Hi All
I'm trying to use OpenVPN to connect to what our client tells us is a 'Microsoft' VPN. There's no certificate, just a url, username and password. All works fine from a Windows desktop, so I know the VPN is working.
This is the configuration I've tried:
# config.ovpn dev tun0 client proto tcp capath . remote remote.xxx.org.uk 1723 auth-user-pass pass.txt
# pass.txt <username> <password>
openvpn --config config.opvn
gives me:
Wed Jul 19 11:15:50 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017 Wed Jul 19 11:15:50 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Wed Jul 19 11:15:50 2017 WARNING: file 'pass.txt' is group or others accessible Wed Jul 19 11:15:50 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Jul 19 11:15:50 2017 WARNING: experimental option --capath . Wed Jul 19 11:15:50 2017 Attempting to establish TCP connection with [AF_INET]81.138.76.148:1723 [nonblock] Wed Jul 19 11:15:51 2017 TCP connection established with [AF_INET]81.138.76.148:1723 Wed Jul 19 11:15:51 2017 TCPv4_CLIENT link local: [undef] Wed Jul 19 11:15:51 2017 TCPv4_CLIENT link remote: [AF_INET]81.138.76.148:1723 Wed Jul 19 11:16:20 2017 Connection reset, restarting [0] Wed Jul 19 11:16:20 2017 SIGUSR1[soft,connection-reset] received, process restarting Wed Jul 19 11:16:25 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Jul 19 11:16:25 2017 WARNING: experimental option --capath . Wed Jul 19 11:16:25 2017 Attempting to establish TCP connection with [AF_INET]81.138.76.148:1723 [nonblock] Wed Jul 19 11:16:26 2017 TCP connection established with [AF_INET]81.138.76.148:1723 Wed Jul 19 11:16:26 2017 TCPv4_CLIENT link local: [undef] Wed Jul 19 11:16:26 2017 TCPv4_CLIENT link remote: [AF_INET]81.138.76.148:1723
And with:
sudo tcpdump -i enp0s25 host remote.xxxx.org.uk
at the same time, I get:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s25, link-type EN10MB (Ethernet), capture size 262144 bytes 15:56:05.845738 IP 192.168.1.31.50766 > remote.xxxx.org.uk.1723: Flags [S], seq 1706890924, win 29200, options [mss 1460,sackOK,TS val 441917 ecr 0,nop,wscale 7], length 0 15:56:05.864738 IP remote.xxxx.org.uk.1723 > 192.168.1.31.50766: Flags [S.], seq 737349215, ack 1706890925, win 8192, options [mss 1402,nop,wscale 8,sackOK,TS val 792826942 ecr 441917], length 0 15:56:05.864773 IP 192.168.1.31.50766 > remote.xxxx.org.uk.1723: Flags [.], ack 1, win 229, options [nop,nop,TS val 441922 ecr 792826942], length 0 15:56:06.845981 IP 192.168.1.31.50766 > remote.wlma.org.uk.1723: Flags [P.], seq 1:17, ack 1, win 229, options [nop,nop,TS val 442167 ecr 792826942], length 16: pptp UNEXPECTED Magic-Cookie!!(c587905e) Magic-Cookie=c587905e UNKNOWN_CTRL_MSGTYPE(62247) 15:56:06.925259 IP remote.xxxx.org.uk.1723 > 192.168.1.31.50766: Flags [.], ack 17, win 260, options [nop,nop,TS val 792828002 ecr 442167], length 0 15:56:08.932319 IP 192.168.1.31.50766 > remote.xxxx.org.uk.1723: Flags [P.], seq 17:33, ack 1, win 229, options [nop,nop,TS val 442689 ecr 792828002], length 16: pptp UNEXPECTED Magic-Cookie!!(c587905e) Magic-Cookie=c587905e UNKNOWN_CTRL_MSGTYPE(62247) 15:56:09.012049 IP remote.xxxx.org.uk.1723 > 192.168.1.31.50766: Flags [.], ack 33, win 260, options [nop,nop,TS val 792830089 ecr 442689], length 0 15:56:12.061655 IP 192.168.1.31.50766 > remote.xxxx.org.uk.1723: Flags [P.], seq 33:49, ack 1, win 229, options [nop,nop,TS val 443471 ecr 792830089], length 16: pptp UNEXPECTED Magic-Cookie!!(c587905e) Magic-Cookie=c587905e UNKNOWN_CTRL_MSGTYPE(62247) 15:56:12.130397 IP remote.xxxx.org.uk.1723 > 192.168.1.31.50766: Flags [.], ack 49, win 260, options [nop,nop,TS val 792833208 ecr 443471], length 0 15:56:20.745268 IP 192.168.1.31.50766 > remote.xxxx.org.uk.1723: Flags [P.], seq 49:65, ack 1, win 229, options [nop,nop,TS val 445642 ecr 792833208], length 16: pptp UNEXPECTED Magic-Cookie!!(c587905e) Magic-Cookie=c587905e UNKNOWN_CTRL_MSGTYPE(62247) 15:56:20.823394 IP remote.xxx.org.uk.1723 > 192.168.1.31.50766: Flags [.], ack 65, win 260, options [nop,nop,TS val 792841900 ecr 445642], length 0
I'm really not sure what I'm looking at. Can anyone guide me in the right direction?
Thanks Paul
On Thu, Jul 20, 2017 at 06:56:31PM +0100, Paul Grenyer wrote:
Hi All
I'm trying to use OpenVPN to connect to what our client tells us is a 'Microsoft' VPN. There's no certificate, just a url, username and password. All works fine from a Windows desktop, so I know the VPN is working.
OpenVPN is its own thing. Last time I had to deal with a `Microsoft' based VPN it was using PPTP. Perhaps you need to try a different client that supports this?
J.
-
Jonathan McDowell -
Paul Grenyer