Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

The network with few opened outside ports. How2 connect to OVPN servers?

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
Scarface
Posts: 3
Joined: Sat Nov 03, 2018 5:28 pm

The network with few opened outside ports. How2 connect to OVPN servers?

Post by Scarface » Sat Nov 03, 2018 6:35 pm

Hello.
Tried to connect to any config here (Ed448, Ed25519, ECC and RSA too). But without success. From different network all works fine.
I've checked with nMap and see this:

Code: Select all

MacBook:~ User$ nmap -p T:1-65000 login.icq.com
Starting Nmap 7.70 ( https://nmap.org ) at 2018-11-03 14:19 CET
Nmap scan report for login.icq.com (178.237.20.58)
Host is up (0.016s latency).
rDNS record for 178.237.20.58: login.ovip.icq.com
Not shown: 64995 closed ports
PORT   STATE  SERVICE
80/tcp  open   http
443/tcp open   https
465/tcp filtered smtps
3128/tcp open   squid-http
8080/tcp filtered http-proxy

Nmap done: 1 IP address (1 host up) scanned in 46.51 seconds
I'm seeing that 443 port is open and I saw that RSA config have a exactly 443 port, but I tried and without success.
Any ideas?Topic Author
Scarface
Posts: 3
Joined: Sat Nov 03, 2018 5:28 pm

Re: The network with few opened outside ports. How2 connect to OVPN servers?

Post by Scarface » Sun Nov 04, 2018 11:02 am

Here it is for ed448:
2018-11-03 12:50:44 *Tunnelblick: openvpnstart starting OpenVPN
2018-11-03 12:50:44 *Tunnelblick: Established communication with OpenVPN
2018-11-03 12:50:44 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2018-11-03 12:50:44 *Tunnelblick: Obtained VPN username and password from the Keychain
2018-11-03 12:50:44 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 29 2018
2018-11-03 12:50:44 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.10
2018-11-03 12:50:44 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:53271
2018-11-03 12:50:44 Need hold release from management interface, waiting...
2018-11-03 12:50:44 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:53271
2018-11-03 12:50:44 MANAGEMENT: CMD 'pid'
2018-11-03 12:50:44 MANAGEMENT: CMD 'auth-retry interact'
2018-11-03 12:50:44 MANAGEMENT: CMD 'state on'
2018-11-03 12:50:44 NOTE: --mute triggered...
2018-11-03 12:50:44 5 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 12:50:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-11-03 12:50:44 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 12:50:44 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-03 12:50:44 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 12:50:44 NOTE: --mute triggered...
2018-11-03 12:50:44 1 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 12:50:44 MANAGEMENT: >STATE:1541245844,RESOLVE,,,,,,
2018-11-03 12:50:45 TCP/UDP: Preserving recently used remote address: [AF_INET]108.62.5.173:5062
2018-11-03 12:50:45 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-11-03 12:50:45 UDP link local (bound): [AF_INET][undef]:1194
2018-11-03 12:50:45 UDP link remote: [AF_INET]108.62.5.173:5062
2018-11-03 12:50:45 MANAGEMENT: >STATE:1541245845,WAIT,,,,,,
2018-11-03 12:51:45 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-03 12:51:45 TLS Error: TLS handshake failed
2018-11-03 12:51:45 SIGUSR1[soft,tls-error] received, process restarting
2018-11-03 12:51:45 MANAGEMENT: >STATE:1541245905,RECONNECTING,tls-error,,,,,
2018-11-03 12:51:45 MANAGEMENT: CMD 'hold release'
2018-11-03 12:51:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-11-03 12:51:45 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 12:51:45 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-03 12:51:45 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 12:51:45 NOTE: --mute triggered...
2018-11-03 12:51:45 1 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 12:51:45 TCP/UDP: Preserving recently used remote address: [AF_INET]173.208.77.65:5062
2018-11-03 12:51:45 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-11-03 12:51:45 UDP link local (bound): [AF_INET][undef]:1194
2018-11-03 12:51:45 UDP link remote: [AF_INET]173.208.77.65:5062
2018-11-03 12:51:45 MANAGEMENT: >STATE:1541245905,WAIT,,,,,,
2018-11-03 12:51:45 MANAGEMENT: CMD 'hold release'
2018-11-03 12:52:08 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2018-11-03 12:52:09 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2018-11-03 12:52:09 *Tunnelblick: Disconnecting using 'kill'
2018-11-03 12:52:09 event_wait : Interrupted system call (code=4)
2018-11-03 12:52:09 SIGTERM received, sending exit notification to peer
2018-11-03 12:52:10 event_wait : Interrupted system call (code=4)
2018-11-03 12:52:10 SIGTERM[hard,] received, process exiting
2018-11-03 12:52:10 MANAGEMENT: >STATE:1541245930,EXITING,SIGTERM,,,,,
2018-11-03 12:52:10 *Tunnelblick: No 'post-disconnect.sh' script to execute
2018-11-03 12:52:11 *Tunnelblick: Expected disconnection occurred.
And here it is for ECC:
2018-11-03 13:01:14 *Tunnelblick: Established communication with OpenVPN
2018-11-03 13:01:14 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2018-11-03 13:01:14 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 29 2018
2018-11-03 13:01:14 library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.10
2018-11-03 13:01:14 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:64974
2018-11-03 13:01:14 Need hold release from management interface, waiting...
2018-11-03 13:01:14 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:64974
2018-11-03 13:01:14 MANAGEMENT: CMD 'pid'
2018-11-03 13:01:14 MANAGEMENT: CMD 'auth-retry interact'
2018-11-03 13:01:14 MANAGEMENT: CMD 'state on'
2018-11-03 13:01:14 NOTE: --mute triggered...
2018-11-03 13:01:14 *Tunnelblick: openvpnstart starting OpenVPN
2018-11-03 13:01:33 5 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 13:01:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-11-03 13:01:33 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 13:01:33 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-03 13:01:33 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 13:01:33 NOTE: --mute triggered...
2018-11-03 13:01:33 1 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 13:01:33 MANAGEMENT: >STATE:1541246493,RESOLVE,,,,,,
2018-11-03 13:01:33 TCP/UDP: Preserving recently used remote address: [AF_INET]209.58.147.37:5060
2018-11-03 13:01:33 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-11-03 13:01:33 UDP link local (bound): [AF_INET][undef]:1194
2018-11-03 13:01:33 UDP link remote: [AF_INET]209.58.147.37:5060
2018-11-03 13:01:33 MANAGEMENT: >STATE:1541246493,WAIT,,,,,,
2018-11-03 13:02:33 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-03 13:02:33 TLS Error: TLS handshake failed
2018-11-03 13:02:33 SIGUSR1[soft,tls-error] received, process restarting
2018-11-03 13:02:33 MANAGEMENT: >STATE:1541246553,RECONNECTING,tls-error,,,,,
2018-11-03 13:02:33 MANAGEMENT: CMD 'hold release'
2018-11-03 13:02:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-11-03 13:02:33 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 13:02:33 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-03 13:02:33 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 13:02:33 NOTE: --mute triggered...
2018-11-03 13:02:33 1 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 13:02:33 TCP/UDP: Preserving recently used remote address: [AF_INET]192.158.232.98:5060
2018-11-03 13:02:33 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-11-03 13:02:33 UDP link local (bound): [AF_INET][undef]:1194
2018-11-03 13:02:33 UDP link remote: [AF_INET]192.158.232.98:5060
2018-11-03 13:02:33 MANAGEMENT: >STATE:1541246553,WAIT,,,,,,
2018-11-03 13:02:33 MANAGEMENT: CMD 'hold release'
2018-11-03 13:03:33 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2018-11-03 13:03:33 TLS Error: TLS handshake failed
2018-11-03 13:03:33 SIGUSR1[soft,tls-error] received, process restarting
2018-11-03 13:03:33 MANAGEMENT: >STATE:1541246613,RECONNECTING,tls-error,,,,,
2018-11-03 13:03:33 MANAGEMENT: CMD 'hold release'
2018-11-03 13:03:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-11-03 13:03:33 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 13:03:33 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2018-11-03 13:03:33 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2018-11-03 13:03:33 NOTE: --mute triggered...
2018-11-03 13:03:33 1 variation(s) on previous 3 message(s) suppressed by --mute
2018-11-03 13:03:33 TCP/UDP: Preserving recently used remote address: [AF_INET]185.212.169.142:5060
2018-11-03 13:03:33 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-11-03 13:03:33 UDP link local (bound): [AF_INET][undef]:1194
2018-11-03 13:03:33 UDP link remote: [AF_INET]185.212.169.142:5060
2018-11-03 13:03:33 MANAGEMENT: >STATE:1541246613,WAIT,,,,,,
2018-11-03 13:03:33 MANAGEMENT: CMD 'hold release'


