OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tombolder
OpenVpn Newbie
Posts: 3
Joined: Mon May 09, 2022 5:56 am

OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by tombolder » Mon May 09, 2022 6:08 am

Hi,

I upgraded my OpenVPN server from Ubuntu 21.x to Ubuntu 22.04 and after that an old client cannot connect any longer.

The server gives the following error:

Code: Select all

2022-05-09 07:52:12 192.168.66.150:34568 TLS: Initial packet from [AF_INET]192.168.66.150:34568, sid=b29c3bf5 ee537ca8
2022-05-09 07:52:12 192.168.66.150:34568 OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm
2022-05-09 07:52:12 192.168.66.150:34568 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-09 07:52:12 192.168.66.150:34568 TLS Error: TLS object -> incoming plaintext read error
2022-05-09 07:52:12 192.168.66.150:34568 TLS Error: TLS handshake failed
2022-05-09 07:52:12 192.168.66.150:34568 SIGUSR1[soft,tls-error] received, client-instance restarting
Any idea what might be happening? And can I fix it?

I'm suspecting a deprecation of some sort in OpenSSL, but I'm not sure. Unfortunately, the client is an embedded system which does not receive that many updates.

server: OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
client: OpenSSL 1.0.1s-fips 1 Mar 2016


server verb 3:

Code: Select all

2022-05-09 07:52:03 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-05-09 07:52:03 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-09 07:52:03 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-05-09 07:52:03 net_route_v4_best_gw query: dst 0.0.0.0
2022-05-09 07:52:03 net_route_v4_best_gw result: via 192.168.66.1 dev enp4s0
2022-05-09 07:52:03 Diffie-Hellman initialized with 2048 bit key
2022-05-09 07:52:03 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:52:03 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:52:03 net_route_v4_best_gw query: dst 0.0.0.0
2022-05-09 07:52:03 net_route_v4_best_gw result: via 192.168.66.1 dev enp4s0
2022-05-09 07:52:03 ROUTE_GATEWAY 192.168.66.1/255.255.255.0 IFACE=enp4s0 HWADDR=4c:ed:fb:93:9f:0f
2022-05-09 07:52:03 TUN/TAP device tun0 opened
2022-05-09 07:52:03 net_iface_mtu_set: mtu 1500 for tun0
2022-05-09 07:52:03 net_iface_up: set tun0 up
2022-05-09 07:52:03 net_addr_v4_add: 10.8.0.1/24 dev tun0
2022-05-09 07:52:03 net_route_v4_add: 192.168.1.0/24 via 10.8.0.2 dev [NULL] table 0 metric -1
2022-05-09 07:52:03 Could not determine IPv4/IPv6 protocol. Using AF_INET
2022-05-09 07:52:03 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-05-09 07:52:03 UDPv4 link local (bound): [AF_INET][undef]:11194
2022-05-09 07:52:03 UDPv4 link remote: [AF_UNSPEC]
2022-05-09 07:52:03 GID set to nogroup
2022-05-09 07:52:03 UID set to nobody
2022-05-09 07:52:03 MULTI: multi_init called, r=256 v=256
2022-05-09 07:52:03 IFCONFIG POOL IPv4: base=10.8.0.2 size=253
2022-05-09 07:52:03 Initialization Sequence Completed

2022-05-09 07:52:12 192.168.66.150:34568 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:52:12 192.168.66.150:34568 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:52:12 192.168.66.150:34568 TLS: Initial packet from [AF_INET]192.168.66.150:34568, sid=b29c3bf5 ee537ca8
2022-05-09 07:52:12 192.168.66.150:34568 OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm
2022-05-09 07:52:12 192.168.66.150:34568 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-09 07:52:12 192.168.66.150:34568 TLS Error: TLS object -> incoming plaintext read error
2022-05-09 07:52:12 192.168.66.150:34568 TLS Error: TLS handshake failed
2022-05-09 07:52:12 192.168.66.150:34568 SIGUSR1[soft,tls-error] received, client-instance restarting
client verb 3:

Code: Select all

Mon May  9 07:52:12 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2016
Mon May  9 07:52:12 2022 library versions: OpenSSL 1.0.1s-fips  1 Mar 2016, LZO 2.08
Mon May  9 07:52:12 2022 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May  9 07:52:12 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:52:12 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:52:12 2022 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May  9 07:52:12 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon May  9 07:52:12 2022 UDPv4 link local: [undef]
Mon May  9 07:52:12 2022 UDPv4 link remote: [AF_INET]192.168.66.107:11194
Mon May  9 07:52:12 2022 TLS: Initial packet from [AF_INET]192.168.66.107:11194, sid=81c9aba2 73e80a7a
client conf:
client.conf

client
dev tun
proto udp
remote server 11194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
cd /usr/local/etc/openvpn
ca ca.crt
cert synk.crt
key synk.key
tls-auth ta.key 1
remote-cert-tls server
cipher AES-256-CBC
verb 3
mute 20


server conf:
server.conf

port 11194
proto udp
dev tun
ca server/keys/ca.crt
cert server/keys/box.crt
key server/keys/box.key
dh server/keys/dh.pem

topology subnet

server 10.8.0.0 255.255.255.0

route 192.168.1.0 255.255.255.0


client-config-dir client-config




keepalive 40 120

tls-auth server/keys/ta.key 0

cipher AES-256-CBC


max-clients 20

user nobody
group nogroup

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

verb 3
mute 20

explicit-exit-notify 1



server verb 9:

