OpenVPN Support Forum

Posted: **Tue Jun 29, 2021 3:04 pm**

Im experiencing this error:

Error message: Peer certificate verification faulure.

What does it mean? Anyone know how to fix it?

Cheers.

Posted: **Tue Jun 29, 2021 4:06 pm**

Hello ctolvett,

I am afraid you'll have to recheck your configuration. Usually with OpenVPN when certificates are implemented, the client verifies the identity of the server, and the server verifies the identity of the client. Depending on where you see this message, such verification failed for either the server or the client. So you should probably check your certificates and verification options again carefully.

Kind regards,
Johan

Posted: **Wed Jun 30, 2021 2:41 pm**

Thank you Johan. How do I check my certificates and verification options? It is somtehing that I do in OpenVPN, or is it something I check on windows?

Posted: **Wed Jun 30, 2021 4:48 pm**

Hi There,

Depending on where you see this message.
Can you confirm where such verification failed error occur? Was it on the server or the client side?

ctolvett wrote: ↑
Wed Jun 30, 2021 2:41 pm
Thank you Johan. How do I check my certificates and verification options? It is somtehing that I do in OpenVPN, or is it something I check on windows?

Regards,
Crowley

Posted: **Wed Jun 30, 2021 11:50 pm**

openvpn_inc wrote: ↑
Wed Jun 30, 2021 4:48 pm

Depending on where you see this message.
Can you confirm where such verification failed error occur? Was it on the server or the client side?

Hello!

It's on the client side. It ocurrs when I tried to connect from my windows laptot to the server.

Posted: **Tue Jul 06, 2021 7:39 am**

I have the same issue. I'm afraid this is not related to my configurations since the profile works on V3.2.3.1851 and the error message pops up on V3.3.1.2222, which means the new version probably has some bugs. Changing/commenting the auth option will make it disappear but the connection still fails. I can reproduce this at any time (by installing those 2 versions).
BTW, my cert was signed by SHA256WithECDSA.
Please help investigate.
Thanks.

Posted: **Tue Jul 06, 2021 9:05 am**

Hello,

Peer certificate verification failure means that the certificate offered by the other side cannot be verified. It is a common problem if mistakes have been made in setting up the certificate infrastructure. While it is technically possible there is a bug in 3.3.1, I highly doubt it - we test over a hundred different configurations and it all passed. More than likely there is something actually wrong with the certificates, or something changed in terms of security requirements that now fails these certificates.

Since you can reproduce a difference between 3.2.3 and 3.3.1, this is something we should be able to reproduce here as well, if we have all the necessary information. I do believe though that along the way in the investigation we may end up finding a problem in your certificates. If you want us to pursue investigating this problem we'll need you to send us the information on how exactly you have set up your server including how you generated your certificates, and how exactly you have set up your client including all the configuration and how you generated the certificates. If we follow those exact steps and we are able to reproduce the problem here too, then we'll have a better idea of what we're dealing with and can then provide a solution either by solving a possible bug or by informing you of the underlying problem that prevents the system from working, and possible solutions.

All this information should be provided only at https://openvpn.net/support as information can be exchanged there securely, instead of on this public forum.

Kind regards,
Johan

Posted: **Tue Jul 06, 2021 9:30 am**

Thanks Johan!

Before I provide more details at Support, I want to give some clues here:
1. The server is Azure Virtual Hub User VPN (Point-to-Site) and I can't get too many details.
2. My cert chain: sha384ECDSA/P384 (self-signed root) -> sha384ECDSA/P256 (intermediate) -> sha256ECDSA/P256 (endpoint). Except the path length constraint(0) on the intermediate cert, no more special setups.

Posted: **Wed Jul 07, 2021 2:45 pm**

I have exactly the same issue as wn80sr. I've set up an Azure Virtual Network Gateway with OpenVPN configuration. It works perfectly fine on my machine and two other mac's. Unfortunately, it doesn't work on 3 different Windows devices that I've set it up. I've figured out that I have installed older version of OpenVPN Connect 3.2.3 1851. All other users have installed newest version. On one of the clients machines (Windows) I've also installed an older generation of the OpenVPN Connect (v2.7.1), imported the same configuration file and it works without a problem. It's a pity, that I can't download an older version of the newer generation of OpenVPN Connect on the website.

Posted: **Tue Jul 13, 2021 2:21 pm**

openvpn_inc wrote: ↑
Tue Jun 29, 2021 4:06 pm
Hello ctolvett,

I am afraid you'll have to recheck your configuration. Usually with OpenVPN when certificates are implemented, the client verifies the identity of the server, and the server verifies the identity of the client. Depending on where you see this message, such verification failed for either the server or the client. So you should probably check your certificates and verification options again carefully.

Kind regards,
Johan

Hi,

I am having the same issue as this. I am using the same config file on my phone and Windows 10 and it works fine on my iPhone but fails on Win10.

I am getting the error: "peer certificate verification failure" I am running version 3.3.1 (2222)

Any ideas? I am assuming its a bug with the windows app?

Thanks
Tom

Posted: **Tue Jul 13, 2021 6:52 pm**

Hello wn80sr, stysiok, and Tommy3268,

I'd suggest reporting all the technical details to our support ticket system at https://openvpn.net/support

An important thing for us to resolve such issues is the ability to reproduce the problem. Currently we are getting very limited information here in this ticket, and to get more information, we need to get some possibly sensitive logs and files in order to reproduce the problem here. If we can reproduce it, we can find the cause for it. It might be something wrong with the certificates, or something wrong in the OpenVPN 3 core.

