[FS#736] OpenVPN: TLS Error
LEDE Bugs
lede-bugs at lists.infradead.org
Tue Apr 25 14:37:07 PDT 2017
A new Flyspray task has been opened. Details are below.
User who did this - bugmenot (bugmenot)
Attached to Project - LEDE Project
Summary - OpenVPN: TLS Error
Task Type - Bug Report
Category - Packages
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details - Trying connect to this VPN service:
https://antizapret.prostovpn.org/antizapret.zip
My /etc/config/openvpn:
config openvpn 'antizapret'
option client '1'
option dev 'tun'
option proto 'udp'
list remote 'vpn.antizapret.prostovpn.org'
option resolv_retry 'infinite'
option nobind '1'
option persist_key '1'
option persist_tun '1'
option user 'nobody'
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/client.crt'
option key '/etc/openvpn/client.key'
option verb '3'
option comp_lzo 'yes'
option enabled '1'
But I got TLS error:
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: OpenVPN 2.4.0 mips-openwrt-linux-gnu [SSL (mbed TLS)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: library versions: mbed TLS 2.4.2, LZO 2.09
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: TCP/UDP: Preserving recently used remote address: [AF_INET]137.74.171.91:1194
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: UDP link local: (not bound)
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: UDP link remote: [AF_INET]137.74.171.91:1194
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Apr 25 19:54:15 2017 daemon.notice openvpn(antizapret)[3659]: TLS: Initial packet from [AF_INET]137.74.171.91:1194, sid=3a81866c da6c2a50
Tue Apr 25 19:54:16 2017 daemon.notice openvpn(antizapret)[3659]: VERIFY OK: depth=1, C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=ProstoVPN.AntiZapret CA, ??=ProstoVPN.AntiZapret CA, emailAddress=admin at prostovpn.ru
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: VERIFY ERROR: depth=0, subject=C=RU, ST=RU, L=Internet, O=ProstoVPN.ru, OU=AntiZapret, CN=AntiZapret-LV, ??=changeme, emailAddress=admin at prostovpn.ru: The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: TLS_ERROR: read tls_read_plaintext error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: TLS Error: TLS object -> incoming plaintext read error
Tue Apr 25 19:54:16 2017 daemon.err openvpn(antizapret)[3659]: TLS Error: TLS handshake failed
Tue Apr 25 19:54:16 2017 daemon.notice openvpn(antizapret)[3659]: SIGUSR1[soft,tls-error] received, process restarting
openvpn-openssl from OpenWrt 15.05.1 works without errors.
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=736
More information about the lede-bugs
mailing list