Code: Select all

2022-05-09 07:39:29 us=310375 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-05-09 07:39:29 us=310578 Current Parameter Settings:
2022-05-09 07:39:29 us=310586   config = '/etc/openvpn/server.conf'
2022-05-09 07:39:29 us=310606   mode = 1
2022-05-09 07:39:29 us=310610   persist_config = DISABLED
2022-05-09 07:39:29 us=310630   persist_mode = 1
2022-05-09 07:39:29 us=310634   show_ciphers = DISABLED
2022-05-09 07:39:29 us=310639   show_digests = DISABLED
2022-05-09 07:39:29 us=310643   show_engines = DISABLED
2022-05-09 07:39:29 us=310667   genkey = DISABLED
2022-05-09 07:39:29 us=310671   genkey_filename = '[UNDEF]'
2022-05-09 07:39:29 us=310675   key_pass_file = '[UNDEF]'
2022-05-09 07:39:29 us=310679   show_tls_ciphers = DISABLED
2022-05-09 07:39:29 us=310683   connect_retry_max = 0
2022-05-09 07:39:29 us=310689 Connection profiles [0]:
2022-05-09 07:39:29 us=310693   proto = udp
2022-05-09 07:39:29 us=310697   local = '[UNDEF]'
2022-05-09 07:39:29 us=310702   local_port = '11194'
2022-05-09 07:39:29 us=310706   remote = '[UNDEF]'
2022-05-09 07:39:29 us=310710   remote_port = '11194'
2022-05-09 07:39:29 us=310714   remote_float = DISABLED
2022-05-09 07:39:29 us=310735 NOTE: --mute triggered...
2022-05-09 07:39:29 us=310758 273 variation(s) on previous 20 message(s) suppressed by --mute
2022-05-09 07:39:29 us=310763 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-09 07:39:29 us=310792 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-05-09 07:39:29 us=310902 net_route_v4_best_gw query: dst 0.0.0.0
2022-05-09 07:39:29 us=311004 net_route_v4_best_gw result: via 192.168.66.1 dev enp4s0
2022-05-09 07:39:29 us=312811 Diffie-Hellman initialized with 2048 bit key
2022-05-09 07:39:29 us=314852 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:39:29 us=314892 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:39:29 us=314919 TLS-Auth MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2022-05-09 07:39:29 us=315085 net_route_v4_best_gw query: dst 0.0.0.0
2022-05-09 07:39:29 us=315148 net_route_v4_best_gw result: via 192.168.66.1 dev enp4s0
2022-05-09 07:39:29 us=315217 ROUTE_GATEWAY 192.168.66.1/255.255.255.0 IFACE=enp4s0 HWADDR=4c:ed:fb:93:9f:0f
2022-05-09 07:39:29 us=315948 TUN/TAP device tun0 opened
2022-05-09 07:39:29 us=315980 do_ifconfig, ipv4=1, ipv6=0
2022-05-09 07:39:29 us=315996 net_iface_mtu_set: mtu 1500 for tun0
2022-05-09 07:39:29 us=316026 net_iface_up: set tun0 up
2022-05-09 07:39:29 us=317580 net_addr_v4_add: 10.8.0.1/24 dev tun0
2022-05-09 07:39:29 us=318790 net_route_v4_add: 192.168.1.0/24 via 10.8.0.2 dev [NULL] table 0 metric -1
2022-05-09 07:39:29 us=319261 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2022-05-09 07:39:29 us=321237 Could not determine IPv4/IPv6 protocol. Using AF_INET
2022-05-09 07:39:29 us=321323 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-05-09 07:39:29 us=321370 UDPv4 link local (bound): [AF_INET][undef]:11194
2022-05-09 07:39:29 us=321407 UDPv4 link remote: [AF_UNSPEC]
2022-05-09 07:39:29 us=321446 GID set to nogroup
2022-05-09 07:39:29 us=321488 UID set to nobody
2022-05-09 07:39:29 us=321530 MULTI: multi_init called, r=256 v=256
2022-05-09 07:39:29 us=321587 IFCONFIG POOL IPv4: base=10.8.0.2 size=253
2022-05-09 07:39:29 us=321648 Initialization Sequence Completed


