Qpb22uGL 2 Posted ... I just updated OpenVPN for Android to 0.7.25 (update was released on Oct 4 2021). Android 11, October 2021 security patch. I now can not connect to any AirVPN server anymore using the .ovpn files from the config generator. This is what it shows when I try to connect: OpenSSL: error:0A00018E:SSL rountines::ca md too weak OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes MGMT: Got unrecognized command>FATAL:Cannot load inline certificate file Cannot load inline certificate file Exiting due to fatal error Process exited with exit value 1 2 bluezed and kmartinez237 reacted to this Share this post Link to post
OpenSourcerer 1442 Posted ... Puzzling. Closest I could find is that the project switched to OpenSSL 3.0 which seems to deem any certs signed with SHA1 as weak now. But the only certs signed with SHA1 on AirVPN are old ones which you can't even generate nowadays. For a closer look one needs the whole log from the app. Eh, no, this is the problem. The certificate is SHA512, the CA actually is SHA1. So it's definitely something AirVPN should look into. 1 kmartinez237 reacted to this Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
kmartinez237 0 Posted ... 10 minutes ago, OpenSourcerer said: Puzzling. Closest I could find is that the project switched to OpenSSL 3.0 which seems to deem any certs signed with SHA1 as weak now. But the only certs signed with SHA1 on AirVPN are old ones which you can't even generate nowadays. For a closer look one needs the whole log from the app. I just updated OpenVPN for Android a few hours ago, and I am getting a similar error message. I'm worried about posting the whole Log, for privacy concerns. Should I still post it here, or should I message it to you? Share this post Link to post
OpenSourcerer 1442 Posted ... Not necessary, I think. It really looks like AirVPN's CA cert must be reissued with a stronger hashing algorithm. It's the only permanent solution. 1 kmartinez237 reacted to this Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 10015 Posted ... Hello! Signature of a root CA certificate is there only as a dummy one, and the verification of a CA certificate is not based on any signature, obviously. So, there is no security hazard coming from the signature algorithm of a root CA certificate. Anyway if the source of the problem is the one you mention we will plan some solution to have OpenVPN for Android compatible again. It will take some time, so you might consider to run Eddie Android edition 2.4 or 2.5 alpha in the meantime. "The purpose of the signature in a certificate chain is that a higher authority certifies a lower authority. For a root CA, there is no higher authority by definition (that's what "root" means), so there is nobody who could possibly sign the certificate. Since, as was mentioned, certificates must be signed, root CAs are signed with a "dummy" signature, and the simplest way to do that, is to self-sign. So, not only is there no need to verify, the very idea of verifying the signature of a root CA is non-sensical." Jörg W Mittag, in https://serverfault.com/questions/837994/why-are-ca-root-certificates-all-sha-1-signed-since-sha-1-is-deprecatedKind regards 1 kmartinez237 reacted to this Share this post Link to post
OpenSourcerer 1442 Posted ... I came to the conclusion due to the changelog mentioning: Quote * X509 certificates signed using SHA1 are no longer allowed at security level 1 and above. *Kurt Roeckx* Since a CA cert is also a X.509 cert, since OpenVPN errors out with "ca md too weak" and since OpenSSL puts out this line if read with -text: Quote Signature Algorithm: sha1WithRSAEncryption I made an educated guess that it must be this. Even though it may be nonsensical when we look at CA certs. Because, where else may that be coming from? The <cert> is sha512WithRSAEncryption. I've also looked into possible options/switches to suppress this check until a more general solution is available. So far I only stumbled upon a compiler flag for OpenSSL 3 disabling this behavior altogether, but it may be useful in other use cases; probably too much collateral damage. And OpenVPN itself simply invokes