working VPN connection suddenly throws error

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kaeptnhaddock
OpenVpn Newbie
Posts: 1
Joined: Sat May 08, 2021 5:43 pm

working VPN connection suddenly throws error

Post by kaeptnhaddock » Sat May 08, 2021 6:04 pm

Hello
I have an openvpn network to a synology diskstation. it used to work fine for months now, all for sudden I am getting errors and cannot connect anymore. I am completely lost trying to figure out what's going on. Is somebody able to give a hint? please see error log below.

To my knowledge there hasn't been any update or any change to any of the involved software or hardware products involved (synology diskstation os, windows, openvpn etc. I didn't touch anything! The let's encrypt certificate is valid and will be renewed coming June.

Steps I've undertaken to resolve the issue:

reboot synology server
reboot internet modem/router
reboot my pc

Didn't help :(

Do you have any advice to me?
Many thanks

chris

------- Log from open vpn --------
I've replaced the ip-address with a placeholder <ip-address> for safety reasons (not sure if that's necessary at all)
-------------------------------------------


Sat May 08 19:23:14 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat May 08 19:23:14 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]<ip-address>:1194
Sat May 08 19:23:14 2021 UDP link local (bound): [AF_INET][undef]:1194
Sat May 08 19:23:14 2021 UDP link remote: [AF_INET]<ip-address>:1194
Sat May 08 19:23:14 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:14 2021 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=US, O=Let's Encrypt, CN=R3
Sat May 08 19:23:14 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Sat May 08 19:23:14 2021 TLS_ERROR: BIO read tls_read_plaintext error
Sat May 08 19:23:14 2021 TLS Error: TLS object -> incoming plaintext read error
Sat May 08 19:23:14 2021 TLS Error: TLS handshake failed
Sat May 08 19:23:14 2021 SIGUSR1[soft,tls-error] received, process restarting
Sat May 08 19:23:19 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat May 08 19:23:19 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]<ip-address>:1194
Sat May 08 19:23:19 2021 UDP link local (bound): [AF_INET][undef]:1194
Sat May 08 19:23:19 2021 UDP link remote: [AF_INET]<ip-address>:1194
Sat May 08 19:23:19 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_ACK_V1)
Sat May 08 19:23:21 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_ACK_V1)
Sat May 08 19:23:24 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:25 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:26 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:28 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:31 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:32 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:33 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_ACK_V1)
Sat May 08 19:23:41 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:43 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:48 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:23:49 2021 TLS Error: Unroutable control packet received from [AF_INET]<ip-address>:1194 (si=3 op=P_CONTROL_V1)
Sat May 08 19:24:19 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat May 08 19:24:19 2021 TLS Error: TLS handshake failed
Sat May 08 19:24:19 2021 SIGUSR1[soft,tls-error] received, process restarting

User avatar
TinCanTech
Forum Team
Posts: 9238
Joined: Fri Jun 03, 2016 1:17 pm

Re: working VPN connection suddenly throws error

Post by TinCanTech » Sat May 08, 2021 8:14 pm

See your server log.

w1se
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 20, 2020 9:56 pm

Re: working VPN connection suddenly throws error

Post by w1se » Thu Jun 03, 2021 6:57 pm

Were you able to resolve this? I'm having the same problem today. Everything was working fine since September 2020....then today...errors.

w1se
OpenVpn Newbie
Posts: 3
Joined: Fri Nov 20, 2020 9:56 pm

Re: working VPN connection suddenly throws error

Post by w1se » Thu Jun 03, 2021 7:41 pm

I think I've got this fixed but I'm not sure which action solved the problem, here is what I've done:

1. Reinstalled with most up-to-date client: V2.5.2 ...tbh I don't know what was installed before.

2. On Synology ...refreshed the Lets Encrypt certificate:
  • Control Panel
  • External Access
  • Click on "Synology" in the service provider list
  • Click "Update Now"
3. In Package Center:
  • Click Open on VPN Server
  • Click OpenVPN
  • Changed Authentication to SHA256 (was SHA516)
  • Click Export Configuration

4. On Client:
  • Closed OpenVPN
  • Opened OpenVPN as administrator
  • Right clicked OpenVPN Icon and Clicked EDIT Config
  • Replaced all text from new config, and updated server address
5. Works!

User avatar
TinCanTech
Forum Team
Posts: 9238
Joined: Fri Jun 03, 2016 1:17 pm

Re: working VPN connection suddenly throws error

Post by TinCanTech » Thu Jun 03, 2021 8:40 pm

Generally, an unroutable control packet is caused by a session timeout. As is the case here.

Re-installing did nothing .. except allow the timeout to roll-over.

Post Reply