EPKI_ERROR External Certificate Signing Failed

Scripts to manage certificates or generate config files
Post Reply
ak75
OpenVpn Newbie
Posts: 1
Joined: Thu Jul 29, 2021 8:13 am

EPKI_ERROR External Certificate Signing Failed

Post by ak75 » Thu Jul 29, 2021 8:33 am

hi all!

i got a working openvpn server.
linux clients are working fine.
but windows clients don't.

Code: Select all

OpenVPN 2.5.2 i586-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
server config
server

port 1194
proto udp
dev tun
ca /etc/openvpn/openvpn_certs/vpnservercert-ca.pem
cert /etc/openvpn/openvpn_certs/vpnservercert-cert.pem
key /etc/openvpn/openvpn_certs/vpnservercert-key.pem
dh /etc/openvpn/openvpn_certs/dh1024.pem
cipher AES-256-CBC
data-ciphers-fallback AES-256-CBC
topology subnet
server xxxxxxxx 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route xxxxxxx 255.255.255.0"
push "dhcp-option DNS xxxxxxxxx"
push "dhcp-option DOMAIN xxxxxxx"
client-to-client
keepalive 10 120
allow-compression no
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3


server logfile

Code: Select all

2021-07-29 11:08:43 us=470939 Current Parameter Settings:
2021-07-29 11:08:43 us=474397   config = '/etc/openvpn/openvpn.conf'
2021-07-29 11:08:43 us=474905   mode = 1
2021-07-29 11:08:43 us=475730   persist_config = DISABLED
2021-07-29 11:08:43 us=476060   persist_mode = 1
2021-07-29 11:08:43 us=476649   show_ciphers = DISABLED
2021-07-29 11:08:43 us=476977   show_digests = DISABLED
2021-07-29 11:08:43 us=479908   show_engines = DISABLED
2021-07-29 11:08:43 us=480707   genkey = DISABLED
2021-07-29 11:08:43 us=481203   genkey_filename = '[UNDEF]'
2021-07-29 11:08:43 us=482225   key_pass_file = '[UNDEF]'
2021-07-29 11:08:43 us=483644   show_tls_ciphers = DISABLED
2021-07-29 11:08:43 us=484605   connect_retry_max = 0
2021-07-29 11:08:43 us=487524 Connection profiles [0]:
2021-07-29 11:08:43 us=494233   proto = udp
2021-07-29 11:08:43 us=497475   local = '[UNDEF]'
2021-07-29 11:08:43 us=497705   local_port = '1194'
2021-07-29 11:08:43 us=498016   remote = '[UNDEF]'
2021-07-29 11:08:43 us=498188   remote_port = '1194'
2021-07-29 11:08:43 us=498335   remote_float = DISABLED
2021-07-29 11:08:43 us=498473   bind_defined = DISABLED
2021-07-29 11:08:43 us=498608   bind_local = ENABLED
2021-07-29 11:08:43 us=498919   bind_ipv6_only = DISABLED
2021-07-29 11:08:43 us=499087   connect_retry_seconds = 5
2021-07-29 11:08:43 us=499227   connect_timeout = 120
2021-07-29 11:08:43 us=499370   socks_proxy_server = '[UNDEF]'
2021-07-29 11:08:43 us=499506   socks_proxy_port = '[UNDEF]'
2021-07-29 11:08:43 us=499980   tun_mtu = 1500
2021-07-29 11:08:43 us=500287   tun_mtu_defined = ENABLED
2021-07-29 11:08:43 us=500443   link_mtu = 1500
2021-07-29 11:08:43 us=500580   link_mtu_defined = DISABLED
2021-07-29 11:08:43 us=500714   tun_mtu_extra = 0
2021-07-29 11:08:43 us=500848   tun_mtu_extra_defined = DISABLED
2021-07-29 11:08:43 us=500991   mtu_discover_type = -1
2021-07-29 11:08:43 us=501126   fragment = 0
2021-07-29 11:08:43 us=501259   mssfix = 1450
2021-07-29 11:08:43 us=501396   explicit_exit_notification = 0
2021-07-29 11:08:43 us=501528   tls_auth_file = '[UNDEF]'
2021-07-29 11:08:43 us=501664   key_direction = not set
2021-07-29 11:08:43 us=501796   tls_crypt_file = '[UNDEF]'
2021-07-29 11:08:43 us=501926   tls_crypt_v2_file = '[UNDEF]'
2021-07-29 11:08:43 us=502061 Connection profiles END
2021-07-29 11:08:43 us=502192   remote_random = DISABLED
2021-07-29 11:08:43 us=502326   ipchange = '[UNDEF]'
2021-07-29 11:08:43 us=502455   dev = 'tun'