OpenSSL to do its checks, the logs outline it quite clearly. Probably nothing anyone can do with a quick OpenVPN directive, either. And to lower the security level… don't know if you can do that. I found --tls-cert-profile directive in the OpenVPN manual but it mentions 1 being the lowest security level, already called "legacy"… 1 kmartinez237 reacted to this Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Baryshnikov 2 Posted ... This issue is also be discussed on snbforums. There the same thing is happening to Asus router users running Merlin firmware. Users affected just updated their Android VPN client this morning.https://www.snbforums.com/threads/openvpn-server-issue.75087/#post-717031 Hide Baryshnikov's signature Hide all signatures -- It is not unusual for those at the wrong end of the club to have a clearer picture of reality than those who wield it. Noam Chomsky Share this post Link to post
Staff 10015 Posted ... @OpenSourcerer@77festus77 Thank you. Can you tell us how you reproduced the problem? In our current tests, OpenVPN for Android 0.7.25 (latest version on the Play Store) connects fine to our servers, both on entry-IP addresses 1 and 3. Tested on various devices based on Android 6, 10, 11. Apart from various app explosions, when it does not crash it connects fine. Kind regards Share this post Link to post
Baryshnikov 2 Posted ... @OpenSorcerer @Staff I did not reproduce the problem as I am not an Android user - I was just letting you know that it was just being reported by others beside AirVPN users 1 kmartinez237 reacted to this Hide Baryshnikov's signature Hide all signatures -- It is not unusual for those at the wrong end of the club to have a clearer picture of reality than those who wield it. Noam Chomsky Share this post Link to post
Clodo 177 Posted ... If you have this issue, please try to download this file: https://airvpn.org/static/keys/ca512.crt and replace CA crt in "OpenVPN for Android" config. I'm waiting for feedback. Thanks. Share this post Link to post
checkk 0 Posted ... 5 hours ago, Clodo said: If you have this issue, please try to download this file: https://airvpn.org/static/keys/ca512.crt and replace CA crt in "OpenVPN for Android" config. I'm waiting for feedback. Thanks. I'm a bit of a noob, so I've tried adding this .crt file to my config and now another error coming up saying " openssl reported a certificate with a weak hash, please..." Share this post Link to post
OpenSourcerer 1442 Posted ... 13 hours ago, Staff said: Can you tell us how you reproduced the problem? Primarily a question to @Qpb22uGL and @kmartinez237, they originally reported this. 1 Staff reacted to this Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Sergey2k 0 Posted ... Confirming the error. Yesterday I could not connect to the Asus RT-N66U router (Original firmware) from Android 7.1.1. From Windows and linux not problems. 2021-10-07 08:03:52 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.25-0-g4a9cbd88] armeabi-v7a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 4 2021 2021-10-07 08:03:52 library versions: OpenSSL 3.0.0 7 sep 2021, LZO 2.10 2021-10-07 08:03:52 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket 2021-10-07 08:03:52 MANAGEMENT: CMD 'version 3' 2021-10-07 08:03:52 MANAGEMENT: CMD 'hold release' 2021-10-07 08:03:52 MANAGEMENT: CMD 'username 'Auth' user1' 2021-10-07 08:03:52 MANAGEMENT: CMD 'bytecount 2' 2021-10-07 08:03:52 MANAGEMENT: CMD 'password [...]' 2021-10-07 08:03:52 MANAGEMENT: CMD 'state on' 2021-10-07 08:03:52 MANAGEMENT: CMD 'proxy NONE' 2021-10-07 08:03:53 MGMT: Got unrecognized command>FATAL:Cannot load inline certificate file 2021-10-07 08:03:53 OpenSSL: error:0A00018E:SSL routines::ca md too weak 2021-10-07 08:03:53 OpenSSL reported a certificate with a weak hash, please the in app FAQ about weak hashes 2021-10-07 08:03:53 MANAGEMENT: Client disconnected 2021-10-07 08:03:53 Cannot load inline certificate file 2021-10-07 08:03:53 Exiting due to fatal error 2021-10-07 08:03:53 Process exited with exit value 1 Share this post Link to post