2022-05-09 07:46:22 us=301488 MULTI: multi_create_instance called
2022-05-09 07:46:22 us=301586 192.168.66.150:39919 Re-using SSL/TLS context
2022-05-09 07:46:22 us=301758 192.168.66.150:39919 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:46:22 us=301794 192.168.66.150:39919 Outgoing Control Channel Authentication: HMAC KEY: 2dc2bee2 ded0b47b ea74440c ebd0de2d c2e053db
2022-05-09 07:46:22 us=301813 192.168.66.150:39919 Outgoing Control Channel Authentication: HMAC size=20 block_size=20
2022-05-09 07:46:22 us=301844 192.168.66.150:39919 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2022-05-09 07:46:22 us=301873 192.168.66.150:39919 Incoming Control Channel Authentication: HMAC KEY: 1431723e 92f11b7f c2254fbb 63571dd4 b0688052
2022-05-09 07:46:22 us=301893 192.168.66.150:39919 Incoming Control Channel Authentication: HMAC size=20 block_size=20
2022-05-09 07:46:22 us=301923 192.168.66.150:39919 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 28 bytes
2022-05-09 07:46:22 us=301946 192.168.66.150:39919 TLS: tls_session_init: entry
2022-05-09 07:46:22 us=301970 192.168.66.150:39919 PID packet_id_init seq_backtrack=64 time_backtrack=15
2022-05-09 07:46:22 us=302038 192.168.66.150:39919 PID packet_id_init seq_backtrack=64 time_backtrack=15
2022-05-09 07:46:22 us=302068 192.168.66.150:39919 TLS: tls_session_init: new session object, sid=c08a92a0 6d4d921f
2022-05-09 07:46:22 us=302089 192.168.66.150:39919 TLS: tls_session_init: entry
2022-05-09 07:46:22 us=302117 192.168.66.150:39919 PID packet_id_init seq_backtrack=64 time_backtrack=15
2022-05-09 07:46:22 us=302161 192.168.66.150:39919 PID packet_id_init seq_backtrack=64 time_backtrack=15
2022-05-09 07:46:22 us=302191 192.168.66.150:39919 TLS: tls_session_init: new session object, sid=3ced9032 adf898ee
2022-05-09 07:46:22 us=302214 192.168.66.150:39919 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ]
2022-05-09 07:46:22 us=302234 192.168.66.150:39919 MTU DYNAMIC mtu=1450, flags=2, 1621 -> 1450
2022-05-09 07:46:22 us=302259 192.168.66.150:39919 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2022-05-09 07:46:22 us=302294 192.168.66.150:39919 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
2022-05-09 07:46:22 us=302313 192.168.66.150:39919 calc_options_string_link_mtu: link-mtu 1621 -> 1557
2022-05-09 07:46:22 us=302358 192.168.66.150:39919 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes
2022-05-09 07:46:22 us=302378 192.168.66.150:39919 calc_options_string_link_mtu: link-mtu 1621 -> 1557
2022-05-09 07:46:22 us=302408 192.168.66.150:39919 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
2022-05-09 07:46:22 us=302430 192.168.66.150:39919 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
2022-05-09 07:46:22 us=302455 192.168.66.150:39919 SENT PING
2022-05-09 07:46:22 us=302475 192.168.66.150:39919 TIMER: coarse timer wakeup 1 seconds
2022-05-09 07:46:22 us=302507 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=c08a92a0 6d4d921f, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=302536 192.168.66.150:39919 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3ced9032 adf898ee, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=302564 192.168.66.150:39919 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=302591 192.168.66.150:39919 RANDOM USEC=143889
2022-05-09 07:46:22 us=302620 192.168.66.150:39919 SCHEDULE: schedule_add_modify wakeup=[2022-05-09 07:46:23 us=446497] pri=0
2022-05-09 07:46:22 us=302645 192.168.66.150:39919 GET INST BY REAL: 192.168.66.150:39919 [ok]
2022-05-09 07:46:22 us=302702 192.168.66.150:39919 UDPv4 READ [42] from [AF_INET]192.168.66.150:39919: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=25efbce1 ee7950ef tls_hmac=43936964 5dcb0684 30da0304 1882c6a6 fb54e1e2 pid=[ #1 / time = (1652075182) 2022-05-09 07:46:22 ] [ ] pid=0 DATA 
2022-05-09 07:46:22 us=302726 192.168.66.150:39919 TLS: control channel, op=P_CONTROL_HARD_RESET_CLIENT_V2, IP=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=302762 192.168.66.150:39919 TLS: initial packet test, i=0 state=S_INITIAL, mysid=c08a92a0 6d4d921f, rec-sid=25efbce1 ee7950ef, rec-ip=[AF_INET]192.168.66.150:39919, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=302798 192.168.66.150:39919 TLS: initial packet test, i=1 state=S_INITIAL, mysid=3ced9032 adf898ee, rec-sid=25efbce1 ee7950ef, rec-ip=[AF_INET]192.168.66.150:39919, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=302849 192.168.66.150:39919 TLS: initial packet test, i=2 state=S_UNDEF, mysid=00000000 00000000, rec-sid=25efbce1 ee7950ef, rec-ip=[AF_INET]192.168.66.150:39919, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=302879 192.168.66.150:39919 TLS: Initial packet from [AF_INET]192.168.66.150:39919, sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=302920 192.168.66.150:39919 DECRYPT FROM: 43936964 5dcb0684 30da0304 1882c6a6 fb54e1e2 00000001 6278aaae 3825efb[more...]
2022-05-09 07:46:22 us=302955 192.168.66.150:39919 PID_TEST [0] [TLS_WRAP-0] [] 0:0 1652075182:1 t=1652075182[0] r=[0,64,15,0,1] sl=[0,0,64,528]
2022-05-09 07:46:22 us=302980 192.168.66.150:39919 TLS: received control channel packet s#=0 sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=302999 192.168.66.150:39919 ACK reliable_schedule_now
2022-05-09 07:46:22 us=303018 192.168.66.150:39919 ACK read ID 0 (buf->len=0)
2022-05-09 07:46:22 us=303037 192.168.66.150:39919 ACK RWBS rel->size=8 rel->packet_id=00000000 id=00000000 ret=1
2022-05-09 07:46:22 us=303056 192.168.66.150:39919 ACK mark active incoming ID 0
2022-05-09 07:46:22 us=303074 192.168.66.150:39919 ACK acknowledge ID 0 (ack->len=1)
2022-05-09 07:46:22 us=303110 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=c08a92a0 6d4d921f, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=303133 192.168.66.150:39919 TLS: tls_process: chg=0 ks=S_INITIAL lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=303152 192.168.66.150:39919 ACK mark active outgoing ID 0
2022-05-09 07:46:22 us=303172 192.168.66.150:39919 TLS: Initial Handshake, sid=c08a92a0 6d4d921f
2022-05-09 07:46:22 us=303192 192.168.66.150:39919 ACK reliable_can_send active=1 current=1 : [1] 0
2022-05-09 07:46:22 us=303211 192.168.66.150:39919 ACK reliable_send ID 0 (size=4 to=2)
2022-05-09 07:46:22 us=303229 192.168.66.150:39919 ACK write ID 0 (ack->len=1, n=1)
2022-05-09 07:46:22 us=303249 192.168.66.150:39919 write_control_auth(): P_CONTROL_HARD_RESET_SERVER_V2
2022-05-09 07:46:22 us=303278 192.168.66.150:39919 ENCRYPT HMAC: 03eed817 b1878cfe d8c2bc2e 2fcd17c9 4084523e
2022-05-09 07:46:22 us=303321 192.168.66.150:39919 ENCRYPT TO: 03eed817 b1878cfe d8c2bc2e 2fcd17c9 4084523e 00000001 6278aaae 40c08a9[more...]
2022-05-09 07:46:22 us=303340 192.168.66.150:39919 Reliable -> TCP/UDP
2022-05-09 07:46:22 us=303360 192.168.66.150:39919 ACK reliable_send_timeout 2 [1] 0
2022-05-09 07:46:22 us=303375 192.168.66.150:39919 NOTE: --mute triggered...
2022-05-09 07:46:22 us=303408 192.168.66.150:39919 10 variation(s) on previous 20 message(s) suppressed by --mute
2022-05-09 07:46:22 us=303461 192.168.66.150:39919 UDPv4 WRITE [54] to [AF_INET]192.168.66.150:39919: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=c08a92a0 6d4d921f tls_hmac=03eed817 b1878cfe d8c2bc2e 2fcd17c9 4084523e pid=[ #1 / time = (1652075182) 2022-05-09 07:46:22 ] [ 0 sid=25efbce1 ee7950ef ] pid=0 DATA 
2022-05-09 07:46:22 us=303547 192.168.66.150:39919 UDPv4 write returned 54
2022-05-09 07:46:22 us=303557 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c08a92a0 6d4d921f, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=303563 192.168.66.150:39919 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=303568 192.168.66.150:39919 ACK reliable_can_send active=1 current=0 : [1] 0
2022-05-09 07:46:22 us=303572 192.168.66.150:39919 Incoming Ciphertext -> TLS
2022-05-09 07:46:22 us=303594 192.168.66.150:39919 SSL state (accept): before SSL initialization
2022-05-09 07:46:22 us=303603 192.168.66.150:39919 TLS: tls_process: chg=1 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=303609 192.168.66.150:39919 ACK reliable_can_send active=1 current=0 : [1] 0
2022-05-09 07:46:22 us=303615 192.168.66.150:39919 ACK reliable_send_timeout 2 [1] 0
2022-05-09 07:46:22 us=303620 192.168.66.150:39919 TLS: tls_process: timeout set to 2
2022-05-09 07:46:22 us=303627 192.168.66.150:39919 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3ced9032 adf898ee, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=303634 192.168.66.150:39919 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=303640 PO_CTL rwflags=0x0001 ev=5 arg=0x55975a3502e4
2022-05-09 07:46:22 us=303645 PO_CTL rwflags=0x0001 ev=4 arg=0x55975a34c07c
2022-05-09 07:46:22 us=303652 I/O WAIT TR|Tw|SR|Sw [1/142858]
2022-05-09 07:46:22 us=304076 PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x55975a3502e4 
2022-05-09 07:46:22 us=304092  event_wait returned 1
2022-05-09 07:46:22 us=304098 I/O WAIT status=0x0001
2022-05-09 07:46:22 us=304106 UDPv4 read returned 50
2022-05-09 07:46:22 us=304112 GET INST BY REAL: 192.168.66.150:39919 [ok]
2022-05-09 07:46:22 us=304129 192.168.66.150:39919 UDPv4 READ [50] from [AF_INET]192.168.66.150:39919: P_ACK_V1 kid=0 sid=25efbce1 ee7950ef tls_hmac=c31f8f66 ec457d2d f4d40745 42e21498 76a4ef4a pid=[ #2 / time = (1652075182) 2022-05-09 07:46:22 ] [ 0 sid=c08a92a0 6d4d921f ]
2022-05-09 07:46:22 us=304150 192.168.66.150:39919 TLS: control channel, op=P_ACK_V1, IP=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304159 192.168.66.150:39919 TLS: initial packet test, i=0 state=S_PRE_START, mysid=c08a92a0 6d4d921f, rec-sid=25efbce1 ee7950ef, rec-ip=[AF_INET]192.168.66.150:39919, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304166 192.168.66.150:39919 TLS: found match, session[0], sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=304177 192.168.66.150:39919 DECRYPT FROM: c31f8f66 ec457d2d f4d40745 42e21498 76a4ef4a 00000002 6278aaae 2825efb[more...]
2022-05-09 07:46:22 us=304186 192.168.66.150:39919 PID_TEST [0] [TLS_WRAP-0] [0] 1652075182:1 1652075182:2 t=1652075182[0] r=[0,64,15,0,1] sl=[63,1,64,528]
2022-05-09 07:46:22 us=304193 192.168.66.150:39919 TLS: received control channel packet s#=0 sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=304198 192.168.66.150:39919 ACK received for pid 0, deleting from send buffer
2022-05-09 07:46:22 us=304222 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=c08a92a0 6d4d921f, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304228 192.168.66.150:39919 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=304233 192.168.66.150:39919 STATE S_START
