Version 2.6 doesn't connect

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Daniele
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 02, 2023 10:39 am

Version 2.6 doesn't connect

Post by Daniele » Thu Feb 02, 2023 10:42 am

Hello, after upgrading to version 2.6 all our connections don't work anymore.

The loading process gets stuck at "Verify ku ok", so I guess the problem is with the next line (which doesn't appear), "Validating certificate extended key usage".

It stays stuck for a while, then asks for the password again (the password is fine, it works with older versions).

Was there a change of policy with certificates? Maybe there is a (new?) command to include in the configuration file to allow some types of certificate?
Last edited by Daniele on Thu Feb 02, 2023 7:40 pm, edited 1 time in total.

ERIKB
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 02, 2023 2:11 pm

Re: Version 2.6 doesn't connect

Post by ERIKB » Thu Feb 02, 2023 2:17 pm

Hello, I encounter the same problem today after upgrading to 2.6. Connection from client can not be set up.

Log errors:
23-02-02 12:16:03 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=DE, ST=Berlin, L=Berlin, O=Strato Rechenzentrum AG, CN=prak, serial=621
2023-02-02 12:16:03 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-02-02 12:16:03 TLS_ERROR: BIO read tls_read_plaintext error
2023-02-02 12:16:03 TLS Error: TLS object -> incoming plaintext read error
2023-02-02 12:16:03 TLS Error: TLS handshake failed

Daniele
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 02, 2023 10:39 am

Re: Version 2.6 doesn't connect

Post by Daniele » Sat Feb 04, 2023 8:47 pm

It looks like this is a big issue, I hope someone will shed some light on this.

niecierpliwy
OpenVpn Newbie
Posts: 1
Joined: Wed Feb 22, 2023 8:00 am

Re: Version 2.6 doesn't connect

Post by niecierpliwy » Wed Feb 22, 2023 8:10 am

Hello,
Have you been able to solve this problem?
I encounter the same issue with QNAP NAS.

Daniele
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 02, 2023 10:39 am

Re: Version 2.6 doesn't connect

Post by Daniele » Wed Mar 01, 2023 9:08 am

Hello, no solution right now, sorry, and no feedback here sadly. We are using old versions for the time being. This is very inconvenient.

JettCon
OpenVpn Newbie
Posts: 2
Joined: Fri Mar 03, 2023 5:23 pm

Re: Version 2.6 doesn't connect

Post by JettCon » Thu Mar 16, 2023 3:30 pm

I also have this problem, I've tried numerous things but I can't make the 2.6 version work or stop the older versions from updating to 2.6. Anyone have any solutions?

rdpk7
OpenVpn Newbie
Posts: 1
Joined: Thu Apr 06, 2023 4:27 pm

Re: Version 2.6 doesn't connect

Post by rdpk7 » Thu Apr 06, 2023 4:28 pm

Solution is:

Add/Replace this line in your .ovpn file:

tls-cipher “DEFAULT:@SECLEVEL=0”

Daniele
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 02, 2023 10:39 am

Re: Version 2.6 doesn't connect

Post by Daniele » Sun Apr 16, 2023 1:56 pm

rdpk7 wrote:
Thu Apr 06, 2023 4:28 pm
Solution is:

Add/Replace this line in your .ovpn file:

tls-cipher “DEFAULT:@SECLEVEL=0”
I tried that, but I get this:

No valid translation found for TLS cipher '@SECLEVEL=0'

I changed the quotes like this: tls-cipher "DEFAULT:@SECLEVEL=0" , so that's not the problem.

Daniele
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 02, 2023 10:39 am

Re: Version 2.6 doesn't connect

Post by Daniele » Sun Apr 16, 2023 2:30 pm

This is the log, with some redacted data:

Code: Select all

Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023   pkcs11_pin_cache_period = -1
Sun Apr 16 16:15:16 2023   pkcs11_id = '[UNDEF]'
Sun Apr 16 16:15:16 2023   pkcs11_id_management = DISABLED
Sun Apr 16 16:15:16 2023   server_network = 0.0.0.0
Sun Apr 16 16:15:16 2023   server_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023   server_network_ipv6 = ::
Sun Apr 16 16:15:16 2023   server_netbits_ipv6 = 0
Sun Apr 16 16:15:16 2023   server_bridge_ip = 0.0.0.0
Sun Apr 16 16:15:16 2023   server_bridge_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023   server_bridge_pool_start = 0.0.0.0
Sun Apr 16 16:15:16 2023   server_bridge_pool_end = 0.0.0.0
Sun Apr 16 16:15:16 2023   ifconfig_pool_defined = DISABLED
Sun Apr 16 16:15:16 2023   ifconfig_pool_start = 0.0.0.0
Sun Apr 16 16:15:16 2023   ifconfig_pool_end = 0.0.0.0
Sun Apr 16 16:15:16 2023   ifconfig_pool_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023   ifconfig_pool_persist_filename = '[UNDEF]'
Sun Apr 16 16:15:16 2023   ifconfig_pool_persist_refresh_freq = 600
Sun Apr 16 16:15:16 2023   ifconfig_ipv6_pool_defined = DISABLED
Sun Apr 16 16:15:16 2023   ifconfig_ipv6_pool_base = ::
Sun Apr 16 16:15:16 2023   ifconfig_ipv6_pool_netbits = 0
Sun Apr 16 16:15:16 2023   n_bcast_buf = 256
Sun Apr 16 16:15:16 2023   tcp_queue_limit = 64
Sun Apr 16 16:15:16 2023   real_hash_size = 256
Sun Apr 16 16:15:16 2023   virtual_hash_size = 256
Sun Apr 16 16:15:16 2023   client_connect_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023   learn_address_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023   client_disconnect_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023   client_crresponse_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023   client_config_dir = '[UNDEF]'
Sun Apr 16 16:15:16 2023   ccd_exclusive = DISABLED
Sun Apr 16 16:15:16 2023   tmp_dir = 'C:\Users\danie\AppData\Local\Temp\'
Sun Apr 16 16:15:16 2023   push_ifconfig_defined = DISABLED
Sun Apr 16 16:15:16 2023   push_ifconfig_local = 0.0.0.0
Sun Apr 16 16:15:16 2023   push_ifconfig_remote_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023   push_ifconfig_ipv6_defined = DISABLED
Sun Apr 16 16:15:16 2023   push_ifconfig_ipv6_local = ::/0
Sun Apr 16 16:15:16 2023   push_ifconfig_ipv6_remote = ::
Sun Apr 16 16:15:16 2023   enable_c2c = DISABLED
Sun Apr 16 16:15:16 2023   duplicate_cn = DISABLED
Sun Apr 16 16:15:16 2023   cf_max = 0
Sun Apr 16 16:15:16 2023   cf_per = 0
Sun Apr 16 16:15:16 2023   cf_initial_max = 100
Sun Apr 16 16:15:16 2023   cf_initial_per = 10
Sun Apr 16 16:15:16 2023   max_clients = 1024
Sun Apr 16 16:15:16 2023   max_routes_per_client = 256
Sun Apr 16 16:15:16 2023   auth_user_pass_verify_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023   auth_user_pass_verify_script_via_file = DISABLED
Sun Apr 16 16:15:16 2023   auth_token_generate = DISABLED
Sun Apr 16 16:15:16 2023   auth_token_lifetime = 0
Sun Apr 16 16:15:16 2023   auth_token_secret_file = '[UNDEF]'
Sun Apr 16 16:15:16 2023   vlan_tagging = DISABLED
Sun Apr 16 16:15:16 2023   vlan_accept = all
Sun Apr 16 16:15:16 2023   vlan_pvid = 1
Sun Apr 16 16:15:16 2023   client = ENABLED
Sun Apr 16 16:15:16 2023   pull = ENABLED
Sun Apr 16 16:15:16 2023   auth_user_pass_file = 'stdin'
Sun Apr 16 16:15:16 2023   show_net_up = DISABLED
Sun Apr 16 16:15:16 2023   route_method = 3
Sun Apr 16 16:15:16 2023   block_outside_dns = DISABLED
Sun Apr 16 16:15:16 2023   ip_win32_defined = DISABLED
Sun Apr 16 16:15:16 2023   ip_win32_type = 1
Sun Apr 16 16:15:16 2023   dhcp_masq_offset = 0
Sun Apr 16 16:15:16 2023   dhcp_lease_time = 31536000
Sun Apr 16 16:15:16 2023   tap_sleep = 0
Sun Apr 16 16:15:16 2023   dhcp_options = 0x00000000
Sun Apr 16 16:15:16 2023   dhcp_renew = DISABLED
Sun Apr 16 16:15:16 2023   dhcp_pre_release = DISABLED
Sun Apr 16 16:15:16 2023   domain = '[UNDEF]'
Sun Apr 16 16:15:16 2023   netbios_scope = '[UNDEF]'
Sun Apr 16 16:15:16 2023   netbios_node_type = 0
Sun Apr 16 16:15:16 2023   disable_nbt = DISABLED
Sun Apr 16 16:15:16 2023 OpenVPN 2.6.3 [git:v2.6.3/94aad8c51043a805] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Apr 13 2023
Sun Apr 16 16:15:16 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Sun Apr 16 16:15:16 2023 library versions: OpenSSL 3.1.0 14 Mar 2023, LZO 2.10
Sun Apr 16 16:15:16 2023 DCO version: v0
Sun Apr 16 16:15:16 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 16 16:15:16 2023 Need hold release from management interface, waiting...
Sun Apr 16 16:15:17 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50584
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'state on'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'log on all'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'echo on all'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'bytecount 5'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'state'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'hold off'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'hold release'
Sun Apr 16 16:15:22 2023 MANAGEMENT: CMD 'username "Auth" "user"'
Sun Apr 16 16:15:22 2023 MANAGEMENT: CMD 'password [...]'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='1', value=00000066C66FD030, value_size=4
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=84-'CKR_FUNCTION_NOT_SUPPORTED'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='7', value=00000066C66FD038, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 7=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='6', value=00000066C66FD030, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 6=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='9', value=00000066C66FD038, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 9=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='8', value=00000066C66FD030, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 8=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='10', value=00000066C66FD030, value_size=4
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 10=0x1
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='11', value=00000066C66FD030, value_size=4
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 11=0xffffffff
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 No valid translation found for TLS cipher '@SECLEVEL=0'
Sun Apr 16 16:15:26 2023 MANAGEMENT: CMD 'password [...]'
Sun Apr 16 16:15:26 2023 MTU: adding 426 buffer tailroom for compression for 1768 bytes of payload
Sun Apr 16 16:15:26 2023 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Sun Apr 16 16:15:26 2023 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Sun Apr 16 16:15:26 2023 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 16 16:15:26 2023 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 16 16:15:26 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]<IPADDRESS>:<PORT>
Sun Apr 16 16:15:26 2023 Enumerate drivers in registy: 
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {09059E27-4BE1-4C22-BFAE-7FBA0F867289}, Driver: wintun
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {9B7FEB87-5BEB-47D6-9663-570B0861DEC7}, Driver: tap-windows6
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {FF28C62A-1FF3-4693-973B-53C5109E8A25}, Driver: ovpn-dco
Sun Apr 16 16:15:26 2023 Enumerate device interface lists:
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {09059E27-4BE1-4C22-BFAE-7FBA0F867289}, Device Interface: \\?\ROOT#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {9B7FEB87-5BEB-47D6-9663-570B0861DEC7}, Device Interface: \\?\ROOT#NET#0001#{cac88484-7515-4c03-82e6-71a87abac361}
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {8639185E-2A5C-41B8-8099-24B87F9F1963}, Device Interface: \\?\PCI#VEN_8086&DEV_100F&SUBSYS_075015AD&REV_01#4&bbf9765&0&0888#{cac88484-7515-4c03-82e6-71a87abac361}
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {FF28C62A-1FF3-4693-973B-53C5109E8A25}, Device Interface: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {FF28C62A-1FF3-4693-973B-53C5109E8A25}, Device Interface: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\{FF28C62A-1FF3-4693-973B-53C5109E8A25}
Sun Apr 16 16:15:26 2023 Using device interface: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco
Sun Apr 16 16:15:26 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Sun Apr 16 16:15:26 2023 dco_create_socket
Sun Apr 16 16:15:26 2023 TCP_CLIENT link local: (not bound)
Sun Apr 16 16:15:26 2023 TCP_CLIENT link remote: [AF_INET]<IPADDRESS>:<PORT>
Sun Apr 16 16:15:26 2023 MANAGEMENT: >STATE:1681654526,WAIT,,,,,,
Sun Apr 16 16:15:26 2023 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
Sun Apr 16 16:15:26 2023  event_wait returned 2
Sun Apr 16 16:15:26 2023 TCP_CLIENT WRITE [14] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f466cff4 c4f43da0 [ ] pid=0 DATA 
Sun Apr 16 16:15:26 2023 TCP_CLIENT write returned 14
Sun Apr 16 16:15:26 2023  event_wait returned 1
Sun Apr 16 16:15:26 2023  event_wait returned 1
Sun Apr 16 16:15:26 2023  event_wait returned 1
Sun Apr 16 16:15:27 2023  event_wait returned 1
Sun Apr 16 16:15:27 2023 TCP_CLIENT read returned 14
Sun Apr 16 16:15:27 2023 TCP_CLIENT READ [14] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=6c7d6db8 adadd565 [ ] pid=0 DATA 
Sun Apr 16 16:15:27 2023 MANAGEMENT: >STATE:1681654527,AUTH,,,,,,
Sun Apr 16 16:15:27 2023 TLS: Initial packet from [AF_INET]<IPADDRESS>:<PORT>, sid=6c7d6db8 adadd565
Sun Apr 16 16:15:27 2023 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
Sun Apr 16 16:15:27 2023  event_wait returned 2
Sun Apr 16 16:15:27 2023 TCP_CLIENT WRITE [26] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f466cff4 c4f43da0 [ 0 sid=6c7d6db8 adadd565 ] pid=0 DATA 
Sun Apr 16 16:15:27 2023 TCP_CLIENT write returned 26
Sun Apr 16 16:15:27 2023  event_wait returned 1
Sun Apr 16 16:15:27 2023  event_wait returned 1
Sun Apr 16 16:15:27 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:27 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 0 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:27 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:27 2023  event_wait returned 2
Sun Apr 16 16:15:27 2023 TCP_CLIENT WRITE [321] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 0 sid=6c7d6db8 adadd565 ] pid=1 DATA 16030101 22010001 1e0303f4 799fb352 9e4dfa74 508f8c4e b3af3f27 5568182[more...]
Sun Apr 16 16:15:27 2023 TCP_CLIENT write returned 321
Sun Apr 16 16:15:27 2023  event_wait returned 1
Sun Apr 16 16:15:27 2023  event_wait returned 1
Sun Apr 16 16:15:27 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:27 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 1 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:27 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 0
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 1414
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [1414] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=1 DATA 16030300 51020000 4d030361 64d9d223 deb9e2dc fab77c11 5754af38 4b80232[more...]
Sun Apr 16 16:15:28 2023 write_control_auth(): P_ACK_V1
Sun Apr 16 16:15:28 2023  event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [26] to [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=f466cff4 c4f43da0 [ 1 0 sid=6c7d6db8 adadd565 ] DATA 
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 26
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 1414
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [1414] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=2 DATA 43225cc8 fdd670c9 4639d0ce 6db84fe4 04b7e9bd 24a5af1c 1e5ea16c 3ec9c6d[more...]
Sun Apr 16 16:15:28 2023 write_control_auth(): P_ACK_V1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [30] to [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=f466cff4 c4f43da0 [ 2 1 0 sid=6c7d6db8 adadd565 ] DATA 
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 30
Sun Apr 16 16:15:28 2023  event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 1309
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [1309] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=3 DATA 3566b179 45138ce4 fa749ca9 94537ca2 dac79c58 7c1b8c56 7b77a0ec 199fdb1[more...]
Sun Apr 16 16:15:28 2023 VERIFY OK: depth=1, C=IT, ST=IT, L=SAVONA, O=DMP, CN=CA
Sun Apr 16 16:15:28 2023 VERIFY KU OK
Sun Apr 16 16:15:28 2023 Validating certificate extended key usage
Sun Apr 16 16:15:28 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 16 16:15:28 2023 VERIFY EKU OK
Sun Apr 16 16:15:28 2023 VERIFY OK: depth=0, C=IT, ST=IT, L=SAVONA, O=DMP, CN=server
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [1222] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=2 DATA 1603030b 4a0b000b 46000b43 00059430 82059030 820378a0 03020102 02081fb[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 1222
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [1222] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=3 DATA 376968ef 6c710d3e aa87905e 035eebcf af602fe3 f19041c7 38d6b850 85b2097[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 1222
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023  event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 2 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [1222] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=4 DATA 864886f7 0d01010b 05000382 02010037 70a95633 80abbbc3 d4bec4d5 de7154c[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 1222
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023  event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 3 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [224] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=5 DATA 2c1486e5 c882e258 b50fd245 06b811de 91c66168 512eb028 01ae517c 607cd1d[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 224
Sun Apr 16 16:15:28 2023  event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 4 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 5 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:28 2023  event_wait returned 1
Sun Apr 16 16:15:29 2023  event_wait returned 1
Sun Apr 16 16:15:29 2023 TCP_CLIENT read returned 65
Sun Apr 16 16:15:29 2023 TCP_CLIENT READ [65] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=4 DATA 14030300 01011603 0300284a 22619802 b23f991e 43edc26c bf11a3f4 d4bd7fa[more...]
Sun Apr 16 16:15:29 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:29 2023  event_wait returned 2
Sun Apr 16 16:15:29 2023 TCP_CLIENT WRITE [500] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 4 3 2 1 sid=6c7d6db8 adadd565 ] pid=6 DATA 17030301 c9f49d12 e382aded 79948005 de6d035b 966c8188 ed096f81 e33c511[more...]
Sun Apr 16 16:15:29 2023 TCP_CLIENT write returned 500
Sun Apr 16 16:15:29 2023  event_wait returned 1
Sun Apr 16 16:15:29 2023  event_wait returned 1
Sun Apr 16 16:15:29 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:29 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 6 sid=f466cff4 c4f43da0 ] DATA 
Sun Apr 16 16:15:29 2023  event_wait returned 1
Sun Apr 16 16:15:30 2023  event_wait returned 0
Sun Apr 16 16:15:30 2023  event_wait returned 1
Sun Apr 16 16:15:31 2023  event_wait returned 0
Sun Apr 16 16:15:31 2023  event_wait returned 1
Sun Apr 16 16:15:33 2023  event_wait returned 0
Sun Apr 16 16:15:33 2023  event_wait returned 1
Sun Apr 16 16:15:34 2023  event_wait returned 0
Sun Apr 16 16:15:34 2023  event_wait returned 1
Sun Apr 16 16:15:35 2023  event_wait returned 0
Sun Apr 16 16:15:35 2023  event_wait returned 1
Sun Apr 16 16:15:36 2023  event_wait returned 0
Sun Apr 16 16:15:36 2023  event_wait returned 1
Sun Apr 16 16:15:37 2023  event_wait returned 0
Sun Apr 16 16:15:37 2023  event_wait returned 1
Sun Apr 16 16:15:38 2023  event_wait returned 0
Sun Apr 16 16:15:38 2023  event_wait returned 1
Sun Apr 16 16:15:39 2023  event_wait returned 0
Sun Apr 16 16:15:39 2023  event_wait returned 1
Sun Apr 16 16:15:40 2023  event_wait returned 0
Sun Apr 16 16:15:40 2023  event_wait returned 1
Sun Apr 16 16:15:42 2023  event_wait returned 0
Sun Apr 16 16:15:42 2023  event_wait returned 1
Sun Apr 16 16:15:43 2023  event_wait returned 0
Sun Apr 16 16:15:43 2023  event_wait returned 1
Sun Apr 16 16:15:44 2023  event_wait returned 0
Sun Apr 16 16:15:44 2023  event_wait returned 1
Sun Apr 16 16:15:45 2023  event_wait returned 0
Sun Apr 16 16:15:45 2023  event_wait returned 1
Sun Apr 16 16:15:46 2023  event_wait returned 0
Sun Apr 16 16:15:46 2023  event_wait returned 1
Sun Apr 16 16:15:47 2023  event_wait returned 0
Sun Apr 16 16:15:47 2023  event_wait returned 1
