Hello, after upgrading to version 2.6 all our connections don't work anymore.
The loading process gets stuck at "Verify ku ok", so I guess the problem is with the next line (which doesn't appear), "Validating certificate extended key usage".
It stays stuck for a while, then asks for the password again (the password is fine, it works with older versions).
Was there a change of policy with certificates? Maybe there is a (new?) command to include in the configuration file to allow some types of certificate?
Version 2.6 doesn't connect
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
Daniele
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 02, 2023 10:39 am
Version 2.6 doesn't connect
Last edited by Daniele on Thu Feb 02, 2023 7:40 pm, edited 1 time in total.
-
ERIKB
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Feb 02, 2023 2:11 pm
Re: Version 2.6 doesn't connect
Hello, I encounter the same problem today after upgrading to 2.6. Connection from client can not be set up.
Log errors:
23-02-02 12:16:03 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=DE, ST=Berlin, L=Berlin, O=Strato Rechenzentrum AG, CN=prak, serial=621
2023-02-02 12:16:03 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-02-02 12:16:03 TLS_ERROR: BIO read tls_read_plaintext error
2023-02-02 12:16:03 TLS Error: TLS object -> incoming plaintext read error
2023-02-02 12:16:03 TLS Error: TLS handshake failed
Log errors:
23-02-02 12:16:03 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=DE, ST=Berlin, L=Berlin, O=Strato Rechenzentrum AG, CN=prak, serial=621
2023-02-02 12:16:03 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-02-02 12:16:03 TLS_ERROR: BIO read tls_read_plaintext error
2023-02-02 12:16:03 TLS Error: TLS object -> incoming plaintext read error
2023-02-02 12:16:03 TLS Error: TLS handshake failed
-
Daniele
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 02, 2023 10:39 am
Re: Version 2.6 doesn't connect
It looks like this is a big issue, I hope someone will shed some light on this.
-
niecierpliwy
- OpenVpn Newbie
- Posts: 1
- Joined: Wed Feb 22, 2023 8:00 am
Re: Version 2.6 doesn't connect
Hello,
Have you been able to solve this problem?
I encounter the same issue with QNAP NAS.
Have you been able to solve this problem?
I encounter the same issue with QNAP NAS.
-
Daniele
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 02, 2023 10:39 am
Re: Version 2.6 doesn't connect
Hello, no solution right now, sorry, and no feedback here sadly. We are using old versions for the time being. This is very inconvenient.
-
JettCon
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Mar 03, 2023 5:23 pm
Re: Version 2.6 doesn't connect
I also have this problem, I've tried numerous things but I can't make the 2.6 version work or stop the older versions from updating to 2.6. Anyone have any solutions?
-
rdpk7
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Apr 06, 2023 4:27 pm
Re: Version 2.6 doesn't connect
Solution is:
Add/Replace this line in your .ovpn file:
tls-cipher “DEFAULT:@SECLEVEL=0”
Add/Replace this line in your .ovpn file:
tls-cipher “DEFAULT:@SECLEVEL=0”
-
Daniele
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 02, 2023 10:39 am
Re: Version 2.6 doesn't connect
I tried that, but I get this:
No valid translation found for TLS cipher '@SECLEVEL=0'
I changed the quotes like this: tls-cipher "DEFAULT:@SECLEVEL=0" , so that's not the problem.
