SoftEther VPN User Forum

same here

Here is my log

Sun Apr 02 09:42:28 2017 OpenVPN 2.3.4 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 7 2014
Sun Apr 02 09:42:28 2017 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Sun Apr 02 09:42:28 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Apr 02 09:42:28 2017 Need hold release from management interface, waiting...
Sun Apr 02 09:42:29 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'state on'
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'log all on'
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'hold off'
Sun Apr 02 09:42:29 2017 MANAGEMENT: CMD 'hold release'
Sun Apr 02 09:42:29 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 02 09:42:29 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Apr 02 09:42:29 2017 Attempting to establish TCP connection with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:29 2017 MANAGEMENT: >STATE:1491115349,TCP_CONNECT,,,
Sun Apr 02 09:42:29 2017 TCP connection established with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:29 2017 TCPv4_CLIENT link local: [undef]
Sun Apr 02 09:42:29 2017 TCPv4_CLIENT link remote: [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:29 2017 MANAGEMENT: >STATE:1491115349,WAIT,,,
Sun Apr 02 09:42:30 2017 MANAGEMENT: >STATE:1491115350,AUTH,,,
Sun Apr 02 09:42:30 2017 TLS: Initial packet from [AF_INET]121.94.2.37:1580, sid=1d4fde0a 4c554f4f
Sun Apr 02 09:42:31 2017 VERIFY ERROR: depth=3, error=self signed certificate in certificate chain: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Sun Apr 02 09:42:31 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Apr 02 09:42:31 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 02 09:42:31 2017 TLS Error: TLS handshake failed
Sun Apr 02 09:42:31 2017 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 02 09:42:31 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 02 09:42:31 2017 MANAGEMENT: >STATE:1491115351,RECONNECTING,tls-error,,
Sun Apr 02 09:42:31 2017 Restart pause, 5 second(s)
Sun Apr 02 09:42:36 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Apr 02 09:42:36 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Apr 02 09:42:36 2017 Attempting to establish TCP connection with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:36 2017 MANAGEMENT: >STATE:1491115356,TCP_CONNECT,,,
Sun Apr 02 09:42:36 2017 TCP connection established with [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:36 2017 TCPv4_CLIENT link local: [undef]
Sun Apr 02 09:42:36 2017 TCPv4_CLIENT link remote: [AF_INET]121.94.2.37:1580
Sun Apr 02 09:42:36 2017 MANAGEMENT: >STATE:1491115356,WAIT,,,
Sun Apr 02 09:42:36 2017 MANAGEMENT: >STATE:1491115356,AUTH,,,
Sun Apr 02 09:42:36 2017 TLS: Initial packet from [AF_INET]121.94.2.37:1580, sid=197aa9fb a95e1f91
Sun Apr 02 09:42:38 2017 VERIFY ERROR: depth=3, error=self signed certificate in certificate chain: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Sun Apr 02 09:42:38 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Apr 02 09:42:38 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 02 09:42:38 2017 TLS Error: TLS handshake failed
Sun Apr 02 09:42:38 2017 Fatal TLS error (check_tls_errors_co), restarting
Sun Apr 02 09:42:38 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 02 09:42:38 2017 MANAGEMENT: >STATE:1491115358,RECONNECTING,tls-error,,
Sun Apr 02 09:42:38 2017 Restart pause, 5 second(s)

This TLS Error appeared 1 of april no matter TCP or UDP config used.
Looks like it is very common problem cos a lot of users complain they cant use VPN gate anymore.
Whats happend with VPN gate?

Same problem

JFYI:
It seems it may be possible to temporarily workaround the current cert. problem (caused by cert pki/cert chain changes) till it is fixed.

Assuming openvpn client is used:

(1) Get the root certificate for AddTrust External:
https://support.comodo.com/index.php?/c ... ew/917/91/
(For Linux, it may be already available at the cert store - ie. /etc/ssl/certs/AddTrust_External_Root.pem if debian-based)

Then, either (2) or (3):

(2) Manually open vpngate config file, and copy/paste the root certificate for AddTrust External to the <ca> section like:
.....
<ca>
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----

.... (( another certificate )) .....
<ca>

(3) Or run openvpn command with --ca option (if this is feasible)
openvpn --config ... --ca /path/to/addtrustexternalcaroot.crt ...

It has been tested under linux and osx, and runs ok. I assume it would run on windows as well.

hope it helps.. cheers..

gosevpn wrote:
> JFYI:
> It seems it may be possible to temporarily workaround the current cert. problem
> (caused by cert pki/cert chain changes) till it is fixed.

Tested it under Linux, it works. Thank you

Where to reside this AddTrust External file? In the config directory?
Should the old and existing CERTIFICATE be replaced by the new one you suggested or keep the old one as well?

Thanks a lot gosevpn !
Both (2) and (3) metods solv the problem on windows.

Can someone please contact them to get this problem fixed? I'm not good at speaking on phones. I'd really like to get back to using openvpn on my mobile devices. :/ This sucks.

nanatsuaazu wrote:
> Where to reside this AddTrust External file? In the config directory?
> Should the old and existing CERTIFICATE be replaced by the new one you
> suggested or keep the old one as well?

Probably better to save it to a separate directory as it may be a temp. workaround. Actually if an old one exists, both may be identical (ie. under Linux). I assume the problem would be eventually fixed by vpngate.

orangeroad wrote:
> gosevpn
>
> any fix for iso ipad ?

Probably (2) method may possibly work. Maybe you can download the config file, add cert, and transfer it to your ipad to import somehow (ie. through email?)

gosevpn wrote:
> JFYI:
> It seems it may be possible to temporarily workaround the current cert. problem

Thx Gosevpn. Works on macOS.

