8868 questions

10528 answers

16508 comments

15841 members

0 votes
42 views 0 comments
by

hi, we have a RUT240 (RUT2XX_R_00.01.14.1) and the VPN configuration is a bit confusing.

in the log file it persist in not doing the handshake with the server, i dont understand why...

Wed Jul 21 21:00:35 2021 daemon.warn openvpn(client_ocit)[17581]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Wed Jul 21 21:00:35 2021 daemon.warn openvpn(client_ocit)[17581]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Re-using SSL/TLS context

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: TCP/UDP: Preserving recently used remote address: [AF_INET]88.217.155.226:1197

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: UDP link local: (not bound)

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: UDP link remote: [AF_INET]88.217.155.226:1197

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: TLS: Initial packet from [AF_INET]88.217.155.226:1197, sid=661074ee f78a0fba

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=DE, ST=BLA, L=BLA, O=BLA, OU=ASP, CN=BLA CA, name=BLA, emailAddress=s...@...com

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: TLS_ERROR: BIO read tls_read_plaintext error

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: TLS Error: TLS object -> incoming plaintext read error

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: TLS Error: TLS handshake failed

Wed Jul 21 21:00:36 2021 daemon.notice openvpn(client_ocit)[17581]: TCP/UDP: Closing socket

Wed Jul 21 21:00:36 2021 daemon.notice openvpn(client_ocit)[17581]: SIGUSR1[soft,tls-error] received, process restarting

Wed Jul 21 21:00:36 2021 daemon.notice openvpn(client_ocit)[17581]: Restart pause, 80 second(s) "

can you help debug it with this log file?

what can be wrong??

1 Answer

0 votes
by
Hi,

It seems that your configuration or certificates are not identical on both sides and that is causing the connection to fail.

Could you please make sure you're configuring your device exactly as our wiki or OpenVPN website instructions say?

Please do read the following links:

http://openvpn.net/howto.html#mitm

https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples

EB.