-
Daniele
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 02, 2023 10:39 am
Re: Version 2.6 doesn't connect
This is the log, with some redacted data:
Code: Select all
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_private_mode = 00000000
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_cert_private = DISABLED
Sun Apr 16 16:15:16 2023 pkcs11_pin_cache_period = -1
Sun Apr 16 16:15:16 2023 pkcs11_id = '[UNDEF]'
Sun Apr 16 16:15:16 2023 pkcs11_id_management = DISABLED
Sun Apr 16 16:15:16 2023 server_network = 0.0.0.0
Sun Apr 16 16:15:16 2023 server_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023 server_network_ipv6 = ::
Sun Apr 16 16:15:16 2023 server_netbits_ipv6 = 0
Sun Apr 16 16:15:16 2023 server_bridge_ip = 0.0.0.0
Sun Apr 16 16:15:16 2023 server_bridge_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023 server_bridge_pool_start = 0.0.0.0
Sun Apr 16 16:15:16 2023 server_bridge_pool_end = 0.0.0.0
Sun Apr 16 16:15:16 2023 ifconfig_pool_defined = DISABLED
Sun Apr 16 16:15:16 2023 ifconfig_pool_start = 0.0.0.0
Sun Apr 16 16:15:16 2023 ifconfig_pool_end = 0.0.0.0
Sun Apr 16 16:15:16 2023 ifconfig_pool_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Apr 16 16:15:16 2023 ifconfig_pool_persist_refresh_freq = 600
Sun Apr 16 16:15:16 2023 ifconfig_ipv6_pool_defined = DISABLED
Sun Apr 16 16:15:16 2023 ifconfig_ipv6_pool_base = ::
Sun Apr 16 16:15:16 2023 ifconfig_ipv6_pool_netbits = 0
Sun Apr 16 16:15:16 2023 n_bcast_buf = 256
Sun Apr 16 16:15:16 2023 tcp_queue_limit = 64
Sun Apr 16 16:15:16 2023 real_hash_size = 256
Sun Apr 16 16:15:16 2023 virtual_hash_size = 256
Sun Apr 16 16:15:16 2023 client_connect_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023 learn_address_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023 client_disconnect_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023 client_crresponse_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023 client_config_dir = '[UNDEF]'
Sun Apr 16 16:15:16 2023 ccd_exclusive = DISABLED
Sun Apr 16 16:15:16 2023 tmp_dir = 'C:\Users\danie\AppData\Local\Temp\'
Sun Apr 16 16:15:16 2023 push_ifconfig_defined = DISABLED
Sun Apr 16 16:15:16 2023 push_ifconfig_local = 0.0.0.0
Sun Apr 16 16:15:16 2023 push_ifconfig_remote_netmask = 0.0.0.0
Sun Apr 16 16:15:16 2023 push_ifconfig_ipv6_defined = DISABLED
Sun Apr 16 16:15:16 2023 push_ifconfig_ipv6_local = ::/0
Sun Apr 16 16:15:16 2023 push_ifconfig_ipv6_remote = ::
Sun Apr 16 16:15:16 2023 enable_c2c = DISABLED
Sun Apr 16 16:15:16 2023 duplicate_cn = DISABLED
Sun Apr 16 16:15:16 2023 cf_max = 0
Sun Apr 16 16:15:16 2023 cf_per = 0
Sun Apr 16 16:15:16 2023 cf_initial_max = 100
Sun Apr 16 16:15:16 2023 cf_initial_per = 10
Sun Apr 16 16:15:16 2023 max_clients = 1024
Sun Apr 16 16:15:16 2023 max_routes_per_client = 256
Sun Apr 16 16:15:16 2023 auth_user_pass_verify_script = '[UNDEF]'
Sun Apr 16 16:15:16 2023 auth_user_pass_verify_script_via_file = DISABLED
Sun Apr 16 16:15:16 2023 auth_token_generate = DISABLED
Sun Apr 16 16:15:16 2023 auth_token_lifetime = 0
Sun Apr 16 16:15:16 2023 auth_token_secret_file = '[UNDEF]'
Sun Apr 16 16:15:16 2023 vlan_tagging = DISABLED
Sun Apr 16 16:15:16 2023 vlan_accept = all
Sun Apr 16 16:15:16 2023 vlan_pvid = 1
Sun Apr 16 16:15:16 2023 client = ENABLED
Sun Apr 16 16:15:16 2023 pull = ENABLED
Sun Apr 16 16:15:16 2023 auth_user_pass_file = 'stdin'
Sun Apr 16 16:15:16 2023 show_net_up = DISABLED
Sun Apr 16 16:15:16 2023 route_method = 3
Sun Apr 16 16:15:16 2023 block_outside_dns = DISABLED
Sun Apr 16 16:15:16 2023 ip_win32_defined = DISABLED
Sun Apr 16 16:15:16 2023 ip_win32_type = 1
Sun Apr 16 16:15:16 2023 dhcp_masq_offset = 0
Sun Apr 16 16:15:16 2023 dhcp_lease_time = 31536000
Sun Apr 16 16:15:16 2023 tap_sleep = 0
Sun Apr 16 16:15:16 2023 dhcp_options = 0x00000000
Sun Apr 16 16:15:16 2023 dhcp_renew = DISABLED
Sun Apr 16 16:15:16 2023 dhcp_pre_release = DISABLED
Sun Apr 16 16:15:16 2023 domain = '[UNDEF]'
Sun Apr 16 16:15:16 2023 netbios_scope = '[UNDEF]'
Sun Apr 16 16:15:16 2023 netbios_node_type = 0
Sun Apr 16 16:15:16 2023 disable_nbt = DISABLED
Sun Apr 16 16:15:16 2023 OpenVPN 2.6.3 [git:v2.6.3/94aad8c51043a805] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Apr 13 2023
Sun Apr 16 16:15:16 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Sun Apr 16 16:15:16 2023 library versions: OpenSSL 3.1.0 14 Mar 2023, LZO 2.10
Sun Apr 16 16:15:16 2023 DCO version: v0
Sun Apr 16 16:15:16 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 16 16:15:16 2023 Need hold release from management interface, waiting...
