Cliet will not connect VERIFY ERROR: depth=1

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
joakimbecker
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 02, 2016 7:59 am

Cliet will not connect VERIFY ERROR: depth=1

Post by joakimbecker » Thu Jun 02, 2016 8:09 am

Hi all,
Not sure whats the problem, but my client will not connect. the OpenVPN server is an OpenWRT box.
Here is the out put from my client:
$>openvpn Consulting.ovpn
Thu Jun 2 09:48:05 2016 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Thu Jun 2 09:48:05 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Thu Jun 2 09:48:05 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Jun 2 09:48:05 2016 UDPv4 link local: [undef]
Thu Jun 2 09:48:05 2016 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Thu Jun 2 09:48:05 2016 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=29c14b89 4fcd2512
Thu Jun 2 09:48:05 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=SE, L=Stockholm, OU=Consulting, CN=Consulting, name=EasyRSA, emailAddress=me@myhost.mydomain
Thu Jun 2 09:48:05 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Jun 2 09:48:05 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Jun 2 09:48:05 2016 TLS Error: TLS handshake failed
Thu Jun 2 09:48:05 2016 SIGUSR1[soft,tls-error] received, process restarting
Thu Jun 2 09:48:05 2016 Restart pause, 2 second(s)


Log on the server:
Thu Jun 2 07:48:05 2016 YY.YY.YY.YY:6156 TLS: Initial packet from [AF_INET]YY.YY.YY.YY:46156, sid=4ed30910 0004c1f1
Thu Jun 2 07:48:07 2016 YY.YY.YY.YY:38317 TLS: Initial packet from [AF_INET]YY.YY.YY.YY:38317, sid=e22d2dea 1786972f
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 TLS Error: TLS handshake failed
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 TLS Error: TLS handshake failed
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 SIGUSR1[soft,tls-error] received, client-instance restarting


I have recreated both CA, server and client certs.
Any help will be much appreciated.
Cheers
JB

FalconTent
OpenVpn Newbie
Posts: 18
Joined: Fri Sep 12, 2014 3:29 pm

Re: Cliet will not connect VERIFY ERROR: depth=1

Post by FalconTent » Thu Jun 02, 2016 10:17 am

joakimbecker wrote:error=self signed certificate in certificate chain
How did you create your PKI ?

I advise you see this HOWTO:
https://openvpn.net/index.php/open-sour ... o.html#pki

And use this version of EasyRSA:
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2

joakimbecker
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 02, 2016 7:59 am

Re: Cliet will not connect VERIFY ERROR: depth=1

Post by joakimbecker » Thu Jun 02, 2016 1:30 pm

Hi
created it by using the
build-ca
command. dont think that easy-rsa version is avalible for the OpenWRT routers, or does any one know is it avalible?

User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Cliet will not connect VERIFY ERROR: depth=1

Post by Traffic » Thu Jun 02, 2016 3:22 pm

You can create your PKI on any PC with EasyRSA and upload the files.

You may find this is useful:
http://superuser.com/questions/549017/o ... 308#977308

Post Reply