OpenVPN keeps getting same error (screenshot attached)

Post your questions about VPN Gate Academic Experiment Service here. Please answer questions if you can afford.
Post Reply
xzc
Posts: 3
Joined: Sun Apr 02, 2017 5:53 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by xzc » Sun Apr 02, 2017 5:58 am

same here

askogon
Posts: 3
Joined: Sun Apr 02, 2017 6:18 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by askogon » Sun Apr 02, 2017 7:22 am

Here is my log

Sun Apr 02 09:42:28 2017 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 7 2014
Sun Apr 02 09:42:28 2017 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Sun Apr 02 09:42:28 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 02 09:42:28 2017 Need hold release from management interface, waiting...
Sun Apr 02 09:42:29 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'state on'
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'log all on'
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'hold off'
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'hold release'
Sun Apr 02 09:42:29 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 02 09:42:29 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Apr 02 09:42:29 2017 Attempting to establish TCP connection with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:29 2017 MANAGEMENT: >STATE:1491115349,TCP_CONNECT,,,
Sun Apr 02 09:42:29 2017 TCP connection established with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:29 2017 TCPv4_CLIENT link local: [undef]
Sun Apr 02 09:42:29 2017 TCPv4_CLIENT link remote: [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:29 2017 MANAGEMENT: >STATE:1491115349,WAIT,,,
Sun Apr 02 09:42:30 2017 MANAGEMENT: >STATE:1491115350,AUTH,,,
Sun Apr 02 09:42:30 2017 TLS: Initial packet from [AF_INET]121.94.2.37:1580, sid=1d4fde0a 4c554f4f
Sun Apr 02 09:42:31 2017 VERIFY ERROR: depth=3, error=self signed certificate in certificate chain: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Sun Apr 02 09:42:31 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Apr 02 09:42:31 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 02 09:42:31 2017 TLS Error: TLS handshake failed
Sun Apr 02 09:42:31 2017 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 02 09:42:31 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 02 09:42:31 2017 MANAGEMENT: >STATE:1491115351,RECONNECTING,tls-error,,
Sun Apr 02 09:42:31 2017 Restart pause, 5 second(s)
Sun Apr 02 09:42:36 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 02 09:42:36 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Apr 02 09:42:36 2017 Attempting to establish TCP connection with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:36 2017 MANAGEMENT: >STATE:1491115356,TCP_CONNECT,,,
Sun Apr 02 09:42:36 2017 TCP connection established with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:36 2017 TCPv4_CLIENT link local: [undef]
Sun Apr 02 09:42:36 2017 TCPv4_CLIENT link remote: [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:36 2017 MANAGEMENT: >STATE:1491115356,WAIT,,,
Sun Apr 02 09:42:36 2017 MANAGEMENT: >STATE:1491115356,AUTH,,,
Sun Apr 02 09:42:36 2017 TLS: Initial packet from [AF_INET]121.94.2.37:1580, sid=197aa9fb a95e1f91
Sun Apr 02 09:42:38 2017 VERIFY ERROR: depth=3, error=self signed certificate in certificate chain: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Sun Apr 02 09:42:38 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Apr 02 09:42:38 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 02 09:42:38 2017 TLS Error: TLS handshake failed
Sun Apr 02 09:42:38 2017 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 02 09:42:38 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 02 09:42:38 2017 MANAGEMENT: >STATE:1491115358,RECONNECTING,tls-error,,
Sun Apr 02 09:42:38 2017 Restart pause, 5 second(s)

This TLS Error appeared 1 of april no matter TCP or UDP config used.
Looks like it is very common problem cos a lot of users complain they cant use VPN gate anymore.
Whats happend with VPN gate?