Guest

Re: The network with few opened outside ports. How2 connect to OVPN servers?

Post by Guest » Mon Nov 05, 2018 5:01 am

Your nmap output shows that port 443/tcp is open and your openvpn logs show that you are connecting using UDP. Are you using the UDP RSA configs or the TCP configs?

If you are not using the TCP configs this is likely the issue.

User avatar

df
Site Admin
Posts: 420
Joined: Thu Jan 01, 1970 5:00 am

Re: The network with few opened outside ports. How2 connect to OVPN servers?

Post by df » Mon Nov 05, 2018 12:20 pm

@Scarface
See email

Also, when I scan login.ovip.icq.com for those ports from an unfiltered system I see something different:
80/tcp open http
443/tcp open https
465/tcp closed smtps
3128/tcp closed squid-http
8080/tcp closed http-proxy
Most likely that means your ISP is blocking ports 465 and 8080, but redirecting port 3128 (maybe there's a proxy on your network that all systems are forced to use?)

Anyways, for more thorough results, scan one of our VPN IPs:
nmap -sT -Pn -T5 -vvv -n -p1-29999 balancer.cstorm.is
The only ports that will show as closed on our VPN IPs are 30000 through 65535, since they're reserved for port forwarding.
So for those IPs, any ports between 1 and 29999 that nmap shows as closed or filtered is being blocked by a firewall somewhere.
Probably should decrease -T5 to something like -T2 as well, since -T5 is the highest speed setting and that alone might be blocked by some firewalls regardless of whether that port is allowed.


Topic Author
Scarface
Posts: 3
Joined: Sat Nov 03, 2018 5:28 pm

Re: The network with few opened outside ports. How2 connect to OVPN servers?

Post by Scarface » Mon Nov 05, 2018 6:43 pm

Guest wrote:Your nmap output shows that port 443/tcp is open and your openvpn logs show that you are connecting using UDP. Are you using the UDP RSA configs or the TCP configs?

If you are not using the TCP configs this is likely the issue.
Thanks, it's my fault. I'm trying to use TCP RSA with default 443 port on it, and it's works!

Post Reply