2022-05-09 07:46:22 us=304238 192.168.66.150:39919 ACK reliable_can_send active=0 current=0 : [1]
2022-05-09 07:46:22 us=304264 192.168.66.150:39919 TLS: tls_process: chg=1 ks=S_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=304270 192.168.66.150:39919 ACK reliable_can_send active=0 current=0 : [1]
2022-05-09 07:46:22 us=304291 192.168.66.150:39919 ACK reliable_send_timeout 604800 [1]
2022-05-09 07:46:22 us=304296 192.168.66.150:39919 TLS: tls_process: timeout set to 60
2022-05-09 07:46:22 us=304304 192.168.66.150:39919 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3ced9032 adf898ee, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=304311 192.168.66.150:39919 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=304317 PO_CTL rwflags=0x0001 ev=5 arg=0x55975a3502e4
2022-05-09 07:46:22 us=304322 PO_CTL rwflags=0x0001 ev=4 arg=0x55975a34c07c
2022-05-09 07:46:22 us=304328 I/O WAIT TR|Tw|SR|Sw [1/142181]
2022-05-09 07:46:22 us=304334 NOTE: --mute triggered...
2022-05-09 07:46:22 us=304341 192.168.66.150:39919 5 variation(s) on previous 20 message(s) suppressed by --mute
2022-05-09 07:46:22 us=304366 192.168.66.150:39919 UDPv4 READ [142] from [AF_INET]192.168.66.150:39919: P_CONTROL_V1 kid=0 sid=25efbce1 ee7950ef tls_hmac=13ec61c8 6a17814d 3c095c57 271c7997 4b706468 pid=[ #3 / time = (1652075182) 2022-05-09 07:46:22 ] [ ] pid=1 DATA 16030100 be010000 ba0301c2 b71d65e1 af248440 fbf830c7 2c33c4d8 2903d0a[more...]
2022-05-09 07:46:22 us=304373 192.168.66.150:39919 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304382 192.168.66.150:39919 TLS: initial packet test, i=0 state=S_START, mysid=c08a92a0 6d4d921f, rec-sid=25efbce1 ee7950ef, rec-ip=[AF_INET]192.168.66.150:39919, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304388 192.168.66.150:39919 TLS: found match, session[0], sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=304409 192.168.66.150:39919 DECRYPT FROM: 13ec61c8 6a17814d 3c095c57 271c7997 4b706468 00000003 6278aaae 2025efb[more...]
2022-05-09 07:46:22 us=304417 192.168.66.150:39919 PID_TEST [0] [TLS_WRAP-0] [00] 1652075182:2 1652075182:3 t=1652075182[0] r=[0,64,15,0,1] sl=[62,2,64,528]
2022-05-09 07:46:22 us=304423 192.168.66.150:39919 TLS: received control channel packet s#=0 sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=304428 192.168.66.150:39919 ACK read ID 1 (buf->len=100)
2022-05-09 07:46:22 us=304434 192.168.66.150:39919 ACK RWBS rel->size=8 rel->packet_id=00000001 id=00000001 ret=1
2022-05-09 07:46:22 us=304438 192.168.66.150:39919 ACK mark active incoming ID 1
2022-05-09 07:46:22 us=304443 192.168.66.150:39919 ACK acknowledge ID 1 (ack->len=1)
2022-05-09 07:46:22 us=304451 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_START, mysid=c08a92a0 6d4d921f, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304457 192.168.66.150:39919 TLS: tls_process: chg=0 ks=S_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=304462 192.168.66.150:39919 ACK reliable_can_send active=0 current=0 : [1]
2022-05-09 07:46:22 us=304467 192.168.66.150:39919 BIO write tls_write_ciphertext 100 bytes
2022-05-09 07:46:22 us=304472 192.168.66.150:39919 Incoming Ciphertext -> TLS
2022-05-09 07:46:22 us=304478 192.168.66.150:39919 TLS: tls_process: chg=1 ks=S_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=304484 192.168.66.150:39919 ACK reliable_can_send active=0 current=0 : [1]
2022-05-09 07:46:22 us=304490 192.168.66.150:39919 ACK write ID 1 (ack->len=1, n=1)
2022-05-09 07:46:22 us=304495 192.168.66.150:39919 write_control_auth(): P_ACK_V1
2022-05-09 07:46:22 us=304503 192.168.66.150:39919 ENCRYPT HMAC: 7973704c 8fa50290 24449413 e45dc4b0 667ffdfb
2022-05-09 07:46:22 us=304508 192.168.66.150:39919 NOTE: --mute triggered...
2022-05-09 07:46:22 us=304515 192.168.66.150:39919 12 variation(s) on previous 20 message(s) suppressed by --mute
2022-05-09 07:46:22 us=304533 192.168.66.150:39919 UDPv4 WRITE [50] to [AF_INET]192.168.66.150:39919: P_ACK_V1 kid=0 sid=c08a92a0 6d4d921f tls_hmac=7973704c 8fa50290 24449413 e45dc4b0 667ffdfb pid=[ #2 / time = (1652075182) 2022-05-09 07:46:22 ] [ 1 sid=25efbce1 ee7950ef ]
2022-05-09 07:46:22 us=304550 192.168.66.150:39919 UDPv4 write returned 50
2022-05-09 07:46:22 us=304574 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_START, mysid=c08a92a0 6d4d921f, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304579 192.168.66.150:39919 TLS: tls_process: chg=0 ks=S_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=304584 192.168.66.150:39919 ACK reliable_can_send active=0 current=0 : [1]
2022-05-09 07:46:22 us=304590 192.168.66.150:39919 ACK reliable_send_timeout 604800 [1]
2022-05-09 07:46:22 us=304595 192.168.66.150:39919 TLS: tls_process: timeout set to 60
2022-05-09 07:46:22 us=304602 192.168.66.150:39919 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3ced9032 adf898ee, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=304609 192.168.66.150:39919 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=304614 PO_CTL rwflags=0x0001 ev=5 arg=0x55975a3502e4
2022-05-09 07:46:22 us=304619 PO_CTL rwflags=0x0001 ev=4 arg=0x55975a34c07c
2022-05-09 07:46:22 us=304624 I/O WAIT TR|Tw|SR|Sw [1/141883]
