Difference between revisions of "Prevent SSL Handshake Timeouts In OpenVPN"
(Created page with 'Some users may experience "SSL\TLS handshake" timeouts, this may happen when somehow these packets get corrupt, regardless of their protocol (TCP/UDP) or port.<br> Now we're goin…') |
(No difference)
|
Latest revision as of 19:58, 21 October 2010
Some users may experience "SSL\TLS handshake" timeouts, this may happen when somehow these packets get corrupt, regardless of their protocol (TCP/UDP) or port.
Now we're going to add "HMAC signature" to packets, so that every packet not bearing the signature can be dropped, after adding this your connection will be more secure & those timeouts will dissapear!
Here is how:
Things to do on server :
Open "Terminal" or use SSH to login into server as root, run these commands:
- cd /etc/openvpn/amahi
- openvpn -–genkey -–secret ta.key
- If using Terminal:
- gedit /etc/openvpn/amahi.conf
- If using SSH:
- nano /etc/openvpn/amahi.conf
Now add these lines to the end of file:
- tls-auth /etc/openvpn/amahi/ta.key 0
- cipher AES-256-CBC
Save the config file:
- If using Terminal : Save the file (Ctrl+s)
- If using SSH: press Ctrl+x , then y ,then press Enter
Let's restart openvpn service:
- service openvpn restart
You'll get something like this after this command :
- Shutting down openvpn.... [OK]
- Starting openvpn... [OK]
OK, there is one more thing left to do on server, you need to copy "ta.key" to a shared folder, because you have to use it on VPN client. a simple way to do this is to enter the following command, it will copy "ta.key" to "Docs" share folder which is accessible via Windows Share:
- cp /etc/openvpn/amahi/ta.key /var/hda/files/docs
Things to do on Client:
- If using windows: Run HDAConnect GUI, right-click on the red "A" icon in tray & choose "Edit Config".
- If using other OS, you need to edit OpenVpn client config file via a text editor.
Now add these lines to end of the file:
- tls-auth ta.key 1
- cipher AES-256-CBC
Then save it, now we need to copy "ta.key" to the folder where the config file exists.
- On 32-bit Windows it should be copied to "C:\Program files\HDAConnect\config".
- On 64-bit Windows copy it to "C:\Program Files (x86)\HDAConnect\config".
- On other OS, it should be placed where the config file exists.
Done!
Everything is set, fire up Openvpn client and use your username/password to connect.
(As you know you cannot make a vpn tunnel from yourself to yourself! so you have to test it from another network.)