184d2c52 2 Posted ... Thu Oct 7 07:49:32 BST 2021@Clodo > If you have this issue, please try to download this file: https://airvpn.org/static/keys/ca512.crt and replace CA crt in "OpenVPN for Android" config. Have verified the new signature: Signature Algorithm: sha512WithRSAEncryption however, still getting the error: OpenSSL: error:0A00018E:SSL routines::ca md too weak It appears that this is being generated from the embedded client cert: Signature Algorithm: sha1WithRSAEncryption Ref: https://github.com/schwabe/ics-openvpn/issues/1374#issuecomment-935944072 Update: from schwabe: "As for the CA. OpenSSL might also be upset by the CA sent by the server and not just the one used in the profile itself." 2 Staff and OpenSourcerer reacted to this Share this post Link to post
Staff 10015 Posted ... Hello! The current state of play as well as important clarifications. The issue occurs only in those OpenVPN clients linked against OpenSSL 3 and only to some of our users, see below Since 2017, our system generates CRT signed with SHA512 algorithm. Previously they were signed with SHA1. Regeneration of old CRT is not triggered and forced by us automatically, because it would invalidate any previous OVPN configuration file out there and lock out the user who does not follow our forum, notification e-mails etc. @rprimus you have a client CRT (user.crt) dated 2015. You and anybody else using pre-2017 user certificates: please go to your "Client Area" > "Devices" menu, renew your cert/key pair, re-download your OVPN configuration files from the Configuration Generator, use them and you will be fine. (*) The problem has never been caused by the CA certificate. Replacing the CA.crt is not mandatory, it just avoids warning message (that you can safely ignore and has nothing to do with the main issue of this thread) you may meet in Eddie Android edition, Hummingbird and Bluetit. Anyway, now even ca.crt is SHA512 signed, so you will not get anymore the mentioned warning (*) Yellow rows show certificates which use a signature based on a deprecated for security reasons hash algorithm (SHA1). They are still here to ensure backward compatibility, because we can't know whether you still use them in generated profiles. However, future OpenVPN versions might not allow them anymore. Click 'Renew' or 'Delete' to resolve the issue. After that, re-generate profile(s) with our Configuration Generator. If you run our client software Eddie, you just need to log your account out and in again from the main window. Kind regards 2 4 OpenSourcerer, pretender, 184d2c52 and 3 others reacted to this Share this post Link to post
kmartinez237 0 Posted ... 2 hours ago, Staff said: Hello! The current state of play as well as important clarifications. The issue occurs only in those OpenVPN clients linked against OpenSSL 3 and only to some of our users, see below Since 2017, our system generates CRT signed with SHA512 algorithm. Previously they were signed with SHA1. Regeneration of old CRT is not triggered and forced by us automatically, because it would invalidate any previous OVPN configuration file out there and lock out the user who does not follow our forum, notification e-mails etc. @rprimus you have a client CRT (user.crt) dated 2015. You and anybody else using pre-2017 user certificates: please go to your "Client Area" > "Devices" menu, renew your cert/key pair, re-download your OVPN configuration files from the Configuration Generator, use them and you will be fine. The problem has never been caused by the CA certificate. Replacing the CA.crt is not mandatory, it just avoids warning message (that you can safely ignore and has nothing to do with the main issue of this thread) you may meet in Eddie Android edition, Hummingbird and Bluetit. Anyway, now even ca.crt is SHA512 signed, so you will not get anymore the mentioned warning Kind regards This worked!!! Thank you so much!!! ☺️ Share this post Link to post
184d2c52 2 Posted ... 3 hours ago, Staff said: @rprimus you have a client CRT (user.crt) dated 2015. You and anybody else using pre-2017 user certificates: please go to your "Client Area" > "Devices" menu, renew your cert/key pair, re-download your OVPN configuration files from the Configuration Generator, use them and you will be fine. (*) The problem has never been caused by the CA certificate. Thu Oct 7 14:38:51 BST 2021@Staff Thank you very much - all A-OK now! Share this post Link to post