2022-05-09 07:46:22 us=304631 PO_WAIT[0,0] fd=5 rev=0x00000001 rwflags=0x0001 arg=0x55975a3502e4 
2022-05-09 07:46:22 us=304636  event_wait returned 1
2022-05-09 07:46:22 us=304640 I/O WAIT status=0x0001
2022-05-09 07:46:22 us=304646 UDPv4 read returned 137
2022-05-09 07:46:22 us=304651 GET INST BY REAL: 192.168.66.150:39919 [ok]
2022-05-09 07:46:22 us=304674 192.168.66.150:39919 UDPv4 READ [137] from [AF_INET]192.168.66.150:39919: P_CONTROL_V1 kid=0 sid=25efbce1 ee7950ef tls_hmac=477f07e9 90470f72 f4353bf6 b24f77af fd9807bf pid=[ #4 / time = (1652075182) 2022-05-09 07:46:22 ] [ ] pid=2 DATA c0020005 0004c012 c0080016 0013c00d c003000a 00ff0100 0045000b 0004030[more...]
2022-05-09 07:46:22 us=304681 192.168.66.150:39919 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304690 192.168.66.150:39919 TLS: initial packet test, i=0 state=S_START, mysid=c08a92a0 6d4d921f, rec-sid=25efbce1 ee7950ef, rec-ip=[AF_INET]192.168.66.150:39919, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304696 192.168.66.150:39919 TLS: found match, session[0], sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=304716 192.168.66.150:39919 DECRYPT FROM: 477f07e9 90470f72 f4353bf6 b24f77af fd9807bf 00000004 6278aaae 2025efb[more...]
2022-05-09 07:46:22 us=304724 192.168.66.150:39919 PID_TEST [0] [TLS_WRAP-0] [000] 1652075182:3 1652075182:4 t=1652075182[0] r=[0,64,15,0,1] sl=[61,3,64,528]
2022-05-09 07:46:22 us=304731 192.168.66.150:39919 TLS: received control channel packet s#=0 sid=25efbce1 ee7950ef
2022-05-09 07:46:22 us=304736 192.168.66.150:39919 ACK read ID 2 (buf->len=95)
2022-05-09 07:46:22 us=304740 192.168.66.150:39919 ACK RWBS rel->size=8 rel->packet_id=00000002 id=00000002 ret=1
2022-05-09 07:46:22 us=304745 192.168.66.150:39919 ACK mark active incoming ID 2
2022-05-09 07:46:22 us=304750 192.168.66.150:39919 ACK acknowledge ID 2 (ack->len=1)
2022-05-09 07:46:22 us=304757 192.168.66.150:39919 TLS: tls_multi_process: i=0 state=S_START, mysid=c08a92a0 6d4d921f, stored-sid=25efbce1 ee7950ef, stored-ip=[AF_INET]192.168.66.150:39919
2022-05-09 07:46:22 us=304763 192.168.66.150:39919 TLS: tls_process: chg=0 ks=S_START lame=S_UNDEF to_link->len=0 wakeup=604800
2022-05-09 07:46:22 us=304768 192.168.66.150:39919 ACK reliable_can_send active=0 current=0 : [1]
2022-05-09 07:46:22 us=304773 192.168.66.150:39919 BIO write tls_write_ciphertext 95 bytes
2022-05-09 07:46:22 us=304778 192.168.66.150:39919 Incoming Ciphertext -> TLS
2022-05-09 07:46:22 us=304784 192.168.66.150:39919 SSL state (accept): before SSL initialization
2022-05-09 07:46:22 us=304827 192.168.66.150:39919 SSL alert (write): fatal: internal error
2022-05-09 07:46:22 us=304838 192.168.66.150:39919 OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm
2022-05-09 07:46:22 us=304843 192.168.66.150:39919 TLS_ERROR: BIO read tls_read_plaintext error
2022-05-09 07:46:22 us=304848 192.168.66.150:39919 TLS Error: TLS object -> incoming plaintext read error
2022-05-09 07:46:22 us=304853 192.168.66.150:39919 TLS Error: TLS handshake failed
2022-05-09 07:46:22 us=304857 192.168.66.150:39919 PID packet_id_free
2022-05-09 07:46:22 us=304873 192.168.66.150:39919 PID packet_id_free
2022-05-09 07:46:22 us=304879 192.168.66.150:39919 PID packet_id_free
2022-05-09 07:46:22 us=304884 192.168.66.150:39919 TLS: tls_session_init: entry
2022-05-09 07:46:22 us=304893 192.168.66.150:39919 PID packet_id_init seq_backtrack=64 time_backtrack=15
2022-05-09 07:46:22 us=304905 192.168.66.150:39919 PID packet_id_init seq_backtrack=64 time_backtrack=15
2022-05-09 07:46:22 us=304912 192.168.66.150:39919 TLS: tls_session_init: new session object, sid=7bc99ff5 7ae39725
2022-05-09 07:46:22 us=304919 192.168.66.150:39919 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=3ced9032 adf898ee, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=304926 192.168.66.150:39919 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[AF_UNSPEC]
2022-05-09 07:46:22 us=304932 192.168.66.150:39919 SIGUSR1[soft,tls-error] received, client-instance restarting
2022-05-09 07:46:22 us=304937 MULTI: multi_close_instance called
2022-05-09 07:46:22 us=304942 PID packet_id_free
2022-05-09 07:46:22 us=304951 PID packet_id_free
2022-05-09 07:46:22 us=304956 PID packet_id_free
2022-05-09 07:46:22 us=304960 PID packet_id_free
2022-05-09 07:46:22 us=304968 PID packet_id_free
2022-05-09 07:46:22 us=304973 PID packet_id_free
2022-05-09 07:46:22 us=304978 PID packet_id_free
2022-05-09 07:46:22 us=304982 PID packet_id_free
2022-05-09 07:46:22 us=304989 PID packet_id_free
2022-05-09 07:46:22 us=304996 SCHEDULE: schedule_find_least NULL
2022-05-09 07:46:22 us=305001 PO_CTL rwflags=0x0001 ev=5 arg=0x55975a3502e4
2022-05-09 07:46:22 us=305006 PO_CTL rwflags=0x0001 ev=4 arg=0x55975a34c07c
2022-05-09 07:46:22 us=305012 I/O WAIT TR|Tw|SR|Sw [10/0]
2022-05-09 07:46:22 us=345265 PO_WAIT[1,0] fd=4 rev=0x00000001 rwflags=0x0001 arg=0x55975a34c07c 
2022-05-09 07:46:22 us=345309  event_wait returned 1
2022-05-09 07:46:22 us=345320 I/O WAIT status=0x0004
2022-05-09 07:46:22 us=345334  read from TUN/TAP returned 60
2022-05-09 07:46:22 us=345347 GET INST BY VIRT: 35.224.170.84 [failed]
2022-05-09 07:46:22 us=345360 SCHEDULE: schedule_find_least NULL
2022-05-09 07:46:22 us=345372 NOTE: --mute triggered...
client verb 9:

