Hello, I have installed the openvpn server and configured the client, but I am facing this issue, when it try to connect I receive this error on the client machine
Wed Jan 23 12:12:45 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jan 23 12:12:45 2019 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 23 12:12:45 2019 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 23 12:12:45 2019 TLS Error: TLS handshake failed
and while in the server I can see
Jan 23 11:52:42 server.xxxxx.com openvpn[12829]: Wed Jan 23 11:52:42 2019 xxx.xxx.xxx.xxx:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
Jan 23 12:12:44 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:12:44 2019 xxx.xxx.xxx.xxx:1194 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=58fcaffe c1059b5d
Jan 23 12:12:49 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:12:49 2019 xxx.xxx.xxx.xxx:1194 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1194
Jan 23 12:12:54 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:12:54 2019 xxx.xxx.xxx.xxx:1194 TLS: new session incoming connection from [AF_INET]xxx.Xxx.xxx.xxx:1194
Jan 23 12:13:44 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:13:44 2019 xxx.xxx.xxx.xxx:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 23 12:13:44 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:13:44 2019 xxx.xxx.xxx.xxx:1194 TLS Error: TLS handshake failed
Jan 23 12:13:44 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:13:44 2019 xxx.xxx.xxx.xxx:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
Jan 23 12:14:00 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:14:00 2019 xxx.xxx.xxx.xxx:1194 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=3198e9bf 6052bd5a
Jan 23 12:14:05 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:14:05 2019 xxx.xxx.xxx.xxx:1194 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1194
Jan 23 12:14:15 server.xxxxx.com openvpn[12829]: Wed Jan 23 12:14:15 2019 xxx.xxx.xxx.xxx:1194 TLS: new session incoming connection from [AF_INET]xxx.xxx.xxx.xxx:1194
the error is caused by:
the server is using --auth SHA1 (openvpn default)
while the client is using --auth RSA-SHA512.
--auth algo must match on both server and client.
if so, can you please to explain me how to put both in the same sha type
Wed Jan 23 12:12:45 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Re: Error connecting to server
Posted: Thu Jan 24, 2019 11:17 pm
by carlosalf27
Sorry I am costarican and my English is not too many good, most part of my coments has been made with a translator to explain, I do not understand whats wrong, I was reading the post you send me and I think is because I have no used the quotes, that´s the answer error? I need to put the quotes to the error message the client and server bring ?
Hello, I have installed the openvpn server and configured the client, but I am facing this issue, when it try to connect I receive this error on the client machine
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
remote-cert-eku "TLS Web Client Authentication"
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-crypt mybussines.tlsauth
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 4
explicit-exit-notify 1
Server log (at --verb 4 and client IP address removed)
CODE: SELECT ALL
Fri Jan 25 10:38:07 2019 us=162325 x.x.x.x:1194 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Jan 25 10:38:07 2019 us=162351 x.x.x.x:1194 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Jan 25 10:38:07 2019 us=162398 x.x.x.x:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Fri Jan 25 10:38:07 2019 us=162415 x.x.x.x:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Fri Jan 25 10:38:07 2019 us=162475 x.x.x.x:1194 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=f2b09be7 3399c056
Fri Jan 25 10:38:12 2019 us=289603 x.x.x.x:1194 TLS: new session incoming connection from [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:17 2019 us=435251 x.x.x.x:1194 TLS: new session incoming connection from [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:07 2019 us=419880 x.x.x.x:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 25 10:39:07 2019 us=419929 x.x.x.x:1194 TLS Error: TLS handshake failed
Fri Jan 25 10:39:07 2019 us=420064 x.x.x.x:1194 SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Jan 25 10:39:22 2019 us=204116 MULTI: multi_create_instance called
Fri Jan 25 10:39:22 2019 us=204218 x.x.x.x:1194 Re-using SSL/TLS context
Fri Jan 25 10:39:22 2019 us=204316 x.x.x.x:1194 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Fri Jan 25 10:39:22 2019 us=204346 x.x.x.x:1194 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Fri Jan 25 10:39:22 2019 us=204397 x.x.x.x:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Fri Jan 25 10:39:22 2019 us=204418 x.x.x.x:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Fri Jan 25 10:39:22 2019 us=204465 x.x.x.x:1194 TLS: Initial packet from [AF_INET]x.x.x.x:1194, sid=22a744a4 fb0fcfbb
Fri Jan 25 10:39:27 2019 us=328519 x.x.x.x:1194 TLS: new session incoming connection from [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:37 2019 us=532014 x.x.x.x:1194 TLS: new session incoming connection from [AF_INET]x.x.x.x:1194
* Client *
Operating system:
C:\Users\Carlos>ver
Microsoft Windows [Versión 10.0.17134.523]
Network setup:
CODE: SELECT ALL
C:\Users\Carlos>ipconfig /all
Configuración IP de Windows
Nombre de host. . . . . . . . . : CarlosLap
Sufijo DNS principal . . . . . :
Tipo de nodo. . . . . . . . . . : híbrido
Enrutamiento IP habilitado. . . : no
Proxy WINS habilitado . . . . . : no
Lista de búsqueda de sufijos DNS: xxxxxxxxxx.net
Adaptador desconocido VPN - VPN Client:
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS específico para la conexión. . :
Descripción . . . . . . . . . . . . . . . : VPN Client Adapter - VPN
Dirección física. . . . . . . . . . . . . : 5E-15-A9-D6-68-CE
DHCP habilitado . . . . . . . . . . . . . : sí
Configuración automática habilitada . . . : sí
Estado de los medios. . . . . . . . . . . : medios desconectados
Sufijo DNS específico para la conexión. . :
Descripción . . . . . . . . . . . . . . . : TAP-Windows Adapter V9
Dirección física. . . . . . . . . . . . . : 00-FF-40-2F-78-ED
DHCP habilitado . . . . . . . . . . . . . : sí
Configuración automática habilitada . . . : sí
