No server certificate verification method has been enabled

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
seco
Posts: 4
Joined: Tue Apr 11, 2023 7:51 pm

No server certificate verification method has been enabled

Post by seco » Tue Apr 11, 2023 7:55 pm

Hi,

I just installed the SoftEther and grabbed one of the 443 port VPNs and tried to connect it shows an error message and can't connect.
The message says: No server certificate verification method has been enabled
I searched the web and found some people used this:

Code: Select all

remote-cert-tls server
tls-cipher "DEFAULT:@SECLEVEL=0" 
in the config file, but nothing changed !!
IT shows another error message:

Code: Select all

 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
I added this to the config file:

Code: Select all

data-ciphers AES-128-CBC
It shows another error:

Code: Select all

 TLS key negotiation failed to occur within 60 seconds
I tried many VPNs, but the same issue with the same error.

Any idea what to do to solve this problem?


Regards,

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: No server certificate verification method has been enabled

Post by solo » Tue Apr 11, 2023 11:16 pm

OpenVPN-2.6.0+
This update makes it possible to connect to VPNs where the "cipher" (now "data-ciphers") option is needed, as long as the connection is manually modified.

seco
Posts: 4
Joined: Tue Apr 11, 2023 7:51 pm

Re: No server certificate verification method has been enabled

Post by seco » Wed Apr 12, 2023 9:19 am

I'm using the latest version and have the same error.
I used 2.6.0 it was unable to connect at all !!

The weird part is that it works for ports 2500 and 2501.
Why it's not working for port 443?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: No server certificate verification method has been enabled

Post by solo » Wed Apr 12, 2023 10:10 am

https://www.vpngate.net/en/

Code: Select all

public-vpn-197.opengw.net

vpngate_public-vpn-197.opengw.net_tcp_443.ovpn

data-ciphers AES-128-CBC

2023-04-12 19:53:58 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC...
...
2023-04-12 19:56:48 Route addition via service succeeded
2023-04-12 19:56:48 Initialization Sequence Completed
2023-04-12 19:56:48 MANAGEMENT: >STATE:1681293408,CONNECTED,SUCCESS,10.246.47.9,219.100.37.211,443,10.0.2.15,49184
TLDR: 443 works for me

seco
Posts: 4
Joined: Tue Apr 11, 2023 7:51 pm

Re: No server certificate verification method has been enabled

Post by seco » Wed Apr 12, 2023 10:42 am

I tried it and now the log is like this:

