[solved] VPN Connection to Zentyal cloud fails on 2.2

[Remon]

Although subscribing to the zentyal cloud can be done OK, I cannot get it online.
In the dashboard it states that the VPN failed and the log tells more. The machine is a install of zentyal 2.2 with filesharing and the cloud client. All updates of modules and system applied.

I already tried removing all modules, rebooting and reinstalling them. What to try ?

Tue Jan 10 09:57:41 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Tue Jan 10 09:57:41 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Jan 10 09:57:41 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 10 09:57:41 2012 WARNING: file '/etc/openvpn/R_D_SRVS_5ac349a8d.conf.d/certificateKey' is group or others accessible
Tue Jan 10 09:57:41 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Tue Jan 10 09:57:42 2012 LZO compression initialized
Tue Jan 10 09:57:42 2012 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Jan 10 09:57:42 2012 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Jan 10 09:57:42 2012 Local Options hash (VER=V4): '31fdf004'
Tue Jan 10 09:57:42 2012 Expected Remote Options hash (VER=V4): '3e6d1056'
Tue Jan 10 09:57:42 2012 Attempting to establish TCP connection with [AF_INET]92.243.6.103:443 [nonblock]
Tue Jan 10 09:57:43 2012 TCP connection established with [AF_INET]92.243.6.103:443
Tue Jan 10 09:57:43 2012 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Jan 10 09:57:43 2012 TCPv4_CLIENT link local: [undef]
Tue Jan 10 09:57:43 2012 TCPv4_CLIENT link remote: [AF_INET]92.243.6.103:443
Tue Jan 10 09:57:43 2012 TLS: Initial packet from [AF_INET]92.243.6.103:443, sid=5dd88df2 47083951
Tue Jan 10 09:57:43 2012 VERIFY OK: depth=1, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=Certification_Authority_Certificate
Tue Jan 10 09:57:43 2012 VERIFY OK: depth=0, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=vpn3.cloud.zentyal.com
Tue Jan 10 09:57:44 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 10 09:57:44 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 10 09:57:44 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jan 10 09:57:44 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 10 09:57:44 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Jan 10 09:57:44 2012 [vpn3.cloud.zentyal.com] Peer Connection Initiated with [AF_INET]92.243.6.103:443
Tue Jan 10 09:57:46 2012 SENT CONTROL [vpn3.cloud.zentyal.com]: 'PUSH_REQUEST' (status=1)
Tue Jan 10 09:57:46 2012 AUTH: Received AUTH_FAILED control message
Tue Jan 10 09:57:46 2012 TCP/UDP: Closing socket
Tue Jan 10 09:57:46 2012 SIGTERM[soft,auth-failure] received, process exiting

[robb]

Tue Jan 10 09:57:44 2012 [vpn3.cloud.zentyal.com] Peer Connection Initiated with [AF_INET]92.243.6.103:443
Tue Jan 10 09:57:46 2012 SENT CONTROL [vpn3.cloud.zentyal.com]: 'PUSH_REQUEST' (status=1)
Tue Jan 10 09:57:46 2012 AUTH: Received AUTH_FAILED control message
Tue Jan 10 09:57:46 2012 TCP/UDP: Closing socket

My best guess is that your credentials fail. Can you log in Zentyal Cloud webinterface?
Can you unsubscribe and resubscribe? What happens then?

* robb calls Quique to have a look...

[Remon]

My best guess is that your credentials fail.
Can you log in Zentyal Cloud webinterface? YES I can
Can you unsubscribe and resubscribe? YES I did, this goes OK but then does not keep the VPN up.
What happens then? The same errors.

Jorge advised to install NTP to be sure the time was right, so I did and rebooted. as well. No result.

FYI: the cloud server nr is 72690.

[sixstone]

Hi Remon,

The problem is related to a bug in the provision process that allows you to create a company name which is not a valid domain name. I have renamed to match a valid domain name.

It is required for you to remove the current server in Zentyal Cloud and unsubscribe and subscribe your server again.

Sorry for the inconvenience.

Let me know if that works for you.

[Remon]

May thanks sixstone, I thought I was loosing it. I cannot remember putting any illegal chars into those fields, but OK another case fixed.
Thanks again.

