WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

RUT240 OVPN with certificates

0 votes
388 views 0 comments
by anonymous

hi, we have a RUT240 (RUT2XX_R_00.01.14.1) and the VPN configuration is a bit confusing.

in the log file it persist in not doing the handshake with the server, i dont understand why...

Wed Jul 21 21:00:35 2021 daemon.warn openvpn(client_ocit)[17581]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Wed Jul 21 21:00:35 2021 daemon.warn openvpn(client_ocit)[17581]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Re-using SSL/TLS context

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: TCP/UDP: Preserving recently used remote address: [AF_INET]88.217.155.226:1197

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: UDP link local: (not bound)

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: UDP link remote: [AF_INET]88.217.155.226:1197

Wed Jul 21 21:00:35 2021 daemon.notice openvpn(client_ocit)[17581]: TLS: Initial packet from [AF_INET]88.217.155.226:1197, sid=661074ee f78a0fba

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=DE, ST=BLA, L=BLA, O=BLA, OU=ASP, CN=BLA CA, name=BLA, emailAddress=s...@...com

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: TLS_ERROR: BIO read tls_read_plaintext error

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: TLS Error: TLS object -> incoming plaintext read error

Wed Jul 21 21:00:36 2021 daemon.err openvpn(client_ocit)[17581]: TLS Error: TLS handshake failed

Wed Jul 21 21:00:36 2021 daemon.notice openvpn(client_ocit)[17581]: TCP/UDP: Closing socket

Wed Jul 21 21:00:36 2021 daemon.notice openvpn(client_ocit)[17581]: SIGUSR1[soft,tls-error] received, process restarting

Wed Jul 21 21:00:36 2021 daemon.notice openvpn(client_ocit)[17581]: Restart pause, 80 second(s) "

can you help debug it with this log file?

what can be wrong??

1 Answer

0 votes
by anonymous
Hi,

It seems that your configuration or certificates are not identical on both sides and that is causing the connection to fail.

Could you please make sure you're configuring your device exactly as our wiki or OpenVPN website instructions say?

Please do read the following links:

http://openvpn.net/howto.html#mitm

https://wiki.teltonika-networks.com/view/OpenVPN_configuration_examples

EB.