You are not logged in.

#1 2022-11-15 13:17:30

Energ0block
Member
Registered: 2022-11-15
Posts: 4

[SOLVED] OpenVPN 2.5.8 & OpenSSL 3.0.7 (error:0A0C0103)

After updating the client system in early November, a problem appeared: the openvpn client does not connect.
Many other clients on older versions of openssl connect without problems.

OpenVPN server: Debian 8 (Jessie), OpenVPN 2.3.4, OpenSSL 1.0.1t
OpenVPN client: Archlinux latest, OpenVPN 2.5.8, OpenSSL 3.0.7

On the client, I run vpn with the following command:

sudo openvpn --config /etc/openvpn/client/client.conf

client.conf

client
dev tun
proto udp
remote myvpnhost 1234
resolv-retry infinite
nobind
persist-tun
persist-key
daemon
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
dh /etc/openvpn/client/dh2048.pem
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
data-ciphers-fallback AES-128-CBC
verb 3
remote-cert-tls server

Openvpn client log:

2022-11-15 18:15:19 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
2022-11-15 18:15:19 OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022
2022-11-15 18:15:19 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-11-15 18:15:21 TCP/UDP: Preserving recently used remote address: [AF_INET]<serverip>
2022-11-15 18:15:21 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-11-15 18:15:21 UDP link local: (not bound)
2022-11-15 18:15:21 UDP link remote: [AF_INET]<serverip>
2022-11-15 18:15:27 TLS: Initial packet from [AF_INET]<serverip>, sid=11a1a99c 5be30144
2022-11-15 18:15:28 VERIFY OK: depth=1, C=EU, ST=EU, L=none, O=none, OU=none, CN=none CA, name=EasyRSA, emailAddress=nobody@nobody
2022-11-15 18:15:28 VERIFY KU OK
2022-11-15 18:15:28 Validating certificate extended key usage
2022-11-15 18:15:28 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-11-15 18:15:28 VERIFY EKU OK
2022-11-15 18:15:28 VERIFY OK: depth=0, C=EU, ST=EU, L=none, O=none, OU=none, CN=server-udp-tun, name=EasyRSA, emailAddress=nobody@nobody
2022-11-15 18:15:28 OpenSSL: error:0A0C0103:SSL routines::internal error
2022-11-15 18:15:28 TLS_ERROR: BIO read tls_read_plaintext error
2022-11-15 18:15:28 TLS Error: TLS object -> incoming plaintext read error
2022-11-15 18:15:28 TLS Error: TLS handshake failed
2022-11-15 18:15:28 SIGUSR1[soft,tls-error] received, process restarting
2022-11-15 18:15:28 Restart pause, 5 second(s)

I've already made changes to the config following the advice from this post, but nothing has changed.

Last edited by Energ0block (2022-11-16 11:08:35)

Offline

#2 2022-11-16 11:04:22

Energ0block
Member
Registered: 2022-11-15
Posts: 4

Re: [SOLVED] OpenVPN 2.5.8 & OpenSSL 3.0.7 (error:0A0C0103)

I found the solution here.

You need to add this line to the client config:

tls-cipher "DEFAULT:@SECLEVEL=0"

Not recommended due to security risks, but for my home projects, this is a suitable solution to the problem.

Offline

Board footer

Powered by FluxBB