Code: Select all

Mon May  9 07:43:51 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2016
Mon May  9 07:43:51 2022 library versions: OpenSSL 1.0.1s-fips  1 Mar 2016, LZO 2.08
Mon May  9 07:43:51 2022 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May  9 07:43:51 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:43:51 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:43:51 2022 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May  9 07:43:51 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon May  9 07:43:51 2022 UDPv4 link local: [undef]
Mon May  9 07:43:51 2022 UDPv4 link remote: [AF_INET]192.168.66.107:11194
Mon May  9 07:43:51 2022 TLS: Initial packet from [AF_INET]192.168.66.107:11194, sid=89a5d4fa a84e044d
^CMon May  9 07:43:59 2022 event_wait : Interrupted system call (code=4)
Mon May  9 07:43:59 2022 SIGINT[hard,] received, process exiting
synk> openvpn --verb 8 --config /usr/local/etc/openvpn/synk.conf 
Mon May  9 07:44:18 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2016
Mon May  9 07:44:18 2022 library versions: OpenSSL 1.0.1s-fips  1 Mar 2016, LZO 2.08
Mon May  9 07:44:18 2022 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May  9 07:44:18 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:44:18 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:44:18 2022 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May  9 07:44:18 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon May  9 07:44:18 2022 UDPv4 link local: [undef]
Mon May  9 07:44:18 2022 UDPv4 link remote: [AF_INET]192.168.66.107:11194
Mon May  9 07:44:18 2022 TLS: Initial packet from [AF_INET]192.168.66.107:11194, sid=af7bc33f d359bda5
^CMon May  9 07:44:55 2022 event_wait : Interrupted system call (code=4)
Mon May  9 07:44:55 2022 SIGINT[hard,] received, process exiting
synk> openvpn --verb 9 --config /usr/local/etc/openvpn/synk.conf 
Mon May  9 07:45:13 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2016
Mon May  9 07:45:13 2022 library versions: OpenSSL 1.0.1s-fips  1 Mar 2016, LZO 2.08
Mon May  9 07:45:13 2022 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May  9 07:45:13 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:45:13 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:45:13 2022 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May  9 07:45:13 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon May  9 07:45:13 2022 UDPv4 link local: [undef]
Mon May  9 07:45:13 2022 UDPv4 link remote: [AF_INET]192.168.66.107:11194
^CMon May  9 07:45:16 2022 event_wait : Interrupted system call (code=4)
Mon May  9 07:45:16 2022 SIGINT[hard,] received, process exiting
synk> openvpn --verb 9 --config /usr/local/etc/openvpn/synk.conf 
Mon May  9 07:45:22 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2016
Mon May  9 07:45:22 2022 library versions: OpenSSL 1.0.1s-fips  1 Mar 2016, LZO 2.08
Mon May  9 07:45:22 2022 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May  9 07:45:22 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:45:22 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:45:22 2022 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May  9 07:45:22 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon May  9 07:45:22 2022 UDPv4 link local: [undef]
Mon May  9 07:45:22 2022 UDPv4 link remote: [AF_INET]192.168.66.107:11194
Mon May  9 07:45:22 2022 TLS: Initial packet from [AF_INET]192.168.66.107:11194, sid=73b8e95f 0bbf0b7f
^CMon May  9 07:45:28 2022 event_wait : Interrupted system call (code=4)
Mon May  9 07:45:28 2022 SIGINT[hard,] received, process exiting
synk> openvpn --verb 9 --config /usr/local/etc/openvpn/synk.conf 
Mon May  9 07:46:22 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar  4 2016
Mon May  9 07:46:22 2022 library versions: OpenSSL 1.0.1s-fips  1 Mar 2016, LZO 2.08
Mon May  9 07:46:22 2022 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon May  9 07:46:22 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:46:22 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:46:22 2022 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May  9 07:46:22 2022 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Mon May  9 07:46:22 2022 UDPv4 link local: [undef]
Mon May  9 07:46:22 2022 UDPv4 link remote: [AF_INET]192.168.66.107:11194
Mon May  9 07:46:22 2022 TLS: Initial packet from [AF_INET]192.168.66.107:11194, sid=c08a92a0 6d4d921f
^CMon May  9 07:46:23 2022 event_wait : Interrupted system call (code=4)
Mon May  9 07:46:23 2022 SIGINT[hard,] received, process exiting

