You are not logged in.

#1 2018-01-11 00:30:21

FelixDavidson
Member
From: NJ
Registered: 2016-01-15
Posts: 31

Not able to connect to VPN through OpenVPN on TCP or UDP

Wed Jan 10 19:26:30 2018 WARNING: file 'Wdc.key' is group or others accessible
Wed Jan 10 19:26:30 2018 OpenVPN 2.5_git [git:master/c68a025a1ca687c1+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 17 2017
Wed Jan 10 19:26:30 2018 library versions: OpenSSL 1.1.0g  2 Nov 2017, LZO 2.10
Enter Auth Username:
Enter Auth Password:
Wed Jan 10 19:26:47 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 10 19:26:47 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.253.252.130:80
Wed Jan 10 19:26:47 2018 Attempting to establish TCP connection with [AF_INET]192.253.252.130:80 [nonblock]
Wed Jan 10 19:26:48 2018 TCP connection established with [AF_INET]192.253.252.130:80
Wed Jan 10 19:26:48 2018 TCP_CLIENT link local: (not bound)
Wed Jan 10 19:26:48 2018 TCP_CLIENT link remote: [AF_INET]192.253.252.130:80
Wed Jan 10 19:26:48 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Jan 10 19:26:50 2018 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Wed Jan 10 19:26:50 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jan 10 19:26:50 2018 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 10 19:26:50 2018 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 10 19:26:50 2018 TLS Error: TLS handshake failed
Wed Jan 10 19:26:50 2018 Fatal TLS error (check_tls_errors_co), restarting
Wed Jan 10 19:26:50 2018 SIGUSR1[soft,tls-error] received, process restarting
Wed Jan 10 19:26:55 2018 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jan 10 19:26:55 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]172.94.29.130:80
Wed Jan 10 19:26:55 2018 Attempting to establish TCP connection with [AF_INET]172.94.29.130:80 [nonblock]
Wed Jan 10 19:26:56 2018 TCP connection established with [AF_INET]172.94.29.130:80
Wed Jan 10 19:26:56 2018 TCP_CLIENT link local: (not bound)
Wed Jan 10 19:26:56 2018 TCP_CLIENT link remote: [AF_INET]172.94.29.130:80
Wed Jan 10 19:26:57 2018 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Wed Jan 10 19:26:57 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jan 10 19:26:57 2018 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 10 19:26:57 2018 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 10 19:26:57 2018 TLS Error: TLS handshake failed
Wed Jan 10 19:26:57 2018 Fatal TLS error (check_tls_errors_co), restarting
Wed Jan 10 19:26:57 2018 SIGUSR1[soft,tls-error] received, process restarting
^CWed Jan 10 19:26:58 2018 SIGINT[hard,init_instance] received, process exiting

This is the log from trying to connect to the VPN. This is the case while both connecting with UDP and TCP. If anyone knows a way to fix this it would be a great help. Thanks in advance!

Offline

#2 2018-01-11 01:52:04

ewaller
Administrator
From: Pasadena, CA
Registered: 2009-07-13
Posts: 19,739

Re: Not able to connect to VPN through OpenVPN on TCP or UDP

Can you, perhaps, tell us a little more?
Which end is Arch Linux?  The host or client? Or both?
Did you set them both up? or is one of them out of your control?
What kind of authentication do you want?  What kind of encryption do you want?


Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way

Offline

#3 2018-01-11 13:32:44

Kagaroth
Member
Registered: 2018-01-09
Posts: 3

Re: Not able to connect to VPN through OpenVPN on TCP or UDP

There's an error with the client certificate. See these errors in log:

Wed Jan 10 19:26:50 2018 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain
Wed Jan 10 19:26:50 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Jan 10 19:26:50 2018 TLS_ERROR: BIO read tls_read_plaintext error
Wed Jan 10 19:26:50 2018 TLS Error: TLS object -> incoming plaintext read error
Wed Jan 10 19:26:50 2018 TLS Error: TLS handshake failed
Wed Jan 10 19:26:50 2018 Fatal TLS error (check_tls_errors_co), restarting

If you use a certificate generated by OpenSSL 1.0.x try regenerating it using OpenSSL 1.1.x.

Offline

#4 2018-01-31 13:39:12

dmeijboom
Member
Registered: 2018-01-31
Posts: 1

Re: Not able to connect to VPN through OpenVPN on TCP or UDP

I had the same problem and contacted the support desk of PureVPN. It seems that their 'old' certificates are indeed using an outdated and thus weak digest algorithm. They provided me with a server that has a new certificate (which works). The server is: nl2-ovpn-udp.pointtoserver.com for UDP and nl2-ovpn-tcp.pointtoserver.com for TCP but I live in Holland. You can simply replace "nl" with the right country-code.

You need the following certificate (instead of the default one):

-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT
D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T
ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB
FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw
OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI
SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE
AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd
BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1
Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26
nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O
pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS
Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM
aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV
HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr
YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD
ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw
CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T
ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C
CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H
MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn
NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG
dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO
xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg
p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS
4ZjTr9nMn6WdAHU2
-----END CERTIFICATE-----

Offline

Board footer

Powered by FluxBB