Sun Apr 16 16:15:17 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50584
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'state on'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'log on all'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'echo on all'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'bytecount 5'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'state'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'hold off'
Sun Apr 16 16:15:17 2023 MANAGEMENT: CMD 'hold release'
Sun Apr 16 16:15:22 2023 MANAGEMENT: CMD 'username "Auth" "user"'
Sun Apr 16 16:15:22 2023 MANAGEMENT: CMD 'password [...]'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='1', value=00000066C66FD030, value_size=4
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=84-'CKR_FUNCTION_NOT_SUPPORTED'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='7', value=00000066C66FD038, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 7=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='6', value=00000066C66FD030, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 6=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='9', value=00000066C66FD038, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 9=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='8', value=00000066C66FD030, value_size=8
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 8=*size*
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='10', value=00000066C66FD030, value_size=4
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 10=0x1
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty entry property='11', value=00000066C66FD030, value_size=4
Sun Apr 16 16:15:22 2023 PKCS#11: Setting property 11=0xffffffff
Sun Apr 16 16:15:22 2023 PKCS#11: pkcs11h_setProperty return rv=0-'CKR_OK'
Sun Apr 16 16:15:22 2023 No valid translation found for TLS cipher '@SECLEVEL=0'
Sun Apr 16 16:15:26 2023 MANAGEMENT: CMD 'password [...]'
Sun Apr 16 16:15:26 2023 MTU: adding 426 buffer tailroom for compression for 1768 bytes of payload
Sun Apr 16 16:15:26 2023 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
Sun Apr 16 16:15:26 2023 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
Sun Apr 16 16:15:26 2023 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Apr 16 16:15:26 2023 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Apr 16 16:15:26 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]<IPADDRESS>:<PORT>
Sun Apr 16 16:15:26 2023 Enumerate drivers in registy:
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {09059E27-4BE1-4C22-BFAE-7FBA0F867289}, Driver: wintun
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {9B7FEB87-5BEB-47D6-9663-570B0861DEC7}, Driver: tap-windows6
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {FF28C62A-1FF3-4693-973B-53C5109E8A25}, Driver: ovpn-dco
Sun Apr 16 16:15:26 2023 Enumerate device interface lists:
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {09059E27-4BE1-4C22-BFAE-7FBA0F867289}, Device Interface: \\?\ROOT#NET#0000#{cac88484-7515-4c03-82e6-71a87abac361}
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {9B7FEB87-5BEB-47D6-9663-570B0861DEC7}, Device Interface: \\?\ROOT#NET#0001#{cac88484-7515-4c03-82e6-71a87abac361}
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {8639185E-2A5C-41B8-8099-24B87F9F1963}, Device Interface: \\?\PCI#VEN_8086&DEV_100F&SUBSYS_075015AD&REV_01#4&bbf9765&0&0888#{cac88484-7515-4c03-82e6-71a87abac361}
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {FF28C62A-1FF3-4693-973B-53C5109E8A25}, Device Interface: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco
Sun Apr 16 16:15:26 2023 NetCfgInstanceId: {FF28C62A-1FF3-4693-973B-53C5109E8A25}, Device Interface: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\{FF28C62A-1FF3-4693-973B-53C5109E8A25}
Sun Apr 16 16:15:26 2023 Using device interface: \\?\ROOT#NET#0002#{cac88484-7515-4c03-82e6-71a87abac361}\ovpn-dco
