OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Cliet will not connect VERIFY ERROR: depth=1

https://forums.openvpn.net/viewtopic.php?t=21819

Page 1 of 1

Cliet will not connect VERIFY ERROR: depth=1

Posted: Thu Jun 02, 2016 8:09 am
by joakimbecker
Hi all,
Not sure whats the problem, but my client will not connect. the OpenVPN server is an OpenWRT box.
Here is the out put from my client:
$>openvpn Consulting.ovpn
Thu Jun 2 09:48:05 2016 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Thu Jun 2 09:48:05 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Thu Jun 2 09:48:05 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Jun 2 09:48:05 2016 UDPv4 link local: [undef]
Thu Jun 2 09:48:05 2016 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Thu Jun 2 09:48:05 2016 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=29c14b89 4fcd2512
Thu Jun 2 09:48:05 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=SE, L=Stockholm, OU=Consulting, CN=Consulting, name=EasyRSA, emailAddress=me@myhost.mydomain
Thu Jun 2 09:48:05 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Jun 2 09:48:05 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Jun 2 09:48:05 2016 TLS Error: TLS handshake failed
Thu Jun 2 09:48:05 2016 SIGUSR1[soft,tls-error] received, process restarting
Thu Jun 2 09:48:05 2016 Restart pause, 2 second(s)

Log on the server:
Thu Jun 2 07:48:05 2016 YY.YY.YY.YY:6156 TLS: Initial packet from [AF_INET]YY.YY.YY.YY:46156, sid=4ed30910 0004c1f1
Thu Jun 2 07:48:07 2016 YY.YY.YY.YY:38317 TLS: Initial packet from [AF_INET]YY.YY.YY.YY:38317, sid=e22d2dea 1786972f
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 TLS Error: TLS handshake failed
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 TLS Error: TLS handshake failed
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 SIGUSR1[soft,tls-error] received, client-instance restarting

I have recreated both CA, server and client certs.
Any help will be much appreciated.
Cheers
JB

Re: Cliet will not connect VERIFY ERROR: depth=1

Posted: Thu Jun 02, 2016 10:17 am
by FalconTent
joakimbecker wrote:error=self signed certificate in certificate chain
How did you create your PKI ?

I advise you see this HOWTO:
https://openvpn.net/index.php/open-sour ... o.html#pki

And use this version of EasyRSA:
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2

Re: Cliet will not connect VERIFY ERROR: depth=1

Posted: Thu Jun 02, 2016 1:30 pm
by joakimbecker
Hi
created it by using the
build-ca
command. dont think that easy-rsa version is avalible for the OpenWRT routers, or does any one know is it avalible?

Re: Cliet will not connect VERIFY ERROR: depth=1

Posted: Thu Jun 02, 2016 3:22 pm
by Traffic
You can create your PKI on any PC with EasyRSA and upload the files.

You may find this is useful:
http://superuser.com/questions/549017/o ... 308#977308
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/