dmerryman 0 Posted ... Boom! You guys are the best. Had the exact same issue but now I'm back up and running. Share this post Link to post
Sergey2k 0 Posted ... 18 hours ago, Staff said: Since 2017, our system generates CRT signed with SHA512 algorithm. Previously they were signed with SHA1. Hello I've checked certificates from configuration of ASUS OpenVpn server. They are SHA1. But HMAC Authentication is SHA 512 into server. Then my server can't use SHA512 certificates cipher algorithm. Therefore, need change server (firmware is latest), or downgrade security on android client (tls-cipher:"DEFAULT:@SECLEVEL=0") Share this post Link to post
maasenstodt 0 Posted ... I had the same problem, and following the directions worked for me as well. However, I'm now unable to connect on my PC using the Eddie client. Here's my log: I 2021.10.12 20:39:06 - Session starting. I 2021.10.12 20:39:08 - Checking authorization ... ! 2021.10.12 20:39:09 - Connecting to Fang (United States of America, Chicago, Illinois) . 2021.10.12 20:39:09 - OpenVPN > OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021 . 2021.10.12 20:39:09 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2021.10.12 20:39:09 - OpenVPN > library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10 . 2021.10.12 20:39:09 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2021.10.12 20:39:09 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2021.10.12 20:39:09 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2021.10.12 20:39:09 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2021.10.12 20:39:09 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:09 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2021.10.12 20:39:09 - OpenVPN > UDP link local: (not bound) . 2021.10.12 20:39:09 - OpenVPN > UDP link remote: [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:09 - OpenVPN > TLS: Initial packet from [AF_INET]68.235.48.110:443, sid=7ab33fa3 2a242b8d . 2021.10.12 20:39:09 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2021.10.12 20:39:09 - OpenVPN > VERIFY KU OK . 2021.10.12 20:39:09 - OpenVPN > Validating certificate extended key usage . 2021.10.12 20:39:09 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2021.10.12 20:39:09 - OpenVPN > VERIFY EKU OK . 2021.10.12 20:39:09 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Fang, emailAddress=info@airvpn.org . 2021.10.12 20:39:09 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA . 2021.10.12 20:39:09 - OpenVPN > [Fang] Peer Connection Initiated with [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:10 - OpenVPN > SENT CONTROL [Fang]: 'PUSH_REQUEST' (status=1) W 2021.10.12 20:39:10 - Authorization failed. Look at the client area to discover the reason. . 2021.10.12 20:39:10 - OpenVPN > AUTH: Received control message: AUTH_FAILED . 2021.10.12 20:39:10 - OpenVPN > SIGTERM received, sending exit notification to peer ! 2021.10.12 20:39:10 - Disconnecting . 2021.10.12 20:39:10 - Sending soft termination signal . 2021.10.12 20:39:13 - Connection terminated. . 2021.10.12 20:39:13 - OpenVPN > SIGTERM[hard,] received, process exiting I 2021.10.12 20:39:16 - Checking authorization ... ! 2021.10.12 20:39:17 - Connecting to Fang (United States of America, Chicago, Illinois) . 2021.10.12 20:39:17 - OpenVPN > OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021 . 2021.10.12 20:39:17 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2021.10.12 20:39:17 - OpenVPN > library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10 . 2021.10.12 20:39:17 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2021.10.12 20:39:17 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2021.10.12 20:39:17 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2021.10.12 20:39:17 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2021.10.12 20:39:17 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:17 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2021.10.12 20:39:17 - OpenVPN > UDP link local: (not bound) . 2021.10.12 20:39:17 - OpenVPN > UDP link remote: [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:17 - OpenVPN > TLS: Initial packet from [AF_INET]68.235.48.110:443, sid=986739d4 81f1a840 . 2021.10.12 20:39:17 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2021.10.12 20:39:17 - OpenVPN > VERIFY KU OK . 2021.10.12 20:39:17 - OpenVPN > Validating certificate extended key usage . 2021.10.12 20:39:17 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2021.10.12 20:39:17 - OpenVPN > VERIFY EKU OK . 2021.10.12 20:39:17 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Fang, emailAddress=info@airvpn.org . 2021.10.12 20:39:18 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA . 2021.10.12 20:39:18 - OpenVPN > [Fang] Peer Connection Initiated with [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:19 - OpenVPN > SENT CONTROL [Fang]: 'PUSH_REQUEST' (status=1) W 2021.10.12 20:39:19 - Authorization failed. Look at the client area to discover the reason. . 2021.10.12 20:39:19 - OpenVPN > AUTH: Received control message: AUTH_FAILED . 2021.10.12 20:39:19 - OpenVPN > SIGTERM received, sending exit notification to peer ! 2021.10.12 20:39:19 - Disconnecting . 2021.10.12 20:39:19 - Sending soft termination signal . 2021.10.12 20:39:22 - Connection terminated. . 2021.10.12 20:39:22 - OpenVPN > SIGTERM[hard,] received, process exiting I 2021.10.12 20:39:25 - Checking authorization ... ! 2021.10.12 20:39:26 - Connecting to Fang (United States of America, Chicago, Illinois) . 2021.10.12 20:39:26 - OpenVPN > OpenVPN 2.5.1 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 24 2021 . 2021.10.12 20:39:26 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2021.10.12 20:39:26 - OpenVPN > library versions: OpenSSL 1.1.1j 16 Feb 2021, LZO 2.10 . 2021.10.12 20:39:26 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2021.10.12 20:39:26 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2021.10.12 20:39:26 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2021.10.12 20:39:26 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2021.10.12 20:39:26 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:26 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2021.10.12 20:39:26 - OpenVPN > UDP link local: (not bound) . 2021.10.12 20:39:26 - OpenVPN > UDP link remote: [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:26 - OpenVPN > TLS: Initial packet from [AF_INET]68.235.48.110:443, sid=15e64168 524357f5 . 2021.10.12 20:39:26 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2021.10.12 20:39:26 - OpenVPN > VERIFY KU OK . 2021.10.12 20:39:26 - OpenVPN > Validating certificate extended key usage . 2021.10.12 20:39:26 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2021.10.12 20:39:26 - OpenVPN > VERIFY EKU OK . 2021.10.12 20:39:26 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Fang, emailAddress=info@airvpn.org . 2021.10.12 20:39:26 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA . 2021.10.12 20:39:26 - OpenVPN > [Fang] Peer Connection Initiated with [AF_INET]68.235.48.110:443 . 2021.10.12 20:39:27 - OpenVPN > SENT CONTROL [Fang]: 'PUSH_REQUEST' (status=1) W 2021.10.12 20:39:27 - Authorization failed. Look at the client area to discover the reason. . 2021.10.12 20:39:27 - OpenVPN > AUTH: Received control message: AUTH_FAILED . 2021.10.12 20:39:27 - OpenVPN > SIGTERM received, sending exit notification to peer ! 2021.10.12 20:39:27 - Disconnecting . 2021.10.12 20:39:27 - Sending soft termination signal . 2021.10.12 20:39:30 - Connection terminated. . 2021.10.12 20:39:30 - OpenVPN > SIGTERM[hard,] received, process exiting I 2021.10.12 20:39:31 - Cancel requested. ! 2021.10.12 20:39:31 - Session terminated. Share this post Link to post
Staff 10015 Posted ... @maasenstodt Hello! Currently Eddie does not re-download automatically any new certificate/key pair: in Eddie main window, log your account out and then log it in again, in order to force Eddie to re-download client certificate(s) and key(s). A detailed guide is available here:https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards 2 Vash@684 and Antti Simola reacted to this Share this post Link to post