Sun Apr 16 16:15:26 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Sun Apr 16 16:15:26 2023 dco_create_socket
Sun Apr 16 16:15:26 2023 TCP_CLIENT link local: (not bound)
Sun Apr 16 16:15:26 2023 TCP_CLIENT link remote: [AF_INET]<IPADDRESS>:<PORT>
Sun Apr 16 16:15:26 2023 MANAGEMENT: >STATE:1681654526,WAIT,,,,,,
Sun Apr 16 16:15:26 2023 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
Sun Apr 16 16:15:26 2023 event_wait returned 2
Sun Apr 16 16:15:26 2023 TCP_CLIENT WRITE [14] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f466cff4 c4f43da0 [ ] pid=0 DATA
Sun Apr 16 16:15:26 2023 TCP_CLIENT write returned 14
Sun Apr 16 16:15:26 2023 event_wait returned 1
Sun Apr 16 16:15:26 2023 event_wait returned 1
Sun Apr 16 16:15:26 2023 event_wait returned 1
Sun Apr 16 16:15:27 2023 event_wait returned 1
Sun Apr 16 16:15:27 2023 TCP_CLIENT read returned 14
Sun Apr 16 16:15:27 2023 TCP_CLIENT READ [14] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=6c7d6db8 adadd565 [ ] pid=0 DATA
Sun Apr 16 16:15:27 2023 MANAGEMENT: >STATE:1681654527,AUTH,,,,,,
Sun Apr 16 16:15:27 2023 TLS: Initial packet from [AF_INET]<IPADDRESS>:<PORT>, sid=6c7d6db8 adadd565
Sun Apr 16 16:15:27 2023 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
Sun Apr 16 16:15:27 2023 event_wait returned 2
Sun Apr 16 16:15:27 2023 TCP_CLIENT WRITE [26] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f466cff4 c4f43da0 [ 0 sid=6c7d6db8 adadd565 ] pid=0 DATA
Sun Apr 16 16:15:27 2023 TCP_CLIENT write returned 26
Sun Apr 16 16:15:27 2023 event_wait returned 1
Sun Apr 16 16:15:27 2023 event_wait returned 1
Sun Apr 16 16:15:27 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:27 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 0 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:27 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:27 2023 event_wait returned 2
Sun Apr 16 16:15:27 2023 TCP_CLIENT WRITE [321] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 0 sid=6c7d6db8 adadd565 ] pid=1 DATA 16030101 22010001 1e0303f4 799fb352 9e4dfa74 508f8c4e b3af3f27 5568182[more...]
Sun Apr 16 16:15:27 2023 TCP_CLIENT write returned 321
Sun Apr 16 16:15:27 2023 event_wait returned 1
Sun Apr 16 16:15:27 2023 event_wait returned 1
Sun Apr 16 16:15:27 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:27 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 1 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:27 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 0
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 1414
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [1414] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=1 DATA 16030300 51020000 4d030361 64d9d223 deb9e2dc fab77c11 5754af38 4b80232[more...]
Sun Apr 16 16:15:28 2023 write_control_auth(): P_ACK_V1
Sun Apr 16 16:15:28 2023 event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [26] to [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=f466cff4 c4f43da0 [ 1 0 sid=6c7d6db8 adadd565 ] DATA
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 26
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 1414
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [1414] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=2 DATA 43225cc8 fdd670c9 4639d0ce 6db84fe4 04b7e9bd 24a5af1c 1e5ea16c 3ec9c6d[more...]
Sun Apr 16 16:15:28 2023 write_control_auth(): P_ACK_V1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [30] to [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=f466cff4 c4f43da0 [ 2 1 0 sid=6c7d6db8 adadd565 ] DATA
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 30
Sun Apr 16 16:15:28 2023 event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 1309
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [1309] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=3 DATA 3566b179 45138ce4 fa749ca9 94537ca2 dac79c58 7c1b8c56 7b77a0ec 199fdb1[more...]
Sun Apr 16 16:15:28 2023 VERIFY OK: depth=1, C=IT, ST=IT, L=SAVONA, O=DMP, CN=CA
Sun Apr 16 16:15:28 2023 VERIFY KU OK
Sun Apr 16 16:15:28 2023 Validating certificate extended key usage
Sun Apr 16 16:15:28 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 16 16:15:28 2023 VERIFY EKU OK
Sun Apr 16 16:15:28 2023 VERIFY OK: depth=0, C=IT, ST=IT, L=SAVONA, O=DMP, CN=server
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [1222] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=2 DATA 1603030b 4a0b000b 46000b43 00059430 82059030 820378a0 03020102 02081fb[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 1222
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [1222] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=3 DATA 376968ef 6c710d3e aa87905e 035eebcf af602fe3 f19041c7 38d6b850 85b2097[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 1222
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023 event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 2 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [1222] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=4 DATA 864886f7 0d01010b 05000382 02010037 70a95633 80abbbc3 d4bec4d5 de7154c[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 1222
Sun Apr 16 16:15:28 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:28 2023 event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 3 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT WRITE [224] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 3 2 1 0 sid=6c7d6db8 adadd565 ] pid=5 DATA 2c1486e5 c882e258 b50fd245 06b811de 91c66168 512eb028 01ae517c 607cd1d[more...]
Sun Apr 16 16:15:28 2023 TCP_CLIENT write returned 224
Sun Apr 16 16:15:28 2023 event_wait returned 2
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 4 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:28 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:28 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 5 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:28 2023 event_wait returned 1
Sun Apr 16 16:15:29 2023 event_wait returned 1
Sun Apr 16 16:15:29 2023 TCP_CLIENT read returned 65
Sun Apr 16 16:15:29 2023 TCP_CLIENT READ [65] from [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=6c7d6db8 adadd565 [ ] pid=4 DATA 14030300 01011603 0300284a 22619802 b23f991e 43edc26c bf11a3f4 d4bd7fa[more...]
Sun Apr 16 16:15:29 2023 write_control_auth(): P_CONTROL_V1
Sun Apr 16 16:15:29 2023 event_wait returned 2
Sun Apr 16 16:15:29 2023 TCP_CLIENT WRITE [500] to [AF_INET]<IPADDRESS>:<PORT>: P_CONTROL_V1 kid=0 sid=f466cff4 c4f43da0 [ 4 3 2 1 sid=6c7d6db8 adadd565 ] pid=6 DATA 17030301 c9f49d12 e382aded 79948005 de6d035b 966c8188 ed096f81 e33c511[more...]
Sun Apr 16 16:15:29 2023 TCP_CLIENT write returned 500
Sun Apr 16 16:15:29 2023 event_wait returned 1
Sun Apr 16 16:15:29 2023 event_wait returned 1
Sun Apr 16 16:15:29 2023 TCP_CLIENT read returned 22
Sun Apr 16 16:15:29 2023 TCP_CLIENT READ [22] from [AF_INET]<IPADDRESS>:<PORT>: P_ACK_V1 kid=0 sid=6c7d6db8 adadd565 [ 6 sid=f466cff4 c4f43da0 ] DATA
Sun Apr 16 16:15:29 2023 event_wait returned 1
Sun Apr 16 16:15:30 2023 event_wait returned 0
Sun Apr 16 16:15:30 2023 event_wait returned 1
Sun Apr 16 16:15:31 2023 event_wait returned 0
Sun Apr 16 16:15:31 2023 event_wait returned 1
Sun Apr 16 16:15:33 2023 event_wait returned 0
Sun Apr 16 16:15:33 2023 event_wait returned 1
Sun Apr 16 16:15:34 2023 event_wait returned 0
Sun Apr 16 16:15:34 2023 event_wait returned 1
Sun Apr 16 16:15:35 2023 event_wait returned 0
Sun Apr 16 16:15:35 2023 event_wait returned 1
Sun Apr 16 16:15:36 2023 event_wait returned 0
Sun Apr 16 16:15:36 2023 event_wait returned 1
Sun Apr 16 16:15:37 2023 event_wait returned 0
Sun Apr 16 16:15:37 2023 event_wait returned 1
Sun Apr 16 16:15:38 2023 event_wait returned 0
Sun Apr 16 16:15:38 2023 event_wait returned 1
Sun Apr 16 16:15:39 2023 event_wait returned 0
Sun Apr 16 16:15:39 2023 event_wait returned 1
Sun Apr 16 16:15:40 2023 event_wait returned 0
Sun Apr 16 16:15:40 2023 event_wait returned 1
Sun Apr 16 16:15:42 2023 event_wait returned 0
Sun Apr 16 16:15:42 2023 event_wait returned 1
Sun Apr 16 16:15:43 2023 event_wait returned 0
Sun Apr 16 16:15:43 2023 event_wait returned 1
Sun Apr 16 16:15:44 2023 event_wait returned 0
Sun Apr 16 16:15:44 2023 event_wait returned 1
Sun Apr 16 16:15:45 2023 event_wait returned 0
Sun Apr 16 16:15:45 2023 event_wait returned 1
Sun Apr 16 16:15:46 2023 event_wait returned 0
Sun Apr 16 16:15:46 2023 event_wait returned 1
Sun Apr 16 16:15:47 2023 event_wait returned 0
Sun Apr 16 16:15:47 2023 event_wait returned 1
Sun Apr 16 16:15:48 2023 event_wait returned 0
Sun Apr 16 16:15:48 2023 event_wait returned 1
Sun Apr 16 16:15:49 2023 event_wait returned 0
Sun Apr 16 16:15:49 2023 event_wait returned 1
Sun Apr 16 16:15:50 2023 event_wait returned 0
Sun Apr 16 16:15:50 2023 event_wait returned 1
Sun Apr 16 16:15:51 2023 event_wait returned 0
Sun Apr 16 16:15:51 2023 event_wait returned 1
Sun Apr 16 16:15:52 2023 event_wait returned 0
Sun Apr 16 16:15:52 2023 event_wait returned 1
Sun Apr 16 16:15:53 2023 event_wait returned 0
Sun Apr 16 16:15:53 2023 event_wait returned 1
Sun Apr 16 16:15:54 2023 event_wait returned 0
Sun Apr 16 16:15:54 2023 event_wait returned 1
Sun Apr 16 16:15:55 2023 event_wait returned 0
Sun Apr 16 16:15:55 2023 event_wait returned 1
Sun Apr 16 16:15:56 2023 event_wait returned 0
Sun Apr 16 16:15:56 2023 event_wait returned 1
Sun Apr 16 16:15:57 2023 event_wait returned 0
Sun Apr 16 16:15:57 2023 event_wait returned 1
Sun Apr 16 16:15:59 2023 event_wait returned 0
Sun Apr 16 16:15:59 2023 event_wait returned 1
Sun Apr 16 16:16:00 2023 event_wait returned 0
Sun Apr 16 16:16:00 2023 event_wait returned 1
Sun Apr 16 16:16:01 2023 event_wait returned 0
Sun Apr 16 16:16:01 2023 event_wait returned 1
Sun Apr 16 16:16:02 2023 event_wait returned 0
Sun Apr 16 16:16:02 2023 event_wait returned 1
Sun Apr 16 16:16:03 2023 event_wait returned 0
Sun Apr 16 16:16:03 2023 event_wait returned 1
Sun Apr 16 16:16:04 2023 event_wait returned 0
Sun Apr 16 16:16:04 2023 event_wait returned 1
Sun Apr 16 16:16:05 2023 event_wait returned 0
Sun Apr 16 16:16:05 2023 event_wait returned 1
Sun Apr 16 16:16:06 2023 event_wait returned 0
Sun Apr 16 16:16:06 2023 event_wait returned 1
Sun Apr 16 16:16:08 2023 event_wait returned 0
Sun Apr 16 16:16:08 2023 event_wait returned 1
Sun Apr 16 16:16:09 2023 event_wait returned 0
Sun Apr 16 16:16:09 2023 event_wait returned 1
Sun Apr 16 16:16:10 2023 event_wait returned 0
Sun Apr 16 16:16:10 2023 event_wait returned 1
Sun Apr 16 16:16:11 2023 event_wait returned 0
Sun Apr 16 16:16:11 2023 event_wait returned 1
