openvpn не признает сертификат
Не могу соединиться к серверу. Вчера ещё все работало. Сегодня, судя по всему, не нравится сертификат. Я в этих сертификатах ничерта не понимаю, какой ему сертификат не нравится — у меня или там на сервере?
sudo openvpn --config vpngate_123.4.567.89_udp_1985.ovpn 2023-03-18 12:24:31 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning. 2023-03-18 12:24:31 OpenVPN 2.5.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 18 2023 2023-03-18 12:24:31 library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10 2023-03-18 12:24:31 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-03-18 12:24:31 TCP/UDP: Preserving recently used remote address: [AF_INET]126.4.567.89:1985 2023-03-18 12:24:31 Socket Buffers: R=[212992->212992] S=[212992->212992] 2023-03-18 12:24:31 UDP link local: (not bound) 2023-03-18 12:24:31 UDP link remote: [AF_INET]123.4.567.89:1985 2023-03-18 12:24:32 TLS: Initial packet from [AF_INET]123.4.567.89:1985, sid=180b824f c3e57c5f 2023-03-18 12:24:32 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1 2023-03-18 12:24:32 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3 2023-03-18 12:24:32 VERIFY ERROR: depth=0, error=certificate has expired: CN=opengw.net, serial=270090734479764202226505740823661288419396 2023-03-18 12:24:32 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2023-03-18 12:24:32 TLS_ERROR: BIO read tls_read_plaintext error 2023-03-18 12:24:32 TLS Error: TLS object -> incoming plaintext read error 2023-03-18 12:24:32 TLS Error: TLS handshake failed 2023-03-18 12:24:32 SIGUSR1[soft,tls-error] received, process restarting 2023-03-18 12:24:32 Restart pause, 5 second(s) 2023-03-18 12:24:37 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-03-18 12:24:37 TCP/UDP: Preserving recently used remote address: [AF_INET]123.4.567.89:1985 2023-03-18 12:24:37 Socket Buffers: R=[212992->212992] S=[212992->212992] 2023-03-18 12:24:37 UDP link local: (not bound) 2023-03-18 12:24:37 UDP link remote: [AF_INET]123.4.567.89:1985 2023-03-18 12:24:37 TLS: Initial packet from [AF_INET]123.4.567.89:1985, sid=7302b28a 32827f9f 2023-03-18 12:24:37 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1 2023-03-18 12:24:37 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3 2023-03-18 12:24:37 VERIFY ERROR: depth=0, error=certificate has expired: CN=opengw.net, serial=270090734479764202226505740823661288419396 2023-03-18 12:24:37 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2023-03-18 12:24:37 TLS_ERROR: BIO read tls_read_plaintext error 2023-03-18 12:24:37 TLS Error: TLS object -> incoming plaintext read error 2023-03-18 12:24:37 TLS Error: TLS handshake failed 2023-03-18 12:24:37 SIGUSR1[soft,tls-error] received, process restarting 2023-03-18 12:24:37 Restart pause, 5 second(s) На всякий случай пересобрал openvpn — ничего не дало.
Что с этим делать?
пробовал соединяться к разным серверам — ошибка одна и та же
No server certificate verification method has been enabled как исправить
Сообщения: 2
Благодарности: 0
Здравствуйте. Помогите пожалуйста разобраться с установкой openvpn
Стоит роутер Zyxel Kinetic Порт 1194 переброшен. После попытки соединения на машине клиента выходит ошибка WARNING: No server certificate verification method has been enabled openvpn
Прилагаю логи и настройки сервера и клиента
Настройки сервера
port 1194
proto udp
dev tun
dev-node «VPN Server»
dh «C:\\OpenVPN\\ssl\\dh2048.pem»
ca «C:\\OpenVPN\\ssl\\ca.crt»
cert «C:\\OpenVPN\\ssl\\rcio.crt»
key «C:\\OpenVPN\\ssl\\rcio.key»
server 10.1.1.0 255.255.255.0
max-clients 32
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun
cipher DES-CBC
status «C:\\OpenVPN\\log\\status.log»
log «C:\\OpenVPN\\log\\openvpn.log»
verb 4
mute 20
Настройки клиента
client
resolv-retry infinite
nobind
remote 176.100.113.58
port 1194
proto udp
dev tun
comp-lzo
ca ca.crt
cert bardinin.crt
key bardinin.key
dh dh2048.pem
float
cipher DES-CBC
keepalive 10 120
persist-key
persist-tun
verb 0
OpenVPN Support Forum
No server certificate verification method has been enabled.
Need help configuring your VPN? Just post here and you’ll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
13 posts • Page 1 of 1
LonelyPixel OpenVpn Newbie Posts: 13 Joined: Fri Nov 23, 2012 7:44 pm
No server certificate verification method has been enabled.
Post by LonelyPixel » Thu May 31, 2018 9:07 am
When connecting to my OpenVPN server, I get this message on the client in red colour:
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
I have read that page and acknowledged it. The certificates already have the appropriate settings. How can I make this red line go away?
TinCanTech OpenVPN Protagonist Posts: 11141 Joined: Fri Jun 03, 2016 1:17 pm
Re: No server certificate verification method has been enabled.
Post by TinCanTech » Thu May 31, 2018 11:27 am
The HOWTO wrote: Now add the following line to your client configuration:
remote-cert-tls server
LonelyPixel OpenVpn Newbie Posts: 13 Joined: Fri Nov 23, 2012 7:44 pm
Re: No server certificate verification method has been enabled.
Post by LonelyPixel » Thu May 31, 2018 12:53 pm
Thanks for the pointer. I haven’t seen this line and thought there’s nothing more to do. Maybe the page layout was a bit too complex or I was already in that «stupid documentation» mood.
