Jump to content
Not connected, Your IP: 54.234.191.202
Sign in to follow this  
B97LV88J70NMA7FZ

Checking route IPv4 failed. / curl: (60) server certificate verification failed.

Recommended Posts

. 2021.09.30 11:01:55 - Eddie version: 2.18.9 / linux_x64, System: Linux, Name: Linux Mint 18.3 Sylvia \n \l, Version: Linux [redacted] 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux, Mono/.Net: 4.2.1 (Debian 4.2.1.102+dfsg2-7ubuntu4); Framework: v4.0.30319
. 2021.09.30 11:01:55 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2021.09.30 11:01:55 - Raise system privileges
. 2021.09.30 11:02:00 - Profile path: [redacted]/.config/eddie/default.profile
. 2021.09.30 11:02:00 - Reading options from [redacted]/.config/eddie/default.profile
. 2021.09.30 11:02:01 - Tun Driver - /dev/net/tun
. 2021.09.30 11:02:01 - OpenVPN - Version: 2.3.10 - OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08 (/usr/sbin/openvpn)
. 2021.09.30 11:02:01 - SSH - Version: OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016 (/usr/bin/ssh)
. 2021.09.30 11:02:01 - SSL - Version: stunnel 5.30 (/usr/bin/stunnel4)
. 2021.09.30 11:02:01 - curl - Version: 7.47.0 (/usr/bin/curl)
! 2021.09.30 11:02:01 - Activation of Network Lock - Linux iptables
I 2021.09.30 11:02:02 - Ready
. 2021.09.30 11:02:05 - Collect information about AirVPN completed
I 2021.09.30 11:02:47 - Session starting.
I 2021.09.30 11:02:47 - Checking authorization ...
. 2021.09.30 11:02:48 - IPv6 disabled on network adapter (default)
. 2021.09.30 11:02:48 - IPv6 disabled on network adapter (enp4s0)
! 2021.09.30 11:02:48 - Connecting to Sadalbari (Canada, Toronto, Ontario)
. 2021.09.30 11:02:48 - OpenVPN > OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
. 2021.09.30 11:02:48 - OpenVPN > library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
. 2021.09.30 11:02:48 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2021.09.30 11:02:48 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2021.09.30 11:02:48 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2021.09.30 11:02:48 - OpenVPN > Socket Buffers: R=[87380->87380] S=[16384->16384]
. 2021.09.30 11:02:48 - OpenVPN > Attempting to establish TCP connection with [AF_INET]184.75.221.178:443 [nonblock]
. 2021.09.30 11:02:49 - OpenVPN > TCP connection established with [AF_INET]184.75.221.178:443
. 2021.09.30 11:02:49 - OpenVPN > TCPv4_CLIENT link local: [undef]
. 2021.09.30 11:02:49 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]184.75.221.178:443
. 2021.09.30 11:02:49 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.178:443, sid=97c993d9 4c8d25bf
. 2021.09.30 11:02:50 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2021.09.30 11:02:50 - OpenVPN > Validating certificate key usage
. 2021.09.30 11:02:50 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0
. 2021.09.30 11:02:50 - OpenVPN > VERIFY KU OK
. 2021.09.30 11:02:50 - OpenVPN > Validating certificate extended key usage
. 2021.09.30 11:02:50 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2021.09.30 11:02:50 - OpenVPN > VERIFY EKU OK
. 2021.09.30 11:02:50 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Sadalbari, emailAddress=info@airvpn.org
. 2021.09.30 11:02:50 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2021.09.30 11:02:50 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2021.09.30 11:02:50 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2021.09.30 11:02:50 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2021.09.30 11:02:50 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2021.09.30 11:02:50 - OpenVPN > [Sadalbari] Peer Connection Initiated with [AF_INET]184.75.221.178:443
. 2021.09.30 11:02:52 - OpenVPN > SENT CONTROL [Sadalbari]: 'PUSH_REQUEST' (status=1)