2021-07-29 11:08:43 us=502583   dev_type = '[UNDEF]'
2021-07-29 11:08:43 us=502727   dev_node = '[UNDEF]'
2021-07-29 11:08:43 us=502962   lladdr = '[UNDEF]'
2021-07-29 11:08:43 us=503124   topology = 3
2021-07-29 11:08:43 us=503263   ifconfig_local = 'xxxxxxxx'
2021-07-29 11:08:43 us=503401   ifconfig_remote_netmask = '255.255.255.0'
2021-07-29 11:08:43 us=503536   ifconfig_noexec = DISABLED
2021-07-29 11:08:43 us=503668   ifconfig_nowarn = DISABLED
2021-07-29 11:08:43 us=503799   ifconfig_ipv6_local = '[UNDEF]'
2021-07-29 11:08:43 us=503930   ifconfig_ipv6_netbits = 0
2021-07-29 11:08:43 us=504061   ifconfig_ipv6_remote = '[UNDEF]'
2021-07-29 11:08:43 us=504192   shaper = 0
2021-07-29 11:08:43 us=504322   mtu_test = 0
2021-07-29 11:08:43 us=504451   mlock = DISABLED
2021-07-29 11:08:43 us=504582   keepalive_ping = 10
2021-07-29 11:08:43 us=504712   keepalive_timeout = 120
2021-07-29 11:08:43 us=504845   inactivity_timeout = 0
2021-07-29 11:08:43 us=504977   ping_send_timeout = 10
2021-07-29 11:08:43 us=505116   ping_rec_timeout = 240
2021-07-29 11:08:43 us=505248   ping_rec_timeout_action = 2
2021-07-29 11:08:43 us=505400   ping_timer_remote = DISABLED
2021-07-29 11:08:43 us=505538   remap_sigusr1 = 0
2021-07-29 11:08:43 us=505670   persist_tun = ENABLED
2021-07-29 11:08:43 us=505800   persist_local_ip = DISABLED
2021-07-29 11:08:43 us=505931   persist_remote_ip = DISABLED
2021-07-29 11:08:43 us=506062   persist_key = ENABLED
2021-07-29 11:08:43 us=506275   passtos = DISABLED
2021-07-29 11:08:43 us=506430   resolve_retry_seconds = 1000000000
2021-07-29 11:08:43 us=506565   resolve_in_advance = DISABLED
2021-07-29 11:08:43 us=506838   username = 'nobody'
2021-07-29 11:08:43 us=506995   groupname = 'nobody'
2021-07-29 11:08:43 us=507135   chroot_dir = '[UNDEF]'
2021-07-29 11:08:43 us=507270   cd_dir = '[UNDEF]'
2021-07-29 11:08:43 us=507403   writepid = '/run/openvpn.pid'
2021-07-29 11:08:43 us=507539   up_script = '[UNDEF]'
2021-07-29 11:08:43 us=507672   down_script = '[UNDEF]'
2021-07-29 11:08:43 us=507804   down_pre = DISABLED
2021-07-29 11:08:43 us=507934   up_restart = DISABLED
2021-07-29 11:08:43 us=508065   up_delay = DISABLED
2021-07-29 11:08:43 us=508192   daemon = ENABLED
2021-07-29 11:08:43 us=508322   inetd = 0
2021-07-29 11:08:43 us=508452   log = ENABLED
2021-07-29 11:08:43 us=508583   suppress_timestamps = DISABLED
2021-07-29 11:08:43 us=508714   machine_readable_output = DISABLED
2021-07-29 11:08:43 us=508843   nice = 0
2021-07-29 11:08:43 us=508974   verbosity = 4
2021-07-29 11:08:43 us=509103   mute = 0
2021-07-29 11:08:43 us=509295   gremlin = 0
2021-07-29 11:08:43 us=509449   status_file = '/var/log/openvpn-status.log'
2021-07-29 11:08:43 us=509700   status_file_version = 1
2021-07-29 11:08:43 us=509856   status_file_update_freq = 60
2021-07-29 11:08:43 us=509995   occ = ENABLED
2021-07-29 11:08:43 us=510133   rcvbuf = 0
2021-07-29 11:08:43 us=510272   sndbuf = 0
2021-07-29 11:08:43 us=510348   mark = 0
2021-07-29 11:08:43 us=510431   sockflags = 0
2021-07-29 11:08:43 us=510512   fast_io = DISABLED
2021-07-29 11:08:43 us=510582   comp.alg = 0
2021-07-29 11:08:43 us=510653   comp.flags = 24
2021-07-29 11:08:43 us=510723   route_script = '[UNDEF]'
2021-07-29 11:08:43 us=510794   route_default_gateway = 'xxxxxxxxx'
2021-07-29 11:08:43 us=510864   route_default_metric = 0
2021-07-29 11:08:43 us=510934   route_noexec = DISABLED
2021-07-29 11:08:43 us=511004   route_delay = 0
2021-07-29 11:08:43 us=511073   route_delay_window = 30
