I have been using and enjoying pivpn for nearly a year now. I am running pivpn and Pi-hole on the same RasPi without issues until now. Recently I have not changed anything besides the occasional apt update&upgrade. But now my devices cannot connect to the VPN. They do seem to reach it, as the IP address resolves and the client briefly shows in pivpn -c output, if I get the timing right. Below are outputs of pivpn -c and -d and also output of OpenVPN windows client.
How it looks when I try to connect. I see the connection briefly appear, then disappear. The client never says it's connected.
$ pivpn -c
: NOTE : The output below is NOT real-time!
: : It may be off by a few minutes.
::: Client Status List :::
Bytes Bytes Name Remote IP Virtual IP Received Sent Connected Since
numfmt: invalid number: ‘Fri’ UNDEF CLIENT_IP:36868 556 3.8KiB 6 13:30:08 1530883808 2018 -
Debug output from pivpn -d
::: Generating Debug Output
::: :::
:: PiVPN Debug ::
::: :::
:: Latest Commit ::
::: :::
commit 72b3dc24e7959e61e0233f2fde278bfc6498c114
Merge: 041d410 4e814fc
Author: redfast00 <redfast00@users.noreply.github.com>
Date: Fri Dec 22 12:51:48 2017 +0100
Merge pull request #432 from pivpn/cfcolaco-Patch
Updated Issue Template
::: :::
:: Recursive list of files in ::
:: /etc/openvpn/easy-rsa/pki ::
::: :::
/etc/openvpn/easy-rsa/pki/:
ca.crt
crl.pem
cert1.ovpn
Default.txt
dh4096.pem
cert2.ovpn
index.txt
index.txt.attr
index.txt.attr.old
index.txt.old
issued
cert3.ovpn
private
serial
serial.old
ta.key
/etc/openvpn/easy-rsa/pki/issued:
cert1.crt
cert2.crt
cert3.crt
server_F7d0wIVWQ6JYr0Sw.crt
/etc/openvpn/easy-rsa/pki/private:
ca.key
cert1.key
cert2.key
cert3.key
server_F7d0wIVWQ6JYr0Sw.key
::: :::
:: Output of /etc/pivpn/* ::
::: :::
:: START /etc/pivpn/DET_PLATFORM ::
Raspbian
:: END /etc/pivpn/DET_PLATFORM ::
:: START /etc/pivpn/INSTALL_PORT ::
1194
:: END /etc/pivpn/INSTALL_PORT ::
:: START /etc/pivpn/INSTALL_PROTO ::
udp
:: END /etc/pivpn/INSTALL_PROTO ::
:: START /etc/pivpn/INSTALL_USER ::
user
:: END /etc/pivpn/INSTALL_USER ::
:: START /etc/pivpn/NO_UFW ::
1
:: END /etc/pivpn/NO_UFW ::
:: START /etc/pivpn/pivpnINTERFACE ::
eth0
:: END /etc/pivpn/pivpnINTERFACE ::
::: :::
:: /etc/openvpn/easy-rsa/pki/Default.txt ::
::: :::
client
dev tun
proto udp
remote SERVER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name server_F7d0wIVWQ6JYr0Sw name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
::: :::
:: Debug Output Complete ::
::: :::
:::
::: Debug output completed above.
::: Copy saved to /tmp/debug.txt
:::
OPENVPN-Windows-Client output:
Fri Jul 06 15:36:00 2018 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Fri Jul 06 15:36:00 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jul 06 15:36:00 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Fri Jul 06 15:36:03 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 06 15:36:03 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:1194
Fri Jul 06 15:36:03 2018 UDP link local: (not bound)
Fri Jul 06 15:36:03 2018 UDP link remote: [AF_INET]SERVER_IP:1194
Fri Jul 06 15:37:03 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul 06 15:37:03 2018 TLS Error: TLS handshake failed
Fri Jul 06 15:37:03 2018 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 06 15:37:08 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP:1194
Fri Jul 06 15:37:08 2018 UDP link local: (not bound)
Fri Jul 06 15:37:08 2018 UDP link remote: [AF_INET]SERVER_IP:1194
As I said, to the best of my knowledge, no configurations have changed, and I am also the only one having access to the Pi. Also the router settings haven't changed.