[intlabs]

I think I am having the same problem. I did not fill out anything in the company information when registering my account.

The dashboard reports:

Connection status    Not connected. Check VPN logs in /var/log/openvpn/

I have also taken this snippet from the log file:

Sat Jun  9 20:58:06 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Sat Jun  9 20:58:06 2012 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jun  9 20:58:06 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Jun  9 20:58:06 2012 WARNING: file '/etc/openvpn/R_D_SRVS_eace54862.conf.d/certificateKey' is group or others accessible
Sat Jun  9 20:58:06 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Sat Jun  9 20:58:06 2012 LZO compression initialized
Sat Jun  9 20:58:06 2012 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Jun  9 20:58:06 2012 RESOLVE: NOTE: vpn2.cloud.zentyal.com resolves to 2 addresses, choosing one by random
Sat Jun  9 20:58:06 2012 Data Channel MTU parms [ L:1574 D:1300 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Jun  9 20:58:06 2012 Local Options hash (VER=V4): 'd79ca330'
Sat Jun  9 20:58:06 2012 Expected Remote Options hash (VER=V4): 'f7df56b8'
Sat Jun  9 20:58:06 2012 Socket Buffers: R=[124928->131072] S=[124928->131072]
Sat Jun  9 20:58:06 2012 UDPv4 link local (bound): [AF_INET]192.168.0.1:51021
Sat Jun  9 20:58:06 2012 UDPv4 link remote: [AF_INET]92.243.6.103:1194
Sat Jun  9 20:58:14 2012 TLS: Initial packet from [AF_INET]92.243.6.103:1194, sid=912a391c 38369612
Sat Jun  9 20:58:23 2012 VERIFY OK: depth=1, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=Certification_Authority_Certificate
Sat Jun  9 20:58:23 2012 VERIFY OK: depth=0, /C=ES/ST=Nation/L=Nowhere/O=ebox-controlcenter.com/CN=vpn2.cloud.zentyal.com
Sat Jun  9 20:58:25 2012 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jun  9 20:58:25 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun  9 20:58:25 2012 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sat Jun  9 20:58:25 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jun  9 20:58:25 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Jun  9 20:58:25 2012 [vpn2.cloud.zentyal.com] Peer Connection Initiated with [AF_INET]92.243.6.103:1194
Sat Jun  9 20:58:27 2012 SENT CONTROL [vpn2.cloud.zentyal.com]: 'PUSH_REQUEST' (status=1)
Sat Jun  9 20:58:27 2012 AUTH: Received AUTH_FAILED control message
Sat Jun  9 20:58:27 2012 SIGTERM received, sending exit notification to peer
Sat Jun  9 20:58:30 2012 TCP/UDP: Closing socket
Sat Jun  9 20:58:30 2012 SIGTERM[soft,exit-with-notification] received, process exiting

If anyone has any advice I would be very appreciative.

Cheers

[Escorpiom]

Seems to be a similar issue.

Code: [Select]

Sat Jun  9 20:58:27 2012 AUTH: Received AUTH_FAILED control message
Please check server name, do you have any weird characters? Please look at my sig.

Cheers.

[intlabs]

Seems to be a similar issue.

Code: [Select]

Sat Jun  9 20:58:27 2012 AUTH: Received AUTH_FAILED control message
Please check server name, do you have any weird characters? Please look at my sig.

Cheers.

server name is "intlabs".

Cheers.

[Escorpiom]

server name is "intlabs".

That should be OK. In that case you would have to correct your company info, leaving it blank could have something to do with the authentication issues you're having.
Did you try to login at

Code: [Select]

https://www.cloud.zentyal.com/login/
You can unsubscribe your server and subcribe it again, but for account issues someone from the Zentyal staff should take a look.

Cheers.

[intlabs]

Did you try to login at

Code: [Select]

https://www.cloud.zentyal.com/login/
You can unsubscribe your server and subcribe it again, but for account issues someone from the Zentyal staff should take a look.

I can login with no problems. Is it possible to delete my account so that I can recreate a new one with the company info filled out? Otherwise I think I'm at a dead end unless a staff member has a look at my account.

Cheers

[Escorpiom]

In that case someone from the Zentyal staff should take a look at your account, personally I found no way to erase it.

Cheers.