Openvpn just stopped

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
krainey4
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 15, 2021 3:28 pm

Openvpn just stopped

Post by krainey4 » Fri Oct 01, 2021 12:54 pm

Can somebody help me work out whats wrong all users cant connect anymore all of a sudden - this has worked for over a year then stopped - open vpn is running from a synology and is turned on and no firewall rules changed, could it be an expired cert and if so how might i fix this if this looks like the issue? thanks

Fri Oct 01 13:53:09 2021 SIGUSR1[soft,tls-error] received, process restarting
Fri Oct 01 13:53:14 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 01 13:53:15 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]81.106.156.151:1194
Fri Oct 01 13:53:15 2021 UDP link local (bound): [AF_INET][undef]:1194
Fri Oct 01 13:53:15 2021 UDP link remote: [AF_INET]81.106.156.151:1194
Fri Oct 01 13:53:15 2021 VERIFY ERROR: depth=2, error=certificate has expired: O=Digital Signature Trust Co., CN=DST Root CA X3
Fri Oct 01 13:53:15 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Oct 01 13:53:15 2021 TLS_ERROR: BIO read tls_read_plaintext error
Fri Oct 01 13:53:15 2021 TLS Error: TLS object -> incoming plaintext read error
Fri Oct 01 13:53:15 2021 TLS Error: TLS handshake failed
Fri Oct 01 13:53:15 2021 SIGUSR1[soft,tls-error] received, process restarting
Fri Oct 01 13:53:20 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 01 13:53:20 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]81.106.156.151:1194
Fri Oct 01 13:53:20 2021 UDP link local (bound): [AF_INET][undef]:1194
Fri Oct 01 13:53:20 2021 UDP link remote: [AF_INET]81.106.156.151:1194
Fri Oct 01 13:53:20 2021 TLS Error: Unroutable control packet received from [AF_INET]81.106.156.151:1194 (si=3 op=P_ACK_V1)
Fri Oct 01 13:53:22 2021 TLS Error: Unroutable control packet received from [AF_INET]81.106.156.151:1194 (si=3 op=P_CONTROL_V1)
Fri Oct 01 13:53:24 2021 TLS Error: Unroutable control packet received from [AF_INET]81.106.156.151:1194 (si=3 op=P_CONTROL_V1)
Fri Oct 01 13:53:26 2021 TLS Error: Unroutable control packet received from [AF_INET]81.106.156.151:1194 (si=3 op=P_CONTROL_V1)
Fri Oct 01 13:53:26 2021 TLS Error: Unroutable control packet received from [AF_INET]81.106.156.151:1194 (si=3 op=P_ACK_V1)
Fri Oct 01 13:53:27 2021 TLS Error: Unroutable control packet received from [AF_INET]81.106.156.151:1194 (si=3 op=P_CONTROL_V1)

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Openvpn just stopped

Post by 300000 » Fri Oct 01, 2021 12:59 pm

Fri Oct 01 13:53:15 2021 VERIFY ERROR: depth=2, error=certificate has expired: O=Digital Signature Trust Co., CN=DST Root CA X3


You need to setup new CA and everything from new . All client and server will not work anymore . There is no way to fix this

krainey4
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 15, 2021 3:28 pm

Re: Openvpn just stopped

Post by krainey4 » Fri Oct 01, 2021 1:13 pm

how do i even do that - cant remember from the last time - btw really appreciate your help

krainey4
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 15, 2021 3:28 pm

Re: Openvpn just stopped

Post by krainey4 » Fri Oct 01, 2021 1:16 pm

Certificate looks good until 29th of December this year

300000
OpenVPN Expert
Posts: 685
Joined: Tue May 01, 2012 9:30 pm

Re: Openvpn just stopped

Post by 300000 » Fri Oct 01, 2021 8:02 pm

By the way do you know which certificate valid until 29 of December? There are two certificate if one of them expired so openvpn not work

There are client certificate. CA certificate server certificate so it tell on log CA is end of its life so you need fresh making the whole new CA and update all certificates on your system .

Can you check CA certificate and client certificate
server certificate and post in here.

krainey4
OpenVpn Newbie
Posts: 5
Joined: Fri Jan 15, 2021 3:28 pm

Re: Openvpn just stopped

Post by krainey4 » Fri Oct 01, 2021 10:49 pm

Hi i only checked the cert on the synology but I am wondering if the cert ever worked - I always got a cert error but the client still connecting to the server

Post Reply