TinCanTech OpenVPN Protagonist Posts: 11141 Joined: Fri Jun 03, 2016 1:17 pm
Re: No server certificate verification method has been enabled.
Post by TinCanTech » Thu May 31, 2018 1:15 pm
Thu May 31, 2018 12:53 pm
or I was already in that «stupid documentation» mood.
Would you prefer there not to be documentation ?
People put a lot of effort into writing it .. but we can delete it all if you prefer
LonelyPixel OpenVpn Newbie Posts: 13 Joined: Fri Nov 23, 2012 7:44 pm
Re: No server certificate verification method has been enabled.
Post by LonelyPixel » Thu May 31, 2018 5:19 pm
If there is no documentation, I’d be annoyed about it not being there. If there’s a documentation that’s hard to find, use and understand, I’d be annoyed about it being hard to find, use and understand. Please understand that incomplete efforts cannot beat psychology. You can’t sell a product by arguing that you couldn’t do it any better. I’m just giving you feedback on that, other’s won’t and turn somewhere else. I guess you still don’t care because we’re all not paying any money.
And yes, deleting the outdated part of the documentation might indeed be helpful! It just doesn’t look too professional if I turn to the forums about a documentation page from a prominent FAQ list only to hear that it’s long outdated. You see where my impression comes from?
TinCanTech OpenVPN Protagonist Posts: 11141 Joined: Fri Jun 03, 2016 1:17 pm
Re: No server certificate verification method has been enabled.
Post by TinCanTech » Thu May 31, 2018 5:56 pm
Thu May 31, 2018 5:19 pm
If there is no documentation, I’d be annoyed about it not being there. If there’s a documentation that’s hard to find, use and understand, I’d be annoyed about it being hard to find, use and understand.
You can help improve it
Thu May 31, 2018 5:19 pm
You can’t sell a product by arguing that you couldn’t do it any better. I’m just giving you feedback on that, other’s won’t and turn somewhere else. I guess you still don’t care because we’re all not paying any money.
I care which is why I help .. but we need more help.
Thu May 31, 2018 5:19 pm
yes, deleting the outdated part of the documentation might indeed be helpful!
You can help improve it
Thu May 31, 2018 5:19 pm
It just doesn’t look too professional if I turn to the forums about a documentation page from a prominent FAQ list only to hear that it’s long outdated.
At least all the pages of documentation from Openvpn are fully dated, unlike much of the FUD out there .. so you can decide immediately if you want to read it or not.
LonelyPixel OpenVpn Newbie Posts: 13 Joined: Fri Nov 23, 2012 7:44 pm
Re: No server certificate verification method has been enabled.
Post by LonelyPixel » Tue Aug 14, 2018 6:58 pm
Oh, that’s been a long time.
I understand that you need more help to keep the docs updated. But I really feel that should be done by people who know what they talk about. You can probably guess from my questions that I’m not one of them. Set aside that I can’t even guess the effort it’d take me to find out how to help with that. Somebody would have to spend a lot of time putting me on the right track that they could better spend in fixing it directly.
1_C4T4LY5T OpenVpn Newbie Posts: 2 Joined: Mon Jul 06, 2020 12:48 am
Re: No server certificate verification method has been enabled.
Post by 1_C4T4LY5T » Mon Jul 06, 2020 12:51 am
I see that open vpn error tells me to go here: https://openvpn.net/community-resources/how-to/#mitm
but that makes no sense to me as I’m definitely a noob to vpn’s in general. I did try to add «remote-cert-tls server» to the end of my client config file. When I added it the red error went away but now the client just keeps saying connecting in status and never actually errors or connects for me.
Could I get some help from anyone in a very dumbed down way? like if you were explaining it to your mom for example ?
Thank you in advance for any help.
TinCanTech OpenVPN Protagonist Posts: 11141 Joined: Fri Jun 03, 2016 1:17 pm
Re: No server certificate verification method has been enabled.
Post by TinCanTech » Mon Jul 06, 2020 2:11 am
OpenVPN клиент не подключается к серверу, что не так?
port 1194
client
dev tun
proto udp
remote 10.8.0.1 1194
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
nobind
comp-lzo
persist-key
persist-tun
status C:\\OpenVPN\\log\\openvpn-status.log
log C:\\OpenVPN\\log\\openvpn.log
verb 3
Fri Jul 31 13:04:07 2015 MANAGEMENT: >STATE:1438337047,RECONNECTING,tls-error,,
Fri Jul 31 13:04:07 2015 Restart pause, 2 second(s)
Fri Jul 31 13:04:09 2015 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Fri Jul 31 13:04:09 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 31 13:04:09 2015 UDPv4 link local: [undef]
Fri Jul 31 13:04:09 2015 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Fri Jul 31 13:04:09 2015 MANAGEMENT: >STATE:1438337049,WAIT.
Fri Jul 31 13:05:09 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul 31 13:05:09 2015 TLS Error: TLS handshake failed
Fri Jul 31 13:05:09 2015 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 31 13:05:09 2015 MANAGEMENT: >STATE:1438337109,RECONNECTING,tls-error,,
Fri Jul 31 13:05:09 2015 Restart pause, 2 second(s)
Fri Jul 31 13:05:11 2015 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Fri Jul 31 13:05:11 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 31 13:05:11 2015 UDPv4 link local: [undef]
Fri Jul 31 13:05:11 2015 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Fri Jul 31 13:05:11 2015 MANAGEMENT: >STATE:1438337111,WAIT.
запускаю от админа
- Вопрос задан более трёх лет назад
- 36772 просмотра