FS#736 - OpenVPN: TLS Error #5568
Labels
Comments
|
lucize: refresh the key!
|
|
diizzyy: ..or try the OpenSSL version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
bugmenot:
Trying connect to this VPN service:
https://antizapret.prostovpn.org/antizapret.zip
My /etc/config/openvpn:
config openvpn 'antizapret'option client '1'
option dev 'tun'
option proto 'udp'
list remote 'vpn.antizapret.prostovpn.org'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option verb '3'
option comp_lzo 'yes'
option enabled '1'
But I got TLS error:
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: library versions: mbed TLS 2.4.2, LZO 2.09
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: TCP/UDP: Preserving recently used remote address: [AF_INET]137.74.171.91:1194
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: UDP link local: (not bound)
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: UDP link remote: [AF_INET]137.74.171.91:1194
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: TLS: Initial packet from [AF_INET]137.74.171.91:1194, sid=3a81866c da6c2a50
Tue Apr 25 19:54:16 2017 daemon.notice openvpn(antizapret)[3659]: VERIFY OK: depth=1, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=ProstoVPN.AntiZapret CA, ??=ProstoVPN.AntiZapret CA, emailAddress=admin@prostovpn.ru
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: VERIFY ERROR: depth=0, subject=C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=AntiZapret-LV, ??=changeme, emailAddress=admin@prostovpn.ru: The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: TLS_ERROR: read tls_read_plaintext error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: TLS Error: TLS object -> incoming plaintext read error
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: TLS Error: TLS handshake failed
Tue Apr 25 19:54:16 2017 daemon.notice openvpn(antizapret)[3659]: SIGUSR1[soft,tls-error] received, process restarting
openvpn-openssl from OpenWrt 15.05.1 works without errors.
The text was updated successfully, but these errors were encountered: