Opened 4 months ago

Closed 2 months ago

#1125 closed Bug / Defect (notabug)

Expired CA certificate causes looping auth

Reported by: lrosenman Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.4.5 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

My CA.crt (stupidly) had a short expiration. My clients got a constantly looping authentication.

*Tunnelblick: OS X 10.14.1; Tunnelblick 3.7.8beta01 (build 5160); prior version 3.7.7beta06 (build 5140); Admin user
git commit fc572c89d58d4ad4b515f37a14639c03b609bd35

Configuration LER-Test

"Sanitized" condensed configuration file for /Library/Application? Support/Tunnelblick/Shared?/LER-Test.tblk:

client
dev tun
proto udp
remote 192.168.200.4 1194
resolv-retry infinite
reneg-sec 0
remote-cert-tls server
auth-nocache
nobind
persist-key
persist-tun
<ca>
[Security-related line(s) omitted]
</ca>
<cert>
[Security-related line(s) omitted]
</cert>
<key>
[Security-related line(s) omitted]
</key>
verb 3
auth-user-pass
cipher AES-256-CBC # AES
auth SHA256
static-challenge 2fa: 1

================================================================================

Non-Apple kexts that are loaded:

Index Refs Address Size Wired Name (Version) UUID <Linked Against>

87 0 0xffffff7f80f31000 0x9000 0x9000 com.steelseries.ssenext.driver (1.6.11) 9E56C506-F1EF-3BA5-9517-D7C42B6D522B <42 5 4 3>
90 0 0xffffff7f82687000 0x7000 0x7000 com.parallels.virtualsound (1.0.36 36) E9131806-D073-8482-AC46-B4AAE55EA6FE <89 5 4 3 1>

159 0 0xffffff7f861a4000 0x5000 0x5000 com.parallels.virtualhid (1.0.3 3) B0C355DF-4268-359B-9654-0A67F4305F7B <42 5 4 3 1>

================================================================================

Files in LER-Test.tblk:

Contents/Resources?/config.ovpn

================================================================================

Configuration preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
-lastConnectionSucceeded = 0

================================================================================

Wildcard preferences:

-notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

================================================================================

Program preferences:

skipWarningThatIPAddressDidNotChangeAfterConnection = 1
launchAtNextLogin = 1
tunnelblickVersionHistory = (

"3.7.8beta01 (build 5160)",
"3.7.7beta06 (build 5140)",
"3.7.7beta05 (build 5130)",
"3.7.7beta04 (build 5120)",
"3.7.7beta03 (build 5100)",
"3.7.7beta02 (build 5090)",
"3.7.7beta01 (build 5070)",
"3.7.6beta04 (build 5050)",
"3.7.6beta03 (build 5031)",
"3.7.6beta02 (build 5030)"

)
lastLaunchTime = 560209094.759347
showConnectedDurations = 1
lastLanguageAtLaunchWasRTL = 0
connectionWindowDisplayCriteria = showWhenConnecting
maxLogDisplaySize = 102400
lastConnectedDisplayName = whereto-2fa
keyboardShortcutIndex = 1
updateCheckAutomatically = 1
updateCheckBetas = 1
NSWindow Frame SettingsSheetWindow? = 842 172 829 524 0 0 2560 1417
NSWindow Frame ConnectingWindow? = 1074 853 412 297 0 0 2560 1417
NSWindow Frame SUUpdateAlert = 970 781 620 392 0 0 2560 1417
detailsWindowFrameVersion = 5160
detailsWindowFrame = {{820, 724}, {920, 468}}
detailsWindowLeftFrame = {{0, 0}, {165, 350}}
detailsWindowViewIndex = 0
detailsWindowConfigurationsTabIdentifier = log
leftNavSelectedDisplayName = LER-Test
AdvancedWindowTabIdentifier? = connectingAndDisconnecting
haveDealtWithOldTunTapPreferences = 1
haveDealtWithOldLoginItem = 1
haveDealtWithAfterDisconnect = 1
SUEnableAutomaticChecks = 1
SUScheduledCheckInterval = 86400
SULastCheckTime = 2018-10-07 21:38:17 +0000
SUHasLaunchedBefore = 1
WebKitDefaultFontSize? = 16
WebKitStandardFont? = Times

