior with OpenVPN, following the OPNSENSE guide.
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
It is not the first time we set up the vpn road warrior, in other occasions we have set it up and it worked without problems, but now we have a problem, we can't connect, according to the logs, it seems something related to encryption.
I attach details of the configuration, and logs obtained in the opnsense and openvpn client.
Firewall OpenVPN Log:
2021-10-25T19:58:14 openvpn[71085] TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175
2021-10-25T19:58:14 openvpn[71085] tls-crypt unwrap error: packet too short
2021-10-25T19:58:06 openvpn[71085] TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175
2021-10-25T19:58:06 openvpn[71085] tls-crypt unwrap error: packet too short
2021-10-25T19:58:02 openvpn[71085] TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175
2021-10-25T19:58:02 openvpn[71085] tls-crypt unwrap error: packet too short
2021-10-25T19:57:59 openvpn[71085] TLS Error: tls-crypt unwrapping failed from [AF_INET]92.178.XX.XX:61175
2021-10-25T19:57:59 openvpn[71085] tls-crypt unwrap error: packet too short
OpenVPN log in road warrior computer:
Mon Oct 25 21:57:53 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Mon Oct 25 21:57:53 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mon Oct 25 21:57:53 2021 OpenVPN 2.5.4 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 20 2021
Mon Oct 25 21:57:53 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Mon Oct 25 21:57:53 2021 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Mon Oct 25 21:58:00 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:58:00 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 21:58:00 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:59:01 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 21:59:01 2021 TLS Error: TLS handshake failed
Mon Oct 25 21:59:01 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 21:59:06 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 21:59:06 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 21:59:06 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:00:06 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 22:00:06 2021 TLS Error: TLS handshake failed
Mon Oct 25 22:00:06 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 22:00:11 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:00:11 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 22:00:11 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:01:11 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Oct 25 22:01:11 2021 TLS Error: TLS handshake failed
Mon Oct 25 22:01:11 2021 SIGUSR1[soft,tls-error] received, process restarting
Mon Oct 25 22:01:16 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]213.96.XX.XXX:1194
Mon Oct 25 22:01:16 2021 UDP link local (bound): [AF_INET][undef]:0
Mon Oct 25 22:01:16 2021 UDP link remote: [AF_INET]213.96.XX.XXX:1194
See attachment .
Thanks,
Carles.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Problems with vpn road warrior " tls-crypt unwrap error: packet too short "