|
|
Bradley, This error happens when two OpenVPN peers using TLS get out of sync with respect to their TLS authentication state, and neither attempts to actively trigger a TLS renegotiation. It usually happens when an OpenVPN peer without the "remote" option in its config is restarted. Since it doesn't know the address of its peer, it assumes that you want it to be a server, i.e. wait for a connection. The client, on the other hand may not know that the server was restarted, because UDP is connectionless. So one of the machines needs to trigger a TLS renegotiation. Then everything will be in sync again. One way to do this is with --ping and --ping-restart which will trigger a renegotiation when the connection goes down. There's more about this in the FAQ. James Bradley M Alexander <storm@xxxxxxx> said: > Running into a problem with opnvpn, and the messages aren't telling me > much. I was running 1.3.1, and upgraded both ends to 1.4.3. My connection > dropped over the long weekend, and when I got in today, I tried to restart > it, I got the following messages in my logs: > > > Sep 2 12:13:35 odyssey openvpn[30603]: TLS_ERROR: BIO read > tls_read_plaintext error: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Sep 2 12:13:35 odyssey openvpn[30603]: TLS Error: TLS object -> incoming > plaintext read error > Sep 2 12:13:35 odyssey openvpn[30603]: TLS Error: TLS handshake failed > Sep 2 12:13:35 odyssey openvpn[30599]: TLS Error: Unroutable control > packet received from www.xxx.yyy.zzz:5000 (si=3 op=P_CONTROL_V1) > > > What does unroutable control packet mean and why am I getting the plaintext > read errors and failing handshakes? > > Thanks, > -- > --Brad > ============================================================================ > Bradley M. Alexander | > gTLD SysAdmin, Security Engineer | storm [at] tux.org > Debian/GNU Linux Developer | storm [at] debian.org > ============================================================================ > Key fingerprints: > DSA 0x54434E65: 37F6 BCA6 621D 920C E02E E3C8 73B2 C019 5443 4E65 > RSA 0xC3BCBA91: 3F 0E 26 C1 90 14 AD 0A C8 9C F0 93 75 A0 01 34 > ============================================================================ > Never let an aircraft take you somewhere your brain didn't get > to five minutes earlier. > --Rules of the Air, #12 > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-09/msg00010.html on line 245 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2003-09/msg00010.html on line 245 |