I am working in a small company and we are using pfsense as a firewall.
lately, after exporting employees (old users and new users) certificates (openvpn config file) while trying to configure the openvpn client I am facing an error that prevents me from connecting the users through the firewall (openvpn service).
this is an example of a logfile:
this is an example of configuration fileThu Jul 01 12:15:35 2021 OpenVPN 2.4.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 21 2021
Thu Jul 01 12:15:35 2021 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jul 01 12:15:35 2021 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Enter Management Password:
Thu Jul 01 12:15:41 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxx
Thu Jul 01 12:15:41 2021 UDP link local (bound): [AF_INET][undef]:xxxx
Thu Jul 01 12:15:41 2021 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Thu Jul 01 12:15:41 2021 OpenSSL: error:C506D064:microsoft cryptoapi:NCryptSignHash:Invalid flags specified.
Thu Jul 01 12:15:41 2021 OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
Thu Jul 01 12:15:41 2021 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jul 01 12:15:41 2021 TLS Error: TLS object -> incoming plaintext read error
Thu Jul 01 12:15:41 2021 TLS Error: TLS handshake failed
Thu Jul 01 12:15:41 2021 SIGUSR1[soft,tls-error] received, process restarting
Thu Jul 01 12:15:46 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Thu Jul 01 12:15:46 2021 UDP link local (bound): [AF_INET][undef]:xxxx
Thu Jul 01 12:15:46 2021 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Thu Jul 01 12:15:46 2021 OpenSSL: error:C506D064:microsoft cryptoapi:NCryptSignHash:Invalid flags specified.
Thu Jul 01 12:15:46 2021 OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib
Thu Jul 01 12:15:46 2021 TLS_ERROR: BIO read tls_read_plaintext error
Thu Jul 01 12:15:46 2021 TLS Error: TLS object -> incoming plaintext read error
Thu Jul 01 12:15:46 2021 TLS Error: TLS handshake failed
Thu Jul 01 12:15:46 2021 SIGUSR1[soft,tls-error] received, process restarting
Thu Jul 01 12:15:51 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Thu Jul 01 12:15:51 2021 UDP link local (bound): [AF_INET][undef]:xxxx
Thu Jul 01 12:15:51 2021 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:xxxx
Thu Jul 01 12:15:51 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_ACK_V1)
Thu Jul 01 12:15:52 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_CONTROL_V1)
Thu Jul 01 12:15:53 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_ACK_V1)
Thu Jul 01 12:15:56 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_CONTROL_V1)
Thu Jul 01 12:15:57 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_ACK_V1)
Thu Jul 01 12:16:00 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_CONTROL_V1)
Thu Jul 01 12:16:05 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_ACK_V1)
Thu Jul 01 12:16:12 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_CONTROL_V1)
Thu Jul 01 12:16:16 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_CONTROL_V1)
Thu Jul 01 12:16:21 2021 TLS Error: Unroutable control packet received from [AF_INET]xxx.xxx.xxx.xxx:xxxx (si=3 op=P_ACK_V1)
ill appreciate any help,dev tun
persist-tun
persist-key
ncp-ciphers AES-128-GCM:AES-128-CBC
cipher AES-128-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx:xxxx udp
verify-x509-name "OpenVPN server certificate" name
auth-user-pass
ca xxxxxxxx.crt
cryptoapicert "SUBJ:xxx"
tls-auth xxxxxxxxxx-tls.key 1
remote-cert-tls server
comp-lzo adaptive
explicit-exit-notify
Thanks in advance,
Dean.