. 2021.09.30 11:02:52 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway  def1 bypass-dhcp,dhcp-option DNS 10.28.181.1,route-gateway 10.28.181.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.28.181.39 255.255.255.0,peer-id 0'
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: LZO parms modified
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: route options modified
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: peer-id set
. 2021.09.30 11:02:52 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1563
. 2021.09.30 11:02:52 - OpenVPN > ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp4s0 HWADDR=e0:3f:49:0e:0d:ae
. 2021.09.30 11:02:52 - OpenVPN > TUN/TAP device tun0 opened
. 2021.09.30 11:02:52 - OpenVPN > TUN/TAP TX queue length set to 100
. 2021.09.30 11:02:52 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
. 2021.09.30 11:02:52 - OpenVPN > /sbin/ip link set dev tun0 up mtu 1500
. 2021.09.30 11:02:52 - OpenVPN > /sbin/ip addr add dev tun0 10.28.181.39/24 broadcast 10.28.181.255
. 2021.09.30 11:02:58 - OpenVPN > /sbin/ip route add 184.75.221.178/32 via 192.168.1.1
. 2021.09.30 11:02:58 - OpenVPN > /sbin/ip route add 0.0.0.0/1 via 10.28.181.1
. 2021.09.30 11:02:58 - OpenVPN > /sbin/ip route add 128.0.0.0/1 via 10.28.181.1
. 2021.09.30 11:02:58 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
. 2021.09.30 11:02:58 - Routes, added a new route, 184.75.221.179 for gateway 10.28.181.1
. 2021.09.30 11:02:58 - Unable to compute route for 2606:6080:1001:14:c766:f45a:ac4d:72a0: IPv6 VPN gateway not available.
. 2021.09.30 11:02:58 - Flushing DNS
I 2021.09.30 11:02:58 - Checking route IPv4
. 2021.09.30 11:02:59 - curl: (60) server certificate verification failed. CAfile: /usr/share/eddie-ui/cacert.pem CRLfile: none
. 2021.09.30 11:02:59 -     More details here: http://curl.haxx.se/docs/sslcerts.html
. 2021.09.30 11:02:59 -     curl performs SSL certificate verification by default, using a "bundle"
. 2021.09.30 11:02:59 -     of Certificate Authority (CA) public keys (CA certs). If the default
. 2021.09.30 11:02:59 -     bundle file isn't adequate, you can specify an alternate file
. 2021.09.30 11:02:59 -     using the --cacert option.
. 2021.09.30 11:02:59 -     If this HTTPS server uses a certificate signed by a CA represented in
. 2021.09.30 11:02:59 -     the bundle, the certificate verification probably failed due to a
. 2021.09.30 11:02:59 -     problem with the certificate (it might be expired, or the name might
. 2021.09.30 11:02:59 -     not match the domain name in the URL).
. 2021.09.30 11:02:59 -     If you'd like to turn off curl's verification of the certificate, use
. 2021.09.30 11:02:59 -     the -k (or --insecure) option.
. 2021.09.30 11:02:59 - Checking route (2° try)
. 2021.09.30 11:03:01 - curl: (60) server certificate verification failed. CAfile: /usr/share/eddie-ui/cacert.pem CRLfile: none
. 2021.09.30 11:03:01 -     More details here: http://curl.haxx.se/docs/sslcerts.html
. 2021.09.30 11:03:01 -     curl performs SSL certificate verification by default, using a "bundle"
. 2021.09.30 11:03:01 -     of Certificate Authority (CA) public keys (CA certs). If the default
. 2021.09.30 11:03:01 -     bundle file isn't adequate, you can specify an alternate file
. 2021.09.30 11:03:01 -     using the --cacert option.
. 2021.09.30 11:03:01 -     If this HTTPS server uses a certificate signed by a CA represented in
. 2021.09.30 11:03:01 -     the bundle, the certificate verification probably failed due to a
. 2021.09.30 11:03:01 -     problem with the certificate (it might be expired, or the name might
. 2021.09.30 11:03:01 -     not match the domain name in the URL).
. 2021.09.30 11:03:01 -     If you'd like to turn off curl's verification of the certificate, use