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by TinCanTech » Mon May 09, 2022 11:49 am

no suitable signature algorithm

Probably means your certificates are signed using SHA1, which is broken and unsupported.

https://shattered.io/

You need new certs. I recommend Easy-RSA

tombolder
OpenVpn Newbie
Posts: 3
Joined: Mon May 09, 2022 5:56 am

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by tombolder » Mon May 09, 2022 5:17 pm

I checked all my certificates, and they seem to be SHA-256?

Code: Select all

find -name '*.crt' | while read line; do openssl x509 -in $line -noout -text; done | grep 'Signature Algorithm'
        Signature Algorithm: sha256WithRSAEncryption
    Signature Algorithm: sha256WithRSAEncryption
    ....
If I should try doing new certs, will it be enough to do certs for my clients or should I create a new ca.crt as well?

edit.
I recreated a full pki using EasyRSA-3.0.8 but I got the same problem.

I then noticed that the client says this:

Code: Select all

Mon May  9 07:44:18 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May  9 07:44:18 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
So I changed openvpn --genkey secret ta.key to openvpn --genkey tls-auth ta.key, but I still got the same HMAC message.

Finally I dropped the tls-auth config on both client and server.

Still the same error on the server:

Code: Select all

2022-05-09 19:47:56 192.168.66.150:52773 OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm
edit.
I also noted that Ubuntu upgraded openssl from 1.1.1l to 3.0.2, according to their package database.

aoeu

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by TinCanTech » Mon May 09, 2022 7:15 pm

Server:
tombolder wrote:
Mon May 09, 2022 6:08 am
2022-05-09 07:52:03 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-05-09 07:52:03 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2
Client.
tombolder wrote:
Mon May 09, 2022 6:08 am
Mon May 9 07:52:12 2022 OpenVPN 2.3.6 armle-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 4 2016
Mon May 9 07:52:12 2022 library versions: OpenSSL 1.0.1s-fips 1 Mar 2016, LZO 2.08
Good luck.

FIPS is on you.

tombolder
OpenVpn Newbie
Posts: 3
Joined: Mon May 09, 2022 5:56 am

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by tombolder » Tue May 10, 2022 5:58 pm

I found an update with OpenVPN 2.3.17. It gets past the TLS handshake. But the next hurdle is that OpenVPN 2.5 seems to have deprecated the ciphers that 2.3 support (BF-CBC, AES-256-CBC).

So I guess I have to get my hands dirty and build a new OpenVPN for the host.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by TinCanTech » Fri May 13, 2022 8:28 pm

Why are you using such old client software ?

l37
OpenVpn Newbie
Posts: 2
Joined: Fri Oct 14, 2022 4:02 pm

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by l37 » Fri Oct 14, 2022 4:07 pm

What fixed the problem for me was putting

Code: Select all

tls-cipher DEFAULT:@SECLEVEL=0
into the OpenVPN configuration on the Server.


TinCanTech wrote:
Fri May 13, 2022 8:28 pm
Why are you using such old client software ?
In my case the Ubiquiti Edgerouter release V2, which ships more modern software has a OpenVPN release with a severe production impacting PathMTU bug, so downgrading is the only fix for now, until a) this gets fixed in OpenVPN (if not already) and b) this fix gets release with a new EdgeOS firmware.

l37
OpenVpn Newbie
Posts: 2
Joined: Fri Oct 14, 2022 4:02 pm

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by l37 » Fri Oct 14, 2022 5:18 pm

tombolder wrote:
Tue May 10, 2022 5:58 pm
I found an update with OpenVPN 2.3.17. It gets past the TLS handshake. But the next hurdle is that OpenVPN 2.5 seems to have deprecated the ciphers that 2.3 support (BF-CBC, AES-256-CBC).

So I guess I have to get my hands dirty and build a new OpenVPN for the host.
No, afaik those ciphers will be deprecated only with OpenVPN 2.7, OpenVPN 2.5 just warns about this in the log.

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: OpenSSL: error:0A000076:SSL routines::no suitable signature algorithm

Post by ordex » Fri Oct 14, 2022 5:52 pm

AES-256-CBC is *not* deprecated, only BF-CBC should be.
Anyway, basically by upgrading the server to Ubuntu 22, you got OpenSSL 3 which is more picky about old/unsecure algorithms.
Your workaround is the way to tell OpenSSL "I know what I doing - mostly - and I want to stick to these old ciphers".

Best would obviously be to get the client to use something more modern. Even AES-CBC would be better (I think 2.3 should support it already).

Regarding the PathMTU bug, what OpenVPN version would that be?

Post Reply