First of all, Amahi was my first step into linux servers & networking which played out great! Thanks to all developers & contributors!
I just found a way to check verify integrity of SSL/TLS handshakes, this will add "HMAC signature" to packets so Any UDP packet not bearing the correct HMAC signature can be dropped.
I believe this will solve "SSL/TLS handshake timeout" problems.
I live in a place where some firewall is somehow corrupting these packets, regardless of their protocol (TCP/UDP) or port (I even tried port 80!), now after adding "HMAC signature" everything goes smoothly as expected and OpenVPN works flawlessly, plus it is even more secure.
Here is how:
-On server :
open "Terminal" or use ssh to login into server as root, enter these:
Code: Select all
cd /
cd /etc/openvpn/amahi
openvpn -–genkey -–secret ta.key
Code: Select all
gedit /etc/openvpn/amahi.confCode: Select all
nano /etc/openvpn/amahi.confCode: Select all
tls-auth /etc/openvpn/amahi/ta.key 0
cipher AES-256-CBCIf using Terminal : Save the file
If using SSH: press Ctrl+x , then y ,then press Enter
Let's restart openvpn service:
Code: Select all
service openvpn restartCode: Select all
Shutting down openvpn [OK]
starting openvpn [OK]Code: Select all
cp /etc/openvpn/amahi/ta.key /var/hda/files/docsOpen HomeHDA.ovpn via a text editor (i.e Notepad), add these lines to end of it:
Code: Select all
tls-auth ta.key 1
cipher AES-256-CBCOn windows it should be copied to "C:\Program files\HDAConnect\config" or "C:\Program Files (x86)\HDAConnect\config".
Everything is set, fire up HDAConnect (if on windows) and use your username/password to connect. (as you know you cannot make a vpn tunnel from yourself to yourself! so you have to test it from another network
)PS: Great thanks to writer of this article for giving me the clue :
http://www.techbabu.com/2009/12/openvpn ... -on-linux/
Please tell me if there are any mistakes in my commands, I'm not perfect.
(sorry I'm new to wiki editing)