. 2021.09.30 11:03:01 -     the -k (or --insecure) option.
. 2021.09.30 11:03:01 - Checking route (3° try)
. 2021.09.30 11:03:04 - curl: (60) server certificate verification failed. CAfile: /usr/share/eddie-ui/cacert.pem CRLfile: none
. 2021.09.30 11:03:04 -     More details here: http://curl.haxx.se/docs/sslcerts.html
. 2021.09.30 11:03:04 -     curl performs SSL certificate verification by default, using a "bundle"
. 2021.09.30 11:03:04 -     of Certificate Authority (CA) public keys (CA certs). If the default
. 2021.09.30 11:03:04 -     bundle file isn't adequate, you can specify an alternate file
. 2021.09.30 11:03:04 -     using the --cacert option.
. 2021.09.30 11:03:04 -     If this HTTPS server uses a certificate signed by a CA represented in
. 2021.09.30 11:03:04 -     the bundle, the certificate verification probably failed due to a
. 2021.09.30 11:03:04 -     problem with the certificate (it might be expired, or the name might
. 2021.09.30 11:03:04 -     not match the domain name in the URL).
. 2021.09.30 11:03:04 -     If you'd like to turn off curl's verification of the certificate, use
. 2021.09.30 11:03:04 -     the -k (or --insecure) option.
E 2021.09.30 11:03:04 - Checking route IPv4 failed.
. 2021.09.30 11:03:04 - OpenVPN > Initialization Sequence Completed
! 2021.09.30 11:03:04 - Disconnecting
. 2021.09.30 11:03:04 - Routes, removed a route previously added, 184.75.221.179 for gateway 10.28.181.1
. 2021.09.30 11:03:04 - Sending soft termination signal
. 2021.09.30 11:03:04 - OpenVPN > event_wait : Interrupted system call (code=4)
. 2021.09.30 11:03:04 - OpenVPN > /sbin/ip route del 184.75.221.178/32
. 2021.09.30 11:03:04 - OpenVPN > /sbin/ip route del 0.0.0.0/1
. 2021.09.30 11:03:04 - OpenVPN > /sbin/ip route del 128.0.0.0/1
. 2021.09.30 11:03:04 - OpenVPN > Closing TUN/TAP interface
. 2021.09.30 11:03:04 - OpenVPN > /sbin/ip addr del dev tun0 10.28.181.39/24
. 2021.09.30 11:03:05 - OpenVPN > SIGINT[hard,] received, process exiting
. 2021.09.30 11:03:05 - Connection terminated.
. 2021.09.30 11:03:05 - IPv6 restored on network adapter (default)
. 2021.09.30 11:03:05 - IPv6 restored on network adapter (enp4s0)
. 2021.09.30 11:03:05 - DNS of the system restored to original settings (Rename method)
I 2021.09.30 11:03:08 - Checking authorization ...
I 2021.09.30 11:03:09 - Cancel requested.
! 2021.09.30 11:03:09 - Session terminated.
! 2021.09.30 11:03:21 - Deactivation of Network Lock

 

Share this post


Link to post

Hello and thank you for your choice!

Please make sure that you're running Eddie 2.19.7 or higher version (upgrade if necessary).

Then, please try the following settings:

  • from Eddie's main window select "Preferences" > "Advanced"
  • de-tick "Check if the VPN tunnel works"
  • click "Save"
  • from Eddie's main window select "Preferences" > "DNS"
  • de-tick "Check Air VPN DNS"
  • click "Save"
  • from Eddie's main window enable Network Lock

Try again connections to various servers.

Explanation of the issue: consider that AirVPN uses mainly LetsEncrypt certificates. Then read here:
https://blog.germancoding.com/2021/04/16/lets-encrypt-and-expired-root-certificates/

Now, if you run a cURL version linked against OpenSSL 1.1.0 or older versions, or against LibreSSL older than 3.2.0, or GnuTLS older than 3.6.7, the validation chain will fail (and Eddie does use libcurl and curl). It's a TLS library bug. At the moment we can not fix on our side: we would cut out all Android versions older than 7.1, and we don't want to do so .

Momentarily, the above quick fix will resolve the problem on Eddie. The initial checks become useless when you keep Network Lock enabled, so you don't have to worry about safety and security.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...