2021-07-29 11:08:43 us=511143   route_delay_defined = DISABLED
2021-07-29 11:08:43 us=511423   route_nopull = DISABLED
2021-07-29 11:08:43 us=511651   route_gateway_via_dhcp = DISABLED
2021-07-29 11:08:43 us=511743   allow_pull_fqdn = DISABLED
2021-07-29 11:08:43 us=512383   management_addr = '[UNDEF]'
2021-07-29 11:08:43 us=512483   management_port = '[UNDEF]'
2021-07-29 11:08:43 us=512550   management_user_pass = '[UNDEF]'
2021-07-29 11:08:43 us=512615   management_log_history_cache = 250
2021-07-29 11:08:43 us=512678   management_echo_buffer_size = 100
2021-07-29 11:08:43 us=512741   management_write_peer_info_file = '[UNDEF]'
2021-07-29 11:08:43 us=512805   management_client_user = '[UNDEF]'
2021-07-29 11:08:43 us=512994   management_client_group = '[UNDEF]'
2021-07-29 11:08:43 us=513078   management_flags = 0
2021-07-29 11:08:43 us=513146   shared_secret_file = '[UNDEF]'
2021-07-29 11:08:43 us=513214   key_direction = not set
2021-07-29 11:08:43 us=513277   ciphername = 'AES-256-CBC'
2021-07-29 11:08:43 us=513340   ncp_enabled = ENABLED
2021-07-29 11:08:43 us=513402   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2021-07-29 11:08:43 us=513464   authname = 'SHA1'
2021-07-29 11:08:43 us=513526   prng_hash = 'SHA1'
2021-07-29 11:08:43 us=513588   prng_nonce_secret_len = 16
2021-07-29 11:08:43 us=513650   keysize = 0
2021-07-29 11:08:43 us=513711   engine = DISABLED
2021-07-29 11:08:43 us=513773   replay = ENABLED
2021-07-29 11:08:43 us=513835   mute_replay_warnings = DISABLED
2021-07-29 11:08:43 us=513896   replay_window = 64
2021-07-29 11:08:43 us=513956   replay_time = 15
2021-07-29 11:08:43 us=514019   packet_id_file = '[UNDEF]'
2021-07-29 11:08:43 us=514082   test_crypto = DISABLED
2021-07-29 11:08:43 us=514143   tls_server = ENABLED
2021-07-29 11:08:43 us=514206   tls_client = DISABLED
2021-07-29 11:08:43 us=514270   ca_file = '/etc/openvpn/openvpn_certs/vpnservercert-ca.pem'
2021-07-29 11:08:43 us=514335   ca_path = '[UNDEF]'
2021-07-29 11:08:43 us=514398   dh_file = '/etc/openvpn/openvpn_certs/dh1024.pem'
2021-07-29 11:08:43 us=514462   cert_file = '/etc/openvpn/openvpn_certs/vpnservercert-cert.pem'
2021-07-29 11:08:43 us=514526   extra_certs_file = '[UNDEF]'
2021-07-29 11:08:43 us=514594   priv_key_file = '/etc/openvpn/openvpn_certs/vpnservercert-key.pem'
2021-07-29 11:08:43 us=514767   pkcs12_file = '[UNDEF]'
2021-07-29 11:08:43 us=514844   cipher_list = '[UNDEF]'
2021-07-29 11:08:43 us=514911   cipher_list_tls13 = '[UNDEF]'
2021-07-29 11:08:43 us=515140   tls_cert_profile = '[UNDEF]'
2021-07-29 11:08:43 us=515224   tls_verify = '[UNDEF]'
2021-07-29 11:08:43 us=515291   tls_export_cert = '[UNDEF]'
2021-07-29 11:08:43 us=515359   verify_x509_type = 0
2021-07-29 11:08:43 us=515425   verify_x509_name = '[UNDEF]'
2021-07-29 11:08:43 us=515491   crl_file = '[UNDEF]'
2021-07-29 11:08:43 us=515557   ns_cert_type = 0
2021-07-29 11:08:43 us=515623   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=515688   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=515751   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=515814   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=515877   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=515948   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516012   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516074   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516136   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516301   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516380   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516446   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516509   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516572   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=516928   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=517158   remote_cert_ku[i] = 0