Code: Select all

Wed Apr 12 12:40:13 2023 Note: cipher 'AES-128-CBC' in --data-ciphers is not supported by ovpn-dco, disabling data channel offload.
Wed Apr 12 12:40:13 2023 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023
Wed Apr 12 12:40:13 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Wed Apr 12 12:40:13 2023 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
Wed Apr 12 12:40:13 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 12 12:40:13 2023 Need hold release from management interface, waiting...
Wed Apr 12 12:40:14 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50084
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'state on'
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'log on all'
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'echo on all'
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'bytecount 5'
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'state'
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'hold off'
Wed Apr 12 12:40:14 2023 MANAGEMENT: CMD 'hold release'
Wed Apr 12 12:40:14 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:14 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:40:14 2023 Attempting to establish TCP connection with [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:14 2023 MANAGEMENT: >STATE:1681296014,TCP_CONNECT,,,,,,
Wed Apr 12 12:40:15 2023 TCP connection established with [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:15 2023 TCPv4_CLIENT link local: (not bound)
Wed Apr 12 12:40:15 2023 TCPv4_CLIENT link remote: [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:15 2023 MANAGEMENT: >STATE:1681296015,WAIT,,,,,,
Wed Apr 12 12:40:32 2023 Connection reset, restarting [0]
Wed Apr 12 12:40:32 2023 SIGUSR1[soft,connection-reset] received, process restarting
Wed Apr 12 12:40:32 2023 MANAGEMENT: >STATE:1681296032,RECONNECTING,connection-reset,,,,,
Wed Apr 12 12:40:32 2023 Restart pause, 1 second(s)
Wed Apr 12 12:40:33 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:33 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:40:33 2023 Attempting to establish TCP connection with [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:33 2023 MANAGEMENT: >STATE:1681296033,TCP_CONNECT,,,,,,
Wed Apr 12 12:40:33 2023 TCP connection established with [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:33 2023 TCPv4_CLIENT link local: (not bound)
Wed Apr 12 12:40:33 2023 TCPv4_CLIENT link remote: [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:33 2023 MANAGEMENT: >STATE:1681296033,WAIT,,,,,,
Wed Apr 12 12:40:50 2023 Connection reset, restarting [0]
Wed Apr 12 12:40:50 2023 SIGUSR1[soft,connection-reset] received, process restarting
Wed Apr 12 12:40:50 2023 MANAGEMENT: >STATE:1681296050,RECONNECTING,connection-reset,,,,,
Wed Apr 12 12:40:50 2023 Restart pause, 1 second(s)
Wed Apr 12 12:40:51 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:51 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:40:51 2023 Attempting to establish TCP connection with [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:51 2023 MANAGEMENT: >STATE:1681296051,TCP_CONNECT,,,,,,
Wed Apr 12 12:40:51 2023 TCP connection established with [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:51 2023 TCPv4_CLIENT link local: (not bound)
Wed Apr 12 12:40:51 2023 TCPv4_CLIENT link remote: [AF_INET]219.100.37.209:443
Wed Apr 12 12:40:51 2023 MANAGEMENT: >STATE:1681296051,WAIT,,,,,,
Wed Apr 12 12:41:09 2023 Connection reset, restarting [0]
Wed Apr 12 12:41:09 2023 SIGUSR1[soft,connection-reset] received, process restarting
Wed Apr 12 12:41:09 2023 MANAGEMENT: >STATE:1681296069,RECONNECTING,connection-reset,,,,,
Wed Apr 12 12:41:09 2023 Restart pause, 1 second(s)
Wed Apr 12 12:41:10 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:10 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:41:10 2023 Attempting to establish TCP connection with [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:10 2023 MANAGEMENT: >STATE:1681296070,TCP_CONNECT,,,,,,
Wed Apr 12 12:41:10 2023 TCP connection established with [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:10 2023 TCPv4_CLIENT link local: (not bound)
Wed Apr 12 12:41:10 2023 TCPv4_CLIENT link remote: [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:10 2023 MANAGEMENT: >STATE:1681296070,WAIT,,,,,,
Wed Apr 12 12:41:28 2023 Connection reset, restarting [0]
Wed Apr 12 12:41:28 2023 SIGUSR1[soft,connection-reset] received, process restarting
Wed Apr 12 12:41:28 2023 MANAGEMENT: >STATE:1681296088,RECONNECTING,connection-reset,,,,,
Wed Apr 12 12:41:28 2023 Restart pause, 1 second(s)
Wed Apr 12 12:41:29 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:29 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 12 12:41:29 2023 Attempting to establish TCP connection with [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:29 2023 MANAGEMENT: >STATE:1681296089,TCP_CONNECT,,,,,,
Wed Apr 12 12:41:29 2023 TCP connection established with [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:29 2023 TCPv4_CLIENT link local: (not bound)
Wed Apr 12 12:41:29 2023 TCPv4_CLIENT link remote: [AF_INET]219.100.37.209:443
Wed Apr 12 12:41:29 2023 MANAGEMENT: >STATE:1681296089,WAIT,,,,,,
It always returns : Connection reset, restarting [0]

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: No server certificate verification method has been enabled

Post by solo » Wed Apr 12, 2023 12:09 pm

It is your Windows 10 issue.
https://www.google.com/search?q=openvpn ... tbs=li%3A1
Let us know what you find.

seco
Posts: 4
Joined: Tue Apr 11, 2023 7:51 pm

Re: No server certificate verification method has been enabled

Post by seco » Wed Apr 12, 2023 12:20 pm

I opened the 443 port on Windows. Still the same issue.
I completely disable the Windows firewall and I still have the same issue.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: No server certificate verification method has been enabled

Post by solo » Wed Apr 12, 2023 12:38 pm

No, your ISP is blocking it.

Post Reply