OpenVPN Support Forum

Dear geniuses ,

i have some trouble with my openvpn config on my synology nas.

my setup in open is prettymuch standard settings, i forwarded my port that was given default (1194) to the internal host of my nas.

i worked prefectly for a friend of mine untill the start of june. Nothing has changed on my synology or my router, so im quite interessted what caused the issues that im not able to connect anymore.


Wed Jul 14 14:52:43 2021 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Wed Jul 14 14:52:43 2021 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Wed Jul 14 14:52:43 2021 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
Wed Jul 14 14:52:43 2021 Windows version 10.0 (Windows 10 or greater) 64bit
Wed Jul 14 14:52:43 2021 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
Wed Jul 14 14:52:47 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:52:47 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:47 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:52:47 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:47 2021 VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com, serial=311558570975139643781707280386422579217324
Wed Jul 14 14:52:47 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jul 14 14:52:47 2021 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 14 14:52:47 2021 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 14 14:52:47 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:52:47 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 14 14:52:52 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:52:52 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:52 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:52:52 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:52 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:52:52 2021 VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com, serial=311558570975139643781707280386422579217324
Wed Jul 14 14:52:52 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jul 14 14:52:52 2021 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 14 14:52:52 2021 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 14 14:52:52 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:52:52 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 14 14:52:57 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:52:57 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:57 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:52:57 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:52:57 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:52:59 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:00 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:00 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:03 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:03 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:04 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:09 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:10 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:11 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:20 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:21 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:25 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:26 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_CONTROL_V1)
Wed Jul 14 14:53:27 2021 TLS Error: Unroutable control packet received from [AF_INET]MY IP ADRESS:1194 (si=3 op=P_ACK_V1)
Wed Jul 14 14:53:57 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 14 14:53:57 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:53:57 2021 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 14 14:54:02 2021 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 14 14:54:02 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:54:02 2021 UDP link local (bound): [AF_INET][undef]:1194
Wed Jul 14 14:54:02 2021 UDP link remote: [AF_INET]MY IP ADRESS:1194
Wed Jul 14 14:54:02 2021 VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com, serial=311558570975139643781707280386422579217324
Wed Jul 14 14:54:02 2021 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jul 14 14:54:02 2021 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jul 14 14:54:02 2021 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 14 14:54:02 2021 TLS Error: TLS handshake failed
Wed Jul 14 14:54:02 2021 SIGUSR1[soft,tls-error] received, process restarting



this is my server log i changed my ip adress with {MY IP ADRESS}.

i follow couple of "tutorials" with let me to believe this was all you need to config and you could ignore the "missing external certificate"

do you have any idea what is wrong?

Thank you in advanced.

Koen

misterktm wrote: ↑

Wed Jul 14, 2021 12:58 pm

VERIFY ERROR: depth=0, error=certificate has expired: CN=ktm.familyds.com,

So you need to go ask your NAS support people how to make a new one ..

but there is no certificated needs to run vpn right? since it worked before?

ktm is just my nas name

It worked before because your certificate had not expired ..

well that is dumb...

i did fix that and created a new no-ip ddns and config it at my synology and my router but my config keeps forwarding to my old ddns.

i did re-export my config from openvpn but i keeps redirecting to ktm.familydns.nl, my new ddns is ktm123.ddns.net and in synology it has a green status "normal". in my router it says "Synchronized" so im not sure why openvpn is still looking for "ktm.familyfns.nl?

greets

One has nothing to do with the other ..

wait what do you mean?, i cant access ktm.familydns.nl but is still looking for it in my openvpn config but i cant seems te change it anywhere?

misterktm wrote: ↑

Thu Jul 15, 2021 6:51 pm

what do you mean?,

Your certificate has expired not your DDNS ..

Please read the howto.

i fixt the issue topic can be closed thnx for the responces issue was me ddns in my synology infact!

Your certificate has still expired but if it works then don't fix it