================================================================================

Tunnelblick Log:

*Tunnelblick: OS X 10.14.1; Tunnelblick 3.7.8beta01 (build 5160); prior version 3.7.7beta06 (build 5140)
2018-10-07 19:43:30 *Tunnelblick: Attempting connection with LER-Test; Set nameserver = 769; monitoring connection
2018-10-07 19:43:30 *Tunnelblick: openvpnstart start LER-Test.tblk 51618 769 0 3 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2p
2018-10-07 19:43:31 *Tunnelblick: openvpnstart log:

OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):


/Applications/Tunnelblick?.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2p/openvpn
--daemon
--log
/Library/Application? Support/Tunnelblick/Logs/?-SLibrary-SApplication Support-STunnelblick-SShared-SLER--Test.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1065264.51618.openvpn.log

*Tunnelblick: Some entries have been removed because the log is too long

2018-10-07 19:43:48 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:48 MANAGEMENT: >STATE:1538959428,WAIT
2018-10-07 19:43:48 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:48 MANAGEMENT: >STATE:1538959428,AUTH

2018-10-07 19:43:48 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=1622baad a2519ab1
2018-10-07 19:43:48 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:48 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:48 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:48 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:48 TLS Error: TLS handshake failed
2018-10-07 19:43:48 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:48 MANAGEMENT: >STATE:1538959428,RECONNECTING,tls-error,
2018-10-07 19:43:48 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:48 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:48 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:48 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:48 UDP link local: (not bound)
2018-10-07 19:43:48 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:48 MANAGEMENT: >STATE:1538959428,WAIT
2018-10-07 19:43:48 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:48 MANAGEMENT: >STATE:1538959428,AUTH

2018-10-07 19:43:48 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=f343f030 58a4aa97
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=3a4ffb45 92d05b43
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=8b4fe0cb e313908d
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=b98a2c5e a37c932f
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=1573cd3e d3fbd341
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=c8f4124e facad7b4
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=8980a349 d26a00a5
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=0298fdf8 05eef20a
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=8f3c3430 d681bb60
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=c955afae 3e56165d
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=4666357b ecc57041
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=0538c372 0e14f0fa
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=420c4e35 9a4dfdbc
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=b52b23ee 0668c2c3
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=5305a2fa cd6ba826
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=f05c549c 280d45b8
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=8881440e 1f6f3dcc
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=22dc76dd 0b5d79e2
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2018-10-07 19:43:49 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 Socket Buffers: R=[786896->786896] S=[9216->9216]
2018-10-07 19:43:49 UDP link local: (not bound)
2018-10-07 19:43:49 UDP link remote: [AF_INET]192.168.200.4:1194
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,WAIT
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,AUTH

2018-10-07 19:43:49 TLS: Initial packet from [AF_INET]192.168.200.4:1194, sid=cf9176ca ba0aceaf
2018-10-07 19:43:49 VERIFY ERROR: depth=1, error=certificate has expired: C=US, ST=CA, L=San Francisco, O=WhereTo?, Inc., OU=OpenVPN Server, CN=WhereTo?, Inc. CA, emailAddress=larry@…
2018-10-07 19:43:49 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2018-10-07 19:43:49 TLS_ERROR: BIO read tls_read_plaintext error
2018-10-07 19:43:49 TLS Error: TLS object -> incoming plaintext read error
2018-10-07 19:43:49 TLS Error: TLS handshake failed
2018-10-07 19:43:49 SIGUSR1[soft,tls-error] received, process restarting
2018-10-07 19:43:49 MANAGEMENT: >STATE:1538959429,RECONNECTING,tls-error,
2018-10-07 19:43:49 MANAGEMENT: CMD 'hold release'

Change History (2)

comment:1 Changed 2 months ago by tincantech

This is expected behaviour.

You can change it with --connect-retry-max

comment:2 Changed 2 months ago by Gert Döring

Resolution: notabug
Status: newclosed
Note: See TracTickets for help on using tickets.