Client config file:
client.ovpn
client
client
tls-client
ca ca.crt
cert laguero.crt
key laguero.key
tls-crypt mybussines.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote x.x.x.x 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody
Client log (at --verb 4 and server name and IP address removed)
CODE: SELECT ALL
Fri Jan 25 10:38:09 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Fri Jan 25 10:38:09 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jan 25 10:38:09 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Fri Jan 25 10:38:09 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:09 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:38:09 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:09 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jan 25 10:38:09 2019 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 25 10:38:09 2019 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 25 10:38:09 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:38:09 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:38:14 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:14 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:38:14 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:14 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jan 25 10:38:14 2019 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 25 10:38:14 2019 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 25 10:38:14 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:38:14 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:38:19 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:19 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:38:19 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:38:19 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:20 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:22 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:38:24 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:24 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:25 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:26 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:38:28 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:31 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:34 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:38:39 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:41 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:44 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:47 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:38:50 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:39:19 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 25 10:39:19 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:39:19 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:39:24 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:24 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:39:24 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:24 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jan 25 10:39:24 2019 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 25 10:39:24 2019 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 25 10:39:24 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:39:24 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:39:29 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:29 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:39:29 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:29 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jan 25 10:39:29 2019 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 25 10:39:29 2019 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 25 10:39:29 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:39:29 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:39:39 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:39 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:39:39 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:39:39 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:39:41 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:39:43 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:39:44 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:39:45 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:39:46 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:39:53 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:39:54 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:39:59 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:40:00 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:40:03 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Fri Jan 25 10:40:09 2019 TLS Error: Unroutable control packet received from [AF_INET]x.x.x.x:1194 (si=3 op=P_ACK_V1)
Fri Jan 25 10:40:40 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 25 10:40:40 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:40:40 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:41:00 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:41:00 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:41:00 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:41:00 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jan 25 10:41:00 2019 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 25 10:41:00 2019 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 25 10:41:00 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:41:00 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:41:40 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:41:40 2019 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 25 10:41:40 2019 UDP link remote: [AF_INET]x.x.x.x:1194
Fri Jan 25 10:41:40 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jan 25 10:41:40 2019 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 25 10:41:40 2019 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 25 10:41:40 2019 TLS Error: TLS handshake failed
Fri Jan 25 10:41:40 2019 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 25 10:42:15 2019 SIGTERM[hard,init_instance] received, process exiting
client
tls-client
ca ca.crt
cert laguero.crt
key laguero.key
tls-crypt mybussines.tlsauth
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote x.x.x.x 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody