FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
1,844 views 1 comments
by
I am trying to connect a newly bought RUT240 to our openvpn server. The firmware of this device is RUT2XX_R_00.01.12.3 from  2020-07-01, 08:11:52. It doesn't connect and the log file has the following error:

Tue Sep 22 13:23:43 2020 daemon.err openvpn(client_gipp)[16596]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: [...]
Tue Sep 22 13:23:43 2020 daemon.err openvpn(client_gipp)[16596]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)
Tue Sep 22 13:23:43 2020 daemon.err openvpn(client_gipp)[16596]: TLS_ERROR: BIO read tls_read_plaintext error
Tue Sep 22 13:23:43 2020 daemon.err openvpn(client_gipp)[16596]: TLS Error: TLS object -> incoming plaintext read error
Tue Sep 22 13:23:43 2020 daemon.err openvpn(client_gipp)[16596]: TLS Error: TLS handshake failed

If I try the same with on of our older RUT955 (firmware  RUT9XX_R_00.03.256 from 2017-04-18, 14:49:18) it works fine and accepts the same certificate.

Can I still use self signed certificates? Was their a change in police of accepting self signed certificates? If I look through firmware release notes I don't find this topic.

1 Answer

0 votes
by anonymous

Hi,

  • Could it be that you've generated the keys on different machines?
  • Server and clients have unique common names?
  • Do you have the right date and time set on the machine you generated keys on?
  • Are you connected to the right server with your clients? Please double-check your setup or even try generating new keys again.
EB.
by anonymous
i have the same problem tls failed, please can you help me?

Fri Jul 16 12:27:35 2021 local1.crit luci-reload[1798]: START==1
Fri Jul 16 12:27:36 2021 daemon.warn openvpn(client_ocit)[1295]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 16 12:27:36 2021 daemon.warn openvpn(client_ocit)[1295]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Re-using SSL/TLS context
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: LZO compression initializing
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: TCP/UDP: Preserving recently used remote address: [AF_INET]88.217.155.226:1197
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: UDP link local: (not bound)
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: UDP link remote: [AF_INET]88.217.155.226:1197
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: TLS: Initial packet from [AF_INET]88.217.155.226:1197, sid=1f86124d f39f48d2
Fri Jul 16 12:27:36 2021 daemon.err openvpn(client_ocit)[1295]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=DE, ST=Bavaria, L=Munich, ....
Fri Jul 16 12:27:36 2021 daemon.err openvpn(client_ocit)[1295]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)
Fri Jul 16 12:27:36 2021 daemon.err openvpn(client_ocit)[1295]: TLS_ERROR: BIO read tls_read_plaintext error
Fri Jul 16 12:27:36 2021 daemon.err openvpn(client_ocit)[1295]: TLS Error: TLS object -> incoming plaintext read error
Fri Jul 16 12:27:36 2021 daemon.err openvpn(client_ocit)[1295]: TLS Error: TLS handshake failed
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: TCP/UDP: Closing socket
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 16 12:27:36 2021 daemon.notice openvpn(client_ocit)[1295]: Restart pause, 80 second(s)