Looks like they've fixed the problem. No workaround needed

It is NOT fixed.
They’d have posted an update or replied to this topic if they’d fixed the problem.

Looks like no one’s in over the weekend.
I called yesterday afternoon and left a message on their voicemail.


Apr 02 20:49:29: Viscosity Mac 1.6.8 (1370)
Apr 02 20:49:29: Viscosity OpenVPN Engine Started
Apr 02 20:49:29: Running on Mac OS X 10.11.6
Apr 02 20:49:29: ---------
Apr 02 20:49:29: Checking reachability status of connection...
Apr 02 20:49:30: Connection is reachable. Starting connection attempt.
Apr 02 20:49:30: OpenVPN 2.3.14 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Jan 14 2017
Apr 02 20:49:30: library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.09
Apr 02 20:49:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 02 20:49:31: UDPv4 link local: [undef]
Apr 02 20:49:31: UDPv4 link remote: [AF_INET]106.158.12.177:1796
Apr 02 20:50:31: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 02 20:50:31: TLS Error: TLS handshake failed
Apr 02 20:50:31: SIGUSR1[soft,tls-error] received, process restarting
Apr 02 20:50:31: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 02 20:50:32: UDPv4 link local: [undef]
Apr 02 20:50:32: UDPv4 link remote: [AF_INET]106.158.12.177:1796
Apr 02 20:51:10: SIGTERM[hard,] received, process exiting

Unfortunately adding the AddTrust External certificate solved the problem just temporarily.
Now I get
.......
Mon Apr 03 12:22:33 2017 VERIFY ERROR: depth=2, error=self signed certificate in certificate chain: /C=GB/ST=Greater_Manchester/L=Salford/O=COMODO_CA_Limited/CN=COMODO_RSA_Certification_Authority
Mon Apr 03 12:22:33 2017 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Apr 03 12:22:33 2017 TLS Error: TLS object -> incoming plaintext read error
Mon Apr 03 12:22:33 2017 TLS Error: TLS handshake failed
Mon Apr 03 12:22:33 2017 Fatal TLS error (check_tls_errors_co), restarting
.......
Whether this certificate is added or not

askogon wrote:
> Unfortunately adding the AddTrust External certificate solved the problem just
> temporarily.
> Now I get
> .......
> Mon Apr 03 12:22:33 2017 VERIFY ERROR: depth=2, error=self signed certificate in
> certificate chain:
> /C=GB/ST=Greater_Manchester/L=Salford/O=COMODO_CA_Limited/CN=COMODO_RSA_Certification_Authority
> Mon Apr 03 12:22:33 2017 TLS_ERROR: BIO read tls_read_plaintext error:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Mon Apr 03 12:22:33 2017 TLS Error: TLS object -> incoming plaintext read error
> Mon Apr 03 12:22:33 2017 TLS Error: TLS handshake failed
> Mon Apr 03 12:22:33 2017 Fatal TLS error (check_tls_errors_co), restarting
> .......
> Whether this certificate is added or not
That happened to me just some minutes ago (after having it working last night, then wake up to see it's broken again). I had to download a new openvpn config file from the homepage, then once again add the AddTrust External certificate line to the config file. I guess this only works for a couple hours, then it stops working and you need to do it again.

I don’t see any response from the VPN Gate team as expected, but my VPN is functioning today.

UPDATE: well, only 2 out of 30 servers are actually connecting.
The success rate is usually much higher than that!

Sure would be nice if the team would respond to let us know what the issue is and when it might be fixed!

gosevpn wrote:
> JFYI:
> It seems it may be possible to temporarily workaround the current cert. problem
> (caused by cert pki/cert chain changes) till it is fixed.

JFYI. At least for me, it looks like vpngate is working again (does not seems to work with the workaround)

thanks!

A couple servers were working this morning for a short time, then they cut out and now none will connect.


What’s up VPN Gate ? HOW ABOUT AN UPDATE?!

The OpenVPN app on my Android phone only works with the 1.16 version released in 2015, but not the 1.17 released 2016. What's up with that? But connection is a lot more unstable than it was before, frequent disconnects and my internet seems slower when I'm connected.

Any news on this? Connectivity on OpenVPN and SoftEther's app seem very unstable, and I can't connect through OpenVPN Android at all (I keep getting PolarSSL X509 - signature check failed errors). I can connect to other VPNs just fine though, but I like to use VPNGate since the hosts are less likely to be ASN banned.

Talk about a LAME team!

FIVE DAYS of this &@*# now and not a single update. :-(

Goin’ Motorboatin' wrote:
> Talk about a LAME team!
>
> FIVE DAYS of this &@*# now and not a single update. :-(

Ask for a refund. ;)

fenice wrote:
> Goin’ Motorboatin' wrote:
> > Talk about a LAME team!
> >
> > FIVE DAYS of this &@*# now and not a single update. :-(
>
> Ask for a refund. ;)

Couldn't have worded it better. At the end of the day, this is a free service provided by university students which probably don't have all the time to look into the project. It sucks, but I'll gladly wait for the issue to be solved. All we can do is report it and give feedback.

I wasn’t aware of who the site is run by, but even the busiest college student can spare 5 minutes to post an update.

All I wanted was something like "the problem was caused by xxx and we expect it to be resolved soon/eventually/never."
Some form of acknowledgement that they’re even aware of the problem.

No doubt they’ve texted hundreds of times and/or sent many emails during this outage.
Probably enjoyed a beer or three too.

If it’s a cert. issue, why do some servers still connect at different times?
Sometimes none will connect, but later one or two will.

This may help someone:

I’ve discovered that if I delete the old servers that won’t connect and re-add them from VPN Gate, they begin working again.

If it was a certificate issue as reported, then it seems replacing the old config files with new ones (which presumably have the new certificate) makes them functional once again.