RobinTh
Posts: 2
Joined: Sun Apr 02, 2017 11:11 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by RobinTh » Sun Apr 02, 2017 11:13 am

Same problem

gosevpn
Posts: 4
Joined: Sun Apr 02, 2017 1:01 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by gosevpn » Sun Apr 02, 2017 1:50 pm

JFYI:
It seems it may be possible to temporarily workaround the current cert. problem (caused by cert pki/cert chain changes) till it is fixed.

Assuming openvpn client is used:

(1) Get the root certificate for AddTrust External:
https://support.comodo.com/index.php?/c ... ew/917/91/
(For Linux, it may be already available at the cert store - ie. /etc/ssl/certs/AddTrust_External_Root.pem if debian-based)

Then, either (2) or (3):

(2) Manually open vpngate config file, and copy/paste the root certificate for AddTrust External to the <ca> section like:
.....
<ca>
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----

.... (( another certificate )) .....
<ca>

(3) Or run openvpn command with --ca option (if this is feasible)
openvpn --config ... --ca /path/to/addtrustexternalcaroot.crt ...

It has been tested under linux and osx, and runs ok. I assume it would run on windows as well.

hope it helps.. cheers..

xzc
Posts: 3
Joined: Sun Apr 02, 2017 5:53 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by xzc » Sun Apr 02, 2017 1:54 pm

gosevpn wrote:
> JFYI:
> It seems it may be possible to temporarily workaround the current cert. problem
> (caused by cert pki/cert chain changes) till it is fixed.

Tested it under Linux, it works. Thank you

nanatsuaazu
Posts: 12
Joined: Thu Mar 23, 2017 7:10 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by nanatsuaazu » Sun Apr 02, 2017 3:06 pm

Where to reside this AddTrust External file? In the config directory?
Should the old and existing CERTIFICATE be replaced by the new one you suggested or keep the old one as well?

askogon
Posts: 3
Joined: Sun Apr 02, 2017 6:18 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by askogon » Sun Apr 02, 2017 9:31 pm

Thanks a lot gosevpn !
Both (2) and (3) metods solv the problem on windows.

Fireheart
Posts: 7
Joined: Mon Apr 03, 2017 1:39 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Fireheart » Mon Apr 03, 2017 2:07 am

Can someone please contact them to get this problem fixed? I'm not good at speaking on phones. I'd really like to get back to using openvpn on my mobile devices. :/ This sucks.

gosevpn
Posts: 4
Joined: Sun Apr 02, 2017 1:01 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by gosevpn » Mon Apr 03, 2017 2:09 am

nanatsuaazu wrote:
> Where to reside this AddTrust External file? In the config directory?
> Should the old and existing CERTIFICATE be replaced by the new one you
> suggested or keep the old one as well?

Probably better to save it to a separate directory as it may be a temp. workaround. Actually if an old one exists, both may be identical (ie. under Linux). I assume the problem would be eventually fixed by vpngate.

gosevpn
Posts: 4
Joined: Sun Apr 02, 2017 1:01 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by gosevpn » Mon Apr 03, 2017 2:12 am

orangeroad wrote:
> gosevpn
>
> any fix for iso ipad ?

Probably (2) method may possibly work. Maybe you can download the config file, add cert, and transfer it to your ipad to import somehow (ie. through email?)

fred
Posts: 2
Joined: Sat Apr 01, 2017 4:50 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by fred » Mon Apr 03, 2017 2:39 am

gosevpn wrote:
> JFYI:
> It seems it may be possible to temporarily workaround the current cert. problem

Thx Gosevpn. Works on macOS.

xzc
Posts: 3
Joined: Sun Apr 02, 2017 5:53 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by xzc » Mon Apr 03, 2017 3:38 am

Looks like they've fixed the problem. No workaround needed

Goin’ Motorboatin'
Posts: 7
Joined: Mon Apr 03, 2017 4:19 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Goin’ Motorboatin' » Mon Apr 03, 2017 4:29 am

It is NOT fixed.
They’d have posted an update or replied to this topic if they’d fixed the problem.

Looks like no one’s in over the weekend.
I called yesterday afternoon and left a message on their voicemail.


Apr 02 20:49:29: Viscosity Mac 1.6.8 (1370)
Apr 02 20:49:29: Viscosity OpenVPN Engine Started
Apr 02 20:49:29: Running on Mac OS X 10.11.6
Apr 02 20:49:29: ---------
Apr 02 20:49:29: Checking reachability status of connection...
Apr 02 20:49:30: Connection is reachable. Starting connection attempt.
Apr 02 20:49:30: OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 14 2017
Apr 02 20:49:30: library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
Apr 02 20:49:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 02 20:49:31: UDPv4 link local: [undef]
Apr 02 20:49:31: UDPv4 link remote: [AF_INET]106.158.12.177:1796
Apr 02 20:50:31: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 02 20:50:31: TLS Error: TLS handshake failed
Apr 02 20:50:31: SIGUSR1[soft,tls-error] received, process restarting
Apr 02 20:50:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 02 20:50:32: UDPv4 link local: [undef]
Apr 02 20:50:32: UDPv4 link remote: [AF_INET]106.158.12.177:1796
Apr 02 20:51:10: SIGTERM[hard,] received, process exiting

askogon
Posts: 3
Joined: Sun Apr 02, 2017 6:18 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by askogon » Mon Apr 03, 2017 9:29 am

Unfortunately adding the AddTrust External certificate solved the problem just temporarily.
Now I get
.......
Mon Apr 03 12:22:33 2017 VERIFY ERROR: depth=2, error=self signed certificate in certificate chain: /C=GB/ST=Greater_Manchester/L=Salford/O=COMODO_CA_Limited/CN=COMODO_RSA_Certification_Authority
Mon Apr 03 12:22:33 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Apr 03 12:22:33 2017 TLS Error: TLS object -> incoming plaintext read error
Mon Apr 03 12:22:33 2017 TLS Error: TLS handshake failed
Mon Apr 03 12:22:33 2017 Fatal TLS error (check_tls_errors_co), restarting
.......
Whether this certificate is added or not

Fireheart
Posts: 7
Joined: Mon Apr 03, 2017 1:39 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Fireheart » Mon Apr 03, 2017 12:06 pm

askogon wrote:
> Unfortunately adding the AddTrust External certificate solved the problem just
> temporarily.
> Now I get
> .......
> Mon Apr 03 12:22:33 2017 VERIFY ERROR: depth=2, error=self signed certificate in
> certificate chain:
> /C=GB/ST=Greater_Manchester/L=Salford/O=COMODO_CA_Limited/CN=COMODO_RSA_Certification_Authority
> Mon Apr 03 12:22:33 2017 TLS_ERROR: BIO read tls_read_plaintext error:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Mon Apr 03 12:22:33 2017 TLS Error: TLS object -> incoming plaintext read error
> Mon Apr 03 12:22:33 2017 TLS Error: TLS handshake failed
> Mon Apr 03 12:22:33 2017 Fatal TLS error (check_tls_errors_co), restarting
> .......
> Whether this certificate is added or not
That happened to me just some minutes ago (after having it working last night, then wake up to see it's broken again). I had to download a new openvpn config file from the homepage, then once again add the AddTrust External certificate line to the config file. I guess this only works for a couple hours, then it stops working and you need to do it again.

Goin’ Motorboatin'
Posts: 7
Joined: Mon Apr 03, 2017 4:19 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Goin’ Motorboatin' » Mon Apr 03, 2017 3:17 pm

I don’t see any response from the VPN Gate team as expected, but my VPN is functioning today.

UPDATE: well, only 2 out of 30 servers are actually connecting.
The success rate is usually much higher than that!

Sure would be nice if the team would respond to let us know what the issue is and when it might be fixed!

gosevpn
Posts: 4
Joined: Sun Apr 02, 2017 1:01 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by gosevpn » Tue Apr 04, 2017 2:38 am

gosevpn wrote:
> JFYI:
> It seems it may be possible to temporarily workaround the current cert. problem
> (caused by cert pki/cert chain changes) till it is fixed.