Sun Apr 16 16:16:12 2023 event_wait returned 0
Sun Apr 16 16:16:12 2023 event_wait returned 1
Sun Apr 16 16:16:14 2023 event_wait returned 0
Sun Apr 16 16:16:14 2023 event_wait returned 1
Sun Apr 16 16:16:15 2023 event_wait returned 0
Sun Apr 16 16:16:15 2023 event_wait returned 1
Sun Apr 16 16:16:16 2023 event_wait returned 0
Sun Apr 16 16:16:16 2023 event_wait returned 1
Sun Apr 16 16:16:17 2023 event_wait returned 0
Sun Apr 16 16:16:17 2023 event_wait returned 1
Sun Apr 16 16:16:18 2023 event_wait returned 0
Sun Apr 16 16:16:18 2023 event_wait returned 1
Sun Apr 16 16:16:19 2023 event_wait returned 0
Sun Apr 16 16:16:19 2023 event_wait returned 1
Sun Apr 16 16:16:20 2023 event_wait returned 0
Sun Apr 16 16:16:20 2023 event_wait returned 1
Sun Apr 16 16:16:22 2023 event_wait returned 0
Sun Apr 16 16:16:22 2023 event_wait returned 1
Sun Apr 16 16:16:23 2023 event_wait returned 0
Sun Apr 16 16:16:23 2023 event_wait returned 1
Sun Apr 16 16:16:24 2023 event_wait returned 0
Sun Apr 16 16:16:24 2023 event_wait returned 1
Sun Apr 16 16:16:25 2023 event_wait returned 0
Sun Apr 16 16:16:25 2023 event_wait returned 1
Sun Apr 16 16:16:26 2023 event_wait returned 0
Sun Apr 16 16:16:26 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Apr 16 16:16:26 2023 TLS Error: TLS handshake failed
Sun Apr 16 16:16:26 2023 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=00000240669CD9E0, ptr=0000000000000000, ad=00000240669CDA70, idx=1, argl=0, argp=00007FFBB3AF3D38
Sun Apr 16 16:16:26 2023 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=0000024064EDA7C0, ptr=0000000000000000, ad=0000024064EDA850, idx=1, argl=0, argp=00007FFBB3AF3D38
Sun Apr 16 16:16:26 2023 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 16 16:16:26 2023 Closing DCO interface
Sun Apr 16 16:16:26 2023 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 16 16:16:26 2023 MANAGEMENT: >STATE:1681654586,RECONNECTING,tls-error,,,,,
Sun Apr 16 16:16:26 2023 Restart pause, 1 second(s)
-
Daniele
- OpenVpn Newbie
- Posts: 6
- Joined: Thu Feb 02, 2023 10:39 am
Re: Version 2.6 doesn't connect
And this is a sample config file:
Code: Select all
client
remote <IPADDRESS> <PORT>
proto tcp
dev tun
nobind
persist-key
persist-tun
verb 10
auth-user-pass
ca "CA.crt"
cert "client1.crt"
key "client1.key"
port <PORT>
tls-client
remote-cert-tls server
auth-nocache
auth-user-pass
route 192.168.1.0 255.255.255.0
-
becm
- OpenVPN User
- Posts: 23
- Joined: Tue Sep 01, 2020 1:27 pm
Re: Version 2.6 doesn't connect
All CAs with signature algoritm SHA1 or weaker are rejected by OpenSSL 3.x, in OpenVPN 2.6
Adding
to the client config should be a valid mitigation until the CA can be replaced.
Adding
Code: Select all
tls-cert-profile insecure
Last edited by Pippin on Fri May 05, 2023 9:24 am, edited 1 time in total.
Reason: Corrected bbcode
Reason: Corrected bbcode
-
Fellerson
- OpenVpn Newbie
- Posts: 1
- Joined: Tue May 23, 2023 2:05 pm
Re: Version 2.6 doesn't connect
Hi @becm
Thanks a lot for your help. This helped a lot
Now, how can we improve the security ? QNAP has to update something on the server side, to have a stronger algorithm signature, right ? Thanks.
Thanks a lot for your help. This helped a lot
Now, how can we improve the security ? QNAP has to update something on the server side, to have a stronger algorithm signature, right ? Thanks.