Sun Apr 16 16:15:48 2023  event_wait returned 0
Sun Apr 16 16:15:48 2023  event_wait returned 1
Sun Apr 16 16:15:49 2023  event_wait returned 0
Sun Apr 16 16:15:49 2023  event_wait returned 1
Sun Apr 16 16:15:50 2023  event_wait returned 0
Sun Apr 16 16:15:50 2023  event_wait returned 1
Sun Apr 16 16:15:51 2023  event_wait returned 0
Sun Apr 16 16:15:51 2023  event_wait returned 1
Sun Apr 16 16:15:52 2023  event_wait returned 0
Sun Apr 16 16:15:52 2023  event_wait returned 1
Sun Apr 16 16:15:53 2023  event_wait returned 0
Sun Apr 16 16:15:53 2023  event_wait returned 1
Sun Apr 16 16:15:54 2023  event_wait returned 0
Sun Apr 16 16:15:54 2023  event_wait returned 1
Sun Apr 16 16:15:55 2023  event_wait returned 0
Sun Apr 16 16:15:55 2023  event_wait returned 1
Sun Apr 16 16:15:56 2023  event_wait returned 0
Sun Apr 16 16:15:56 2023  event_wait returned 1
Sun Apr 16 16:15:57 2023  event_wait returned 0
Sun Apr 16 16:15:57 2023  event_wait returned 1
Sun Apr 16 16:15:59 2023  event_wait returned 0
Sun Apr 16 16:15:59 2023  event_wait returned 1
Sun Apr 16 16:16:00 2023  event_wait returned 0
Sun Apr 16 16:16:00 2023  event_wait returned 1
Sun Apr 16 16:16:01 2023  event_wait returned 0
Sun Apr 16 16:16:01 2023  event_wait returned 1
Sun Apr 16 16:16:02 2023  event_wait returned 0
Sun Apr 16 16:16:02 2023  event_wait returned 1
Sun Apr 16 16:16:03 2023  event_wait returned 0
Sun Apr 16 16:16:03 2023  event_wait returned 1
Sun Apr 16 16:16:04 2023  event_wait returned 0
Sun Apr 16 16:16:04 2023  event_wait returned 1
Sun Apr 16 16:16:05 2023  event_wait returned 0
Sun Apr 16 16:16:05 2023  event_wait returned 1
Sun Apr 16 16:16:06 2023  event_wait returned 0
Sun Apr 16 16:16:06 2023  event_wait returned 1
Sun Apr 16 16:16:08 2023  event_wait returned 0
Sun Apr 16 16:16:08 2023  event_wait returned 1
Sun Apr 16 16:16:09 2023  event_wait returned 0
Sun Apr 16 16:16:09 2023  event_wait returned 1
Sun Apr 16 16:16:10 2023  event_wait returned 0
Sun Apr 16 16:16:10 2023  event_wait returned 1
Sun Apr 16 16:16:11 2023  event_wait returned 0
Sun Apr 16 16:16:11 2023  event_wait returned 1
Sun Apr 16 16:16:12 2023  event_wait returned 0
Sun Apr 16 16:16:12 2023  event_wait returned 1
Sun Apr 16 16:16:14 2023  event_wait returned 0
Sun Apr 16 16:16:14 2023  event_wait returned 1
Sun Apr 16 16:16:15 2023  event_wait returned 0
Sun Apr 16 16:16:15 2023  event_wait returned 1
Sun Apr 16 16:16:16 2023  event_wait returned 0
Sun Apr 16 16:16:16 2023  event_wait returned 1
Sun Apr 16 16:16:17 2023  event_wait returned 0
Sun Apr 16 16:16:17 2023  event_wait returned 1
Sun Apr 16 16:16:18 2023  event_wait returned 0
Sun Apr 16 16:16:18 2023  event_wait returned 1
Sun Apr 16 16:16:19 2023  event_wait returned 0
Sun Apr 16 16:16:19 2023  event_wait returned 1
Sun Apr 16 16:16:20 2023  event_wait returned 0
Sun Apr 16 16:16:20 2023  event_wait returned 1
Sun Apr 16 16:16:22 2023  event_wait returned 0
Sun Apr 16 16:16:22 2023  event_wait returned 1
Sun Apr 16 16:16:23 2023  event_wait returned 0
Sun Apr 16 16:16:23 2023  event_wait returned 1
Sun Apr 16 16:16:24 2023  event_wait returned 0
Sun Apr 16 16:16:24 2023  event_wait returned 1
Sun Apr 16 16:16:25 2023  event_wait returned 0
Sun Apr 16 16:16:25 2023  event_wait returned 1
Sun Apr 16 16:16:26 2023  event_wait returned 0
Sun Apr 16 16:16:26 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 16 16:16:26 2023 TLS Error: TLS handshake failed
Sun Apr 16 16:16:26 2023 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=00000240669CD9E0, ptr=0000000000000000, ad=00000240669CDA70, idx=1, argl=0, argp=00007FFBB3AF3D38
Sun Apr 16 16:16:26 2023 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=0000024064EDA7C0, ptr=0000000000000000, ad=0000024064EDA850, idx=1, argl=0, argp=00007FFBB3AF3D38
Sun Apr 16 16:16:26 2023 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 16 16:16:26 2023 Closing DCO interface
Sun Apr 16 16:16:26 2023 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 16 16:16:26 2023 MANAGEMENT: >STATE:1681654586,RECONNECTING,tls-error,,,,,
Sun Apr 16 16:16:26 2023 Restart pause, 1 second(s)

