Error: ssl_cleartext BIO_read failed

Post Reply
miksmith
OpenVpn Newbie
Posts: 2
Joined: Mon Nov 30, 2020 8:29 pm

Error: ssl_cleartext BIO_read failed

Post by miksmith » Mon Nov 30, 2020 8:35 pm

Hi

I have recently moved to a new Synology NAS running their VPN plugin which incorporates OVPN and set up the server as follows:

-the IP/name of the NAS is a dropin replacement so port forwarding on the router will continue to work
-used the default app on the NAS settings which generated the .ovpn file below
-imported to OVPN on Android and inserted user name and password
-I get the following error message on the client:

Code: Select all

openvpn opensslcontext::ssl_cleartext BIO_read failed cap=2576 status=-1 error:1416f086 ssl routine:tls_process_server_certificate certificate verify failed
Im not sure what this error means and so how to go about fixing it. Any help much appreciated!

thanks

mike


Client config

dev tun
tls-client

remote myserver.synology.me 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

redirect-gateway def1

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

dhcp-option DNS 192.168.2.254

pull

# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp

script-security 2

comp-lzo

reneg-sec 0

cipher AES-256-CBC

auth SHA512

auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
Last edited by Pippin on Mon Nov 30, 2020 8:39 pm, edited 1 time in total.
Reason: Formatting

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error: ssl_cleartext BIO_read failed

Post by TinCanTech » Mon Nov 30, 2020 9:40 pm

miksmith wrote:
Mon Nov 30, 2020 8:35 pm
-I get the following error message on the client:

Code: Select all

openvpn opensslcontext::ssl_cleartext BIO_read failed cap=2576 status=-1 error:1416f086 ssl routine:tls_process_server_certificate certificate verify failed
Im not sure what this error means and so how to go about fixing it. Any help much appreciated!
It means the server certificate failed verification. Probably, you have used the wrong certificate somewhere ..

Take a look at your server log at --verb 4 as well.

Please see:
viewtopic.php?f=30&t=22603#p68963

miksmith
OpenVpn Newbie
Posts: 2
Joined: Mon Nov 30, 2020 8:29 pm

Re: Error: ssl_cleartext BIO_read failed

Post by miksmith » Tue Dec 01, 2020 11:14 am

Thanks for the help... I went back through the entire setup and found it worked internally in my network which meant it had to be a problem with either the DDNS or port forwarding on the router. Turned out it was the latter as whilst I had used the name/IP of the old NAS, the router was using the MAC address. As a result I was trying to connect to the old NAS with the new cert!!

All working now.

Thanks again for the pointer

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 8385
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error: ssl_cleartext BIO_read failed

Post by TinCanTech » Tue Dec 01, 2020 3:36 pm

Thanks for letting us know 8-)

Post Reply