Vpn problems

Use this forum to share your VPN or network disasters. Show diagrams, traffic graphs, or whatever else you need (a video of you letting the 'smoke' out of our network gear).

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
misterktm
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 14, 2021 12:41 pm

Vpn problems

Post by misterktm » Wed Jul 14, 2021 12:58 pm

Dear geniuses :D,

i have some trouble with my openvpn config on my synology nas.

my setup in open is prettymuch standard settings, i forwarded my port that was given default (1194) to the internal host of my nas.

i worked prefectly for a friend of mine untill the start of june. Nothing has changed on my synology or my router, so im quite interessted what caused the issues that im not able to connect anymore.


Wed Jul 14 14:52:43 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Wed Jul 14 14:52:43 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Wed Jul 14 14:52:43 2021 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
Wed Jul 14 14:52:43 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Wed Jul 14 14:52:43 2021 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Wed Jul 14 14:52:47 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:52:47 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:47 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:52:47 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:47 2021 VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com, serial=311558570975139643781707280386422579217324
Wed Jul 14 14:52:47 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jul 14 14:52:47 2021 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 14 14:52:47 2021 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 14 14:52:47 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:52:47 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 14 14:52:52 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:52:52 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:52 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:52:52 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:52 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:52:52 2021 VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com, serial=311558570975139643781707280386422579217324
Wed Jul 14 14:52:52 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jul 14 14:52:52 2021 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 14 14:52:52 2021 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 14 14:52:52 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:52:52 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 14 14:52:57 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:52:57 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:57 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:52:57 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:57 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:52:59 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:00 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:00 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:03 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:03 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:04 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:09 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:10 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:11 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:20 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:21 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:25 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:26 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:27 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:57 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 14 14:53:57 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:53:57 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 14 14:54:02 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:54:02 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:54:02 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:54:02 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:54:02 2021 VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com, serial=311558570975139643781707280386422579217324
Wed Jul 14 14:54:02 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jul 14 14:54:02 2021 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 14 14:54:02 2021 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 14 14:54:02 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:54:02 2021 SIGUSR1[soft,tls-error] received, process restarting



this is my server log i changed my ip adress with {MY IP ADRESS}.

i follow couple of "tutorials" with let me to believe this was all you need to config and you could ignore the "missing external certificate"

do you have any idea what is wrong?

Thank you in advanced. :D

Koen

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Vpn problems

Post by TinCanTech » Wed Jul 14, 2021 6:30 pm

misterktm wrote:
Wed Jul 14, 2021 12:58 pm
VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com,
So you need to go ask your NAS support people how to make a new one ..

misterktm
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 14, 2021 12:41 pm

Re: Vpn problems

Post by misterktm » Wed Jul 14, 2021 7:46 pm

but there is no certificated needs to run vpn right? since it worked before?

ktm is just my nas name

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Vpn problems

Post by TinCanTech » Wed Jul 14, 2021 8:14 pm

It worked before because your certificate had not expired ..

misterktm
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 14, 2021 12:41 pm

Re: Vpn problems

Post by misterktm » Thu Jul 15, 2021 6:20 pm

well that is dumb... :lol:

i did fix that and created a new no-ip ddns and config it at my synology and my router but my config keeps forwarding to my old ddns.

i did re-export my config from openvpn but i keeps redirecting to ktm.familydns.nl, my new ddns is ktm123.ddns.net and in synology it has a green status "normal". in my router it says "Synchronized" so im not sure why openvpn is still looking for "ktm.familyfns.nl?

greets

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Vpn problems

Post by TinCanTech » Thu Jul 15, 2021 6:46 pm

One has nothing to do with the other ..

misterktm
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 14, 2021 12:41 pm

Re: Vpn problems

Post by misterktm » Thu Jul 15, 2021 6:51 pm

wait what do you mean?, i cant access ktm.familydns.nl but is still looking for it in my openvpn config but i cant seems te change it anywhere?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Vpn problems

Post by TinCanTech » Thu Jul 15, 2021 8:03 pm

misterktm wrote:
Thu Jul 15, 2021 6:51 pm
what do you mean?,
Your certificate has expired not your DDNS ..

Please read the howto.

misterktm
OpenVpn Newbie
Posts: 5
Joined: Wed Jul 14, 2021 12:41 pm

Re: Vpn problems

Post by misterktm » Fri Jul 16, 2021 2:35 pm

i fixt the issue topic can be closed thnx for the responces issue was me ddns in my synology infact!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Vpn problems

Post by TinCanTech » Fri Jul 16, 2021 2:47 pm

Your certificate has still expired but if it works then don't fix it ;)

Post Reply