Daniele
OpenVpn Newbie
Posts: 6
Joined: Thu Feb 02, 2023 10:39 am

Re: Version 2.6 doesn't connect

Post by Daniele » Sun Apr 16, 2023 2:32 pm

And this is a sample config file:

Code: Select all

client
remote <IPADDRESS> <PORT>
proto tcp
dev tun
nobind
persist-key
persist-tun
verb 10
auth-user-pass
ca "CA.crt"
cert "client1.crt"
key "client1.key"
port <PORT>
tls-client
remote-cert-tls server
auth-nocache
auth-user-pass
route 192.168.1.0 255.255.255.0

becm
OpenVPN User
Posts: 38
Joined: Tue Sep 01, 2020 1:27 pm

Re: Version 2.6 doesn't connect

Post by becm » Thu May 04, 2023 8:45 pm

All CAs with signature algoritm SHA1 or weaker are rejected by OpenSSL 3.x, in OpenVPN 2.6

Adding

Code: Select all

tls-cert-profile insecure
to the client config should be a valid mitigation until the CA can be replaced.
Last edited by Pippin on Fri May 05, 2023 9:24 am, edited 1 time in total.
Reason: Corrected bbcode

Fellerson
OpenVpn Newbie
Posts: 1
Joined: Tue May 23, 2023 2:05 pm

Re: Version 2.6 doesn't connect

Post by Fellerson » Tue May 23, 2023 2:06 pm

Hi @becm

Thanks a lot for your help. This helped a lot

Now, how can we improve the security ? QNAP has to update something on the server side, to have a stronger algorithm signature, right ? Thanks.

becm
OpenVPN User
Posts: 38
Joined: Tue Sep 01, 2020 1:27 pm

Re: Version 2.6 doesn't connect

Post by becm » Sat Jul 08, 2023 12:41 pm

No idea how server certs are provided for QNAP systems. :)
What is required however is a server cert (ultimately) signed by a CA with 4096bit RSA (or an equivalent EC method) and have a SHA256 (or better) signature.

thomasshelby
OpenVpn Newbie
Posts: 1
Joined: Sun Jul 09, 2023 7:16 am

Re: Version 2.6 doesn't connect

Post by thomasshelby » Sun Jul 09, 2023 7:16 am

there are a few troubleshooting steps you can try:

Verify your configuration: Double-check your OpenVPN configuration files to ensure that all the necessary settings, such as server address, port, and authentication details, are correct.

Check your network connection: Ensure that you have a stable internet connection and that there are no network issues that might prevent OpenVPN from connecting.

Firewall and antivirus software: Temporarily disable any firewall or antivirus software that might be blocking the OpenVPN connection. If the connection succeeds after disabling these programs, you may need to adjust their settings to allow OpenVPN traffic.

Verify server availability: Make sure the OpenVPN server you're trying to connect to is operational and accessible. You can try connecting to a different server to see if the issue persists.

Log files: Check the OpenVPN log files for any error messages or clues about the connection issue. These logs can often be found in the OpenVPN installation directory or in a dedicated log directory.

Update OpenVPN: If you're running an older version of OpenVPN, consider updating to the latest stable release. Newer versions often include bug fixes and improvements that may resolve connection problems .

BlissSol
OpenVpn Newbie
Posts: 1
Joined: Mon Oct 23, 2023 7:29 am

Re: Version 2.6 doesn't connect

Post by BlissSol » Mon Oct 23, 2023 7:35 am

I just created an account to say thanks to @becm

I last setup OpenVPN (on a QNAP NAS) some 7+ yrs back for a client, and luved it back then.
So I decided now to finally set it up on my own QNAP NAS, and ive been going in circles trying to figure out what was wrong (and it was never this hard last time).

adding

Code: Select all

tls-cert-profile insecure
to the config file finally got it to connect... (or just connecting on the internal network at least... now need to make sure its forwarding from my router)

stupid QNAP :evil:

Post Reply