JFYI. At least for me, it looks like vpngate is working again (does not seems to work with the workaround)

thanks!

Goin’ Motorboatin'
Posts: 7
Joined: Mon Apr 03, 2017 4:19 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Goin’ Motorboatin' » Tue Apr 04, 2017 3:12 pm

A couple servers were working this morning for a short time, then they cut out and now none will connect.


What’s up VPN Gate ? HOW ABOUT AN UPDATE?!

Fireheart
Posts: 7
Joined: Mon Apr 03, 2017 1:39 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Fireheart » Tue Apr 04, 2017 8:36 pm

The OpenVPN app on my Android phone only works with the 1.16 version released in 2015, but not the 1.17 released 2016. What's up with that? But connection is a lot more unstable than it was before, frequent disconnects and my internet seems slower when I'm connected.

skpeter
Posts: 2
Joined: Wed Apr 05, 2017 5:10 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by skpeter » Wed Apr 05, 2017 5:17 pm

Any news on this? Connectivity on OpenVPN and SoftEther's app seem very unstable, and I can't connect through OpenVPN Android at all (I keep getting PolarSSL X509 - signature check failed errors). I can connect to other VPNs just fine though, but I like to use VPNGate since the hosts are less likely to be ASN banned.

Goin’ Motorboatin'
Posts: 7
Joined: Mon Apr 03, 2017 4:19 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Goin’ Motorboatin' » Thu Apr 06, 2017 2:59 am

Talk about a LAME team!

FIVE DAYS of this &@*# now and not a single update. :-(

fenice
Posts: 183
Joined: Sun Jul 19, 2015 4:23 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by fenice » Thu Apr 06, 2017 5:50 am

Goin’ Motorboatin' wrote:
> Talk about a LAME team!
>
> FIVE DAYS of this &@*# now and not a single update. :-(

Ask for a refund. ;)
Regards


Bill

skpeter
Posts: 2
Joined: Wed Apr 05, 2017 5:10 pm

Re: OpenVPN keeps getting same error (screenshot attached)

Post by skpeter » Thu Apr 06, 2017 2:03 pm

fenice wrote:
> Goin’ Motorboatin' wrote:
> > Talk about a LAME team!
> >
> > FIVE DAYS of this &@*# now and not a single update. :-(
>
> Ask for a refund. ;)

Couldn't have worded it better. At the end of the day, this is a free service provided by university students which probably don't have all the time to look into the project. It sucks, but I'll gladly wait for the issue to be solved. All we can do is report it and give feedback.

Goin’ Motorboatin'
Posts: 7
Joined: Mon Apr 03, 2017 4:19 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Goin’ Motorboatin' » Thu Apr 06, 2017 7:05 pm

I wasn’t aware of who the site is run by, but even the busiest college student can spare 5 minutes to post an update.

All I wanted was something like "the problem was caused by xxx and we expect it to be resolved soon/eventually/never."
Some form of acknowledgement that they’re even aware of the problem.

No doubt they’ve texted hundreds of times and/or sent many emails during this outage.
Probably enjoyed a beer or three too.

If it’s a cert. issue, why do some servers still connect at different times?
Sometimes none will connect, but later one or two will.

Goin’ Motorboatin'
Posts: 7
Joined: Mon Apr 03, 2017 4:19 am

Re: OpenVPN keeps getting same error (screenshot attached)

Post by Goin’ Motorboatin' » Mon Apr 10, 2017 10:51 am

This may help someone:

I’ve discovered that if I delete the old servers that won’t connect and re-add them from VPN Gate, they begin working again.

If it was a certificate issue as reported, then it seems replacing the old config files with new ones (which presumably have the new certificate) makes them functional once again.

Post Reply