In any case, we need information to reproduce this. Then we can find the cause and address it.

Kind regards,
Johan

Posted: **Mon Aug 23, 2021 3:18 pm**

FWIW - I'm having this same issue using the Mac OS client.

The main workaround I've found on PC is to use the community project instead of OpenVPN Connect. Still looking for a workaround for Mac clients.

Posted: **Wed Sep 15, 2021 3:15 pm**

Same problem here. The last version of OpenVPN Connect that works is Version 3.2.3(1851) Windows: https://swupdate.openvpn.net/downloads/ ... signed.msi
MacOS: https://swupdate.openvpn.net/downloads/ ... signed.dmg
My setup is Azure P2S VPN with self signed certs.

Posted: **Thu Sep 16, 2021 7:03 am**

I also have this problem.

What I did:

- I created a Network Gateway and configured a Point-To-Site VPN in Azure, following the Azure tutorials. The server and client certificates were created with PowerShell.
- The Azure Portal offers a function to download the VPN client from the Point-to-site VPN config page. This will esseantially give you an openvpn config file
- The client certificate information in this config file has to be filled in, then it can be sucessfully imported into OPenVPN Connect.
- When I try to connect, I get the error as reported by the OP. However, version 3.2.3(1851) works with the very same configuration, as already stated by Koelkast.

I could provide logfiles but would need instructions, I am not very familiar with OpenVPN yet.

Best Regards,

Manfred

Posted: **Wed Dec 08, 2021 6:18 am**

toggenation wrote: ↑
Mon Dec 06, 2021 10:56 pm
In my case I noticed the second part of the error message which lead to this forum topic but actually the first part of the error message was more relevant.

My remote OpenVPN server (Synology) was not up (I was trying to connect to the wrong IP). In this case the "There was an error attempting to connect to the selected server" is what I needed to fix.

Connection Failed
There was an error attempting to connect to the selected server.
Error message: Peer certificate verification failure

This previous post of mine was complete hokum.

I ended up confirming that the remote Synology NAS was up and everything was running and found, like others, that If I installed the OpenVPN Community Download from http://openvpn.net/index.php/open-source/downloads.html and used it instead of OpenVPN Connect 3.3.2 (2475) then it would connect successfully.

Here is the error log text of the connection failing with OpenVPN Connect:

Code: Select all

⏎[Dec 8, 2021, 16:36:47] Connecting to [rudolph.homeip.net]:1194 (1.1.2.2) via UDPv4
⏎[Dec 8, 2021, 16:36:47] EVENT: CONNECTING ⏎[Dec 8, 2021, 16:36:47] Tunnel Options:V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
⏎[Dec 8, 2021, 16:36:47] Creds: Username/Password
⏎[Dec 8, 2021, 16:36:47] Peer Info:
IV_VER=3.git::c2153df1
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_GUI_VER=OCWindows_3.3.2-2475
IV_SSO=openurl,crtext

⏎[Dec 8, 2021, 16:36:47] Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
⏎[Dec 8, 2021, 16:36:47] EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
⏎[Dec 8, 2021, 16:36:47] EVENT: DISCONNECTED 
⏎

Posted: **Thu Dec 09, 2021 9:34 am**

Koelkast wrote: ↑
Wed Sep 15, 2021 3:15 pm
Same problem here. The last version of OpenVPN Connect that works is Version 3.2.3(1851) Windows: https://swupdate.openvpn.net/downloads/ ... signed.msi
MacOS: https://swupdate.openvpn.net/downloads/ ... signed.dmg
My setup is Azure P2S VPN with self signed certs.

Thanks for the download link to this.

I've experienced the same issue using a self signed cert for a Synology VPN. OpenVPN Connect 3.2.3 works and so does OpenVPN Community 2.5.4.

OpenVPN Connect 3.3.3 does not work and reports the Peer certificate verification failure.

Posted: **Mon Dec 13, 2021 10:00 am**

Same here,
Version 3.3.3 didn't work on Azure Gateway with the peer certificate error.
Version 3.2.3 (1851) works although I permanently get disconnected / reconnected but I dunno the cause of this.

Thanks a lot for the download link @Koelkast.

See you
Bye

Posted: **Tue Dec 14, 2021 3:16 am**

I've experienced the same issue using a self signed cert for a Synology VPN. OpenVPN Connect 3.2.3 works and so does OpenVPN Community 2.5.4.

OpenVPN Connect 3.3.3 does not work and reports the Peer certificate verification failure.

I just got OpenVPN Connect version 3.3.2 and Tunnelblick 3.8.8beta02 connecting to Synology OpenVPN Server by creating an uploading a new certificate using EasyRSA and the "./easyrsa build-server-full nopass" command.

Posted: **Tue Dec 14, 2021 2:45 pm**

Well, After some tries, I ended up uninstalling OpenVPN Connect and using OpenVPN GUI (Community client).
OpenVPN Connect didn't work with Azure Gateway VPN. Even version 3.2.3 which could connect but without any working communication.

Thank you guy anyway.
bye

Posted: **Thu Dec 30, 2021 1:25 pm**

+1.
Same error here for MacOS OpenVPN Connect Client 3.3.1 and current 3.3.3. Tunnelblick 3.8.7a connects fine.
I connect to a Synology NAS with OpenVPN Server running.

OpenVPN Support Forum

Error message: Peer certificate verification failure

Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure

Re: Error message: Peer certificate verification failure