2021-07-29 11:08:43 us=517239   remote_cert_eku = '[UNDEF]'
2021-07-29 11:08:43 us=517307   ssl_flags = 0
2021-07-29 11:08:43 us=517374   tls_timeout = 2
2021-07-29 11:08:43 us=517448   renegotiate_bytes = -1
2021-07-29 11:08:43 us=517514   renegotiate_packets = 0
2021-07-29 11:08:43 us=517578   renegotiate_seconds = 3600
2021-07-29 11:08:43 us=517642   handshake_window = 60
2021-07-29 11:08:43 us=517706   transition_window = 3600
2021-07-29 11:08:43 us=517769   single_session = DISABLED
2021-07-29 11:08:43 us=517834   push_peer_info = DISABLED
2021-07-29 11:08:43 us=517896   tls_exit = DISABLED
2021-07-29 11:08:43 us=517959   tls_crypt_v2_metadata = '[UNDEF]'
2021-07-29 11:08:43 us=518063   server_network = xxxxxxxxx
2021-07-29 11:08:43 us=518151   server_netmask = 255.255.255.0
2021-07-29 11:08:43 us=518269   server_network_ipv6 = ::
2021-07-29 11:08:43 us=518341   server_netbits_ipv6 = 0
2021-07-29 11:08:43 us=518425   server_bridge_ip = 0.0.0.0
2021-07-29 11:08:43 us=518510   server_bridge_netmask = 0.0.0.0
2021-07-29 11:08:43 us=518597   server_bridge_pool_start = 0.0.0.0
2021-07-29 11:08:43 us=518683   server_bridge_pool_end = 0.0.0.0
2021-07-29 11:08:43 us=518749   push_entry = 'route xxxxxxxx 255.255.255.0'
2021-07-29 11:08:43 us=518813   push_entry = 'dhcp-option DNS xxxxxxxxxx'
2021-07-29 11:08:43 us=518874   push_entry = 'dhcp-option DOMAIN xxxxxx'
2021-07-29 11:08:43 us=518936   push_entry = 'route-gateway xxxxxxx'
2021-07-29 11:08:43 us=518997   push_entry = 'topology subnet'
2021-07-29 11:08:43 us=519058   push_entry = 'ping 10'
2021-07-29 11:08:43 us=519122   push_entry = 'ping-restart 120'
2021-07-29 11:08:43 us=519184   ifconfig_pool_defined = ENABLED
2021-07-29 11:08:43 us=519267   ifconfig_pool_start = xxxxxx
2021-07-29 11:08:43 us=519622   ifconfig_pool_end = xxxxxx
2021-07-29 11:08:43 us=520042   ifconfig_pool_netmask = 255.255.255.0
2021-07-29 11:08:43 us=520135   ifconfig_pool_persist_filename = 'ipp.txt'
2021-07-29 11:08:43 us=520203   ifconfig_pool_persist_refresh_freq = 600
2021-07-29 11:08:43 us=520267   ifconfig_ipv6_pool_defined = DISABLED
2021-07-29 11:08:43 us=520586   ifconfig_ipv6_pool_base = ::
2021-07-29 11:08:43 us=520668   ifconfig_ipv6_pool_netbits = 0
2021-07-29 11:08:43 us=520733   n_bcast_buf = 256
2021-07-29 11:08:43 us=520797   tcp_queue_limit = 64
2021-07-29 11:08:43 us=520862   real_hash_size = 256
2021-07-29 11:08:43 us=520925   virtual_hash_size = 256
2021-07-29 11:08:43 us=520987   client_connect_script = '[UNDEF]'
2021-07-29 11:08:43 us=521055   learn_address_script = '[UNDEF]'
2021-07-29 11:08:43 us=521220   client_disconnect_script = '[UNDEF]'
2021-07-29 11:08:43 us=521294   client_config_dir = '[UNDEF]'
2021-07-29 11:08:43 us=521366   ccd_exclusive = DISABLED
2021-07-29 11:08:43 us=521431   tmp_dir = '/tmp'
2021-07-29 11:08:43 us=521495   push_ifconfig_defined = DISABLED
2021-07-29 11:08:43 us=521718   push_ifconfig_local = 0.0.0.0
2021-07-29 11:08:43 us=523253   push_ifconfig_remote_netmask = 0.0.0.0
2021-07-29 11:08:43 us=523362   push_ifconfig_ipv6_defined = DISABLED
2021-07-29 11:08:43 us=523483   push_ifconfig_ipv6_local = ::/0
2021-07-29 11:08:43 us=523583   push_ifconfig_ipv6_remote = ::
2021-07-29 11:08:43 us=523651   enable_c2c = ENABLED
2021-07-29 11:08:43 us=523716   duplicate_cn = DISABLED
2021-07-29 11:08:43 us=523778   cf_max = 0
2021-07-29 11:08:43 us=523839   cf_per = 0
2021-07-29 11:08:43 us=523899   max_clients = 1024
2021-07-29 11:08:43 us=523962   max_routes_per_client = 256
2021-07-29 11:08:43 us=524026   auth_user_pass_verify_script = '[UNDEF]'
2021-07-29 11:08:43 us=524088   auth_user_pass_verify_script_via_file = DISABLED
2021-07-29 11:08:43 us=524152   auth_token_generate = DISABLED
2021-07-29 11:08:43 us=524214   auth_token_lifetime = 0
2021-07-29 11:08:43 us=524277   auth_token_secret_file = '[UNDEF]'
2021-07-29 11:08:43 us=524339   port_share_host = '[UNDEF]'
2021-07-29 11:08:43 us=524402   port_share_port = '[UNDEF]'
2021-07-29 11:08:43 us=524464   vlan_tagging = DISABLED
2021-07-29 11:08:43 us=524527   vlan_accept = all
2021-07-29 11:08:43 us=524588   vlan_pvid = 1
2021-07-29 11:08:43 us=524651   client = DISABLED
2021-07-29 11:08:43 us=524711   pull = DISABLED
2021-07-29 11:08:43 us=524774   auth_user_pass_file = '[UNDEF]'
2021-07-29 11:08:43 us=524866 OpenVPN 2.5.2 i586-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021-07-29 11:08:43 us=525003 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021-07-29 11:08:43 us=689443 Diffie-Hellman initialized with 1024 bit key
2021-07-29 11:08:43 us=968718 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-07-29 11:08:43 us=993980 TUN/TAP device tun0 opened
2021-07-29 11:08:43 us=994202 do_ifconfig, ipv4=1, ipv6=0
2021-07-29 11:08:43 us=995040 /sbin/ip link set dev tun0 up mtu 1500
2021-07-29 11:08:44 us=54202 /sbin/ip link set dev tun0 up
2021-07-29 11:08:44 us=91575 /sbin/ip addr add dev tun0 xxxxxxxxx/24
2021-07-29 11:08:44 us=148311 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-07-29 11:08:44 us=148996 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-07-29 11:08:44 us=149344 Socket Buffers: R=[180224->180224] S=[180224->180224]
2021-07-29 11:08:44 us=155963 UDPv4 link local (bound): [AF_INET][undef]:1194
2021-07-29 11:08:44 us=156159 UDPv4 link remote: [AF_UNSPEC]
2021-07-29 11:08:44 us=160612 GID set to nobody
2021-07-29 11:08:44 us=161158 UID set to nobody
2021-07-29 11:08:44 us=161489 MULTI: multi_init called, r=256 v=256
2021-07-29 11:08:44 us=167316 IFCONFIG POOL IPv4: base=xxxxxxxx size=252
2021-07-29 11:08:44 us=174620 ifconfig_pool_read(), in='ak75,xxxxxxxx,'
2021-07-29 11:08:44 us=176504 succeeded -> ifconfig_pool_set(hand=2)
2021-07-29 11:08:44 us=176716 IFCONFIG POOL LIST
2021-07-29 11:08:44 us=176823 ak75,xxxxxxxxx,
2021-07-29 11:08:44 us=178185 Initialization Sequence Completed
2021-07-29 11:12:56 us=548725 MULTI: multi_create_instance called
2021-07-29 11:12:56 us=550538 xxxxxx:60012 Re-using SSL/TLS context
2021-07-29 11:12:56 us=558182 xxxxxx:60012 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2021-07-29 11:12:56 us=558537 xxxxxx:60012 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2021-07-29 11:12:56 us=561981 xxxxxx:60012 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
2021-07-29 11:12:56 us=562131 xxxxxx:60012 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
2021-07-29 11:12:56 us=563580 xxxxxx:60012 TLS: Initial packet from [AF_INET]xxxxxx:60012, sid=cda42891 d644ead0
2021-07-29 11:13:56 us=764956 xxxxxx:60012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-07-29 11:13:56 us=765234 xxxxxx:60012 TLS Error: TLS handshake failed
2021-07-29 11:13:56 us=770135xxxxxx:60012 SIGUSR1[soft,tls-error] received, client-instance restarting


client logfile

Code: Select all

[Jul 29, 2021, 11:12:57] OpenVPN core 3.git::98bf7f7f win x86_64 64-bit built on Jun 14 2021 09:02:16
⏎[Jul 29, 2021, 11:12:57] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Jul 29, 2021, 11:12:57] UNUSED OPTIONS
7 [verb] [4]
⏎[Jul 29, 2021, 11:12:57] EVENT: RESOLVE ⏎[Jul 29, 2021, 11:12:57] Contacting xxxxxx:1194 via UDP
⏎[Jul 29, 2021, 11:12:57] EVENT: WAIT ⏎[Jul 29, 2021, 11:12:57] WinCommandAgent: transmitting bypass route to xxxxxx
{
	"host" : "xxxxxx",
	"ipv6" : false
}

⏎[Jul 29, 2021, 11:12:57] Connecting to [xxxxxx]:1194 (xxxxxx) via UDPv4
⏎[Jul 29, 2021, 11:12:57] EVENT: CONNECTING ⏎[Jul 29, 2021, 11:12:57] Tunnel Options:V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
⏎[Jul 29, 2021, 11:12:57] Creds: UsernameEmpty/PasswordEmpty
⏎[Jul 29, 2021, 11:12:57] Peer Info:
IV_VER=3.git::98bf7f7f
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.3.1-2222
IV_SSO=openurl,crtext

⏎[Jul 29, 2021, 11:12:58] EVENT: EPKI_ERROR External Certificate Signing Failed⏎[Jul 29, 2021, 11:12:58] Client exception in transport_recv_excode: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:0406B07A:rsa routines:RSA_padding_add_none:data too small for key size / error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
⏎[Jul 29, 2021, 11:12:58] EVENT: DISCONNECTED ⏎
client config
client

client
remote xxxxxxxx
port 1194
proto udp
dev tun
cipher AES-256-CBC
keepalive 10 120
<ca>
-----BEGIN CERTIFICATE-----
xxxxxxx
-----END CERTIFICATE-----
</ca>


whats wrong with my configuration? :?:
any hints are welcome!

User avatar
TinCanTech
Forum Team
Posts: 9657
Joined: Fri Jun 03, 2016 1:17 pm

Re: EPKI_ERROR External Certificate Signing Failed

Post by TinCanTech » Thu Jul 29, 2021 1:44 pm

How did you setup your server and how did you transfer the files to Windows ?

It sounds like the files got corrupted by copying them.

Post Reply