Description

Milesight router supports seamless connect with Milesight VPN, you can refer to Milesight VPN user guide for configuration. If connecting failed, please refer to this article for simple troubleshots.


 

Symptom 1: Authorization Code Error

Checklist:

1. Check if you enter the correct authorization code.

2. If after confirmed the Authorization Code is correct and still give Authorization Code Error, it probably means there are missing net-tools in your server.You can check Milesight VPN server log at path: /Milesight_vpn/urvpn/openvpn/openvpn_server.log


If you encounter error ‘Linux ifconfig failed: could not execute external program’, you should install net-tools in your server, and restart Milesight VPN by command:

/etc/init.d/milesight_vpn.sh stop
/etc/init.d/milesight_vpn.sh start


 

Symptom 2: Network Exception

Checklist:

1. Check if the Milesight VPN server is reachable for router.

2. Check if Milesight VPN is running.

You can check Milesight VPN running log at path:/milesight_vpn/logs/forever.log

If you encounter ‘error: Forever detected script was killed by signal: SIGKILL’, probably means your Milesight VPN isn’t running, you can use below command to restart Mileishgt VPN on your server:

/etc/init.d/milesight_vpn.sh stop
/etc/init.d/milesight_vpn.sh start


3. If you still encounter ‘Network exception’error after rerun the Milesight VPN, you can check Milesight VPN server log at path: /Milesight_vpn/urvpn/openvpn/openvpn_server.log.


If you encounter ‘Address already in use’ probably means the port is still used by Mileishgt VPN script, you can wait for it automated cover the port, or simply reboot the server.


4. If you encounter ‘error: Forever cannot find process with id: index.js’when restart the Milesight VPN probably means the VPN server did not initialization. In this situation, server will not generate new openvpn_server.log.

You can check Milesight VPN running log at path:/milesight_vpn/logs/forever.log. If you encounter ‘DATABASE INITIAL FAILED’, means Milesight VPN cannot access MySQL database. You can try reinstall the MySQL or reinstall the whole Milesight VPN.


Symptom 3: Continue Connecting


Checklist:

1. Check if Milesight VPN certificates generate normally.

You can check client certificates at path: /milesight_vpn/urvpn/routers_ca

And server certificates at path:  /milesight_vpn/urvpn/server_ca

If there is empty, make sure Milesight VPN have writeable permissions. You can run this command: sudo chmod 777 /milesight_vpn and rerun the Milesight VPN.


2. If certificates generate normally, you can check Milesight VPN server log at path /Milesight_vpn/urvpn/openvpn/openvpn_server.log

1) If you encounter error: ‘TLS Error: TLS handshake failed’, it most means your certificates is outdated.

You should check if your router time is correct and sync to correct time. You can refer to How to Configure System Time and Set Up NTP Server.


2) If you encounter error ‘tls_process_client_certificate:certificate verity failed’, it probably means your server system time is not within the certificate date. You should check your server system time and NTP setting, you can run command:sudo hwclock --hctosys to synchronize system time.


If you still encounter this error after check your server system time, you can refer to how to update certificate in below:

Step 1: Delete all file under /milesight_vpn/urvpn/controllers_ca, /milesight_vpn/urvpn/router_ca, /milesight_vpn/urvpn/server_ca, /milesight_vpn/urvpn/root_ca


Step 2: Generate the root.key and root.crt by command:

sudo openssl req -new -x509 -nodes -out /milesight_vpn/urvpn/root_ca/root.crt -keyout /milesight_vpn/urvpn/root_ca/root.key -subj "/C=CN/ST=FJ/L=XM/O=Milesight/OU=Cloud Server/CN=MILESIGHT/emailAddress=admin@milesight.com" -days 3650 -config /milesight_vpn/urvpn/openssl/openssl.conf

Note: 3650 is valid date for the certificate, you can change to whatever you like


Step 3: Restart Milesight VPN by command:

/etc/init.d/milesight_vpn.sh stop
/etc/init.d/milesight_vpn.sh start


Step 4: You can check expire date of your root certificate by command:

sudo openssl x509 -noout -text -in /milesight_vpn/urvpn/root_ca/root.crt