Jump to content
Not connected, Your IP: 3.149.29.98
tioker

ANSWERED OpenSSL error ; restart every 3 seconds

Recommended Posts

Hello,
I have read this post without any effect for me (but I don't know exactly what to do).
I have this error on log file where we can see a OpenVPN OpenSSL error.
I am on Ubuntu 22.04 Gnome 42.2
Best regards

I 2022.07.12 23:36:45 - Session starting.
I 2022.07.12 23:36:45 - Checking authorization ...
! 2022.07.12 23:36:45 - Connecting to Zibal (Netherlands, Alblasserdam)
. 2022.07.12 23:36:45 - Routes, add 213.152.161.151/32 for interface "wlo1".
. 2022.07.12 23:36:45 - Routes, add 213.152.161.151/32 for interface "wlo1", already exists.
. 2022.07.12 23:36:45 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
. 2022.07.12 23:36:45 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
. 2022.07.12 23:36:45 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.07.12 23:36:45 - OpenVPN > Cannot load inline certificate file
. 2022.07.12 23:36:45 - OpenVPN > Exiting due to fatal error
! 2022.07.12 23:36:45 - Disconnecting
. 2022.07.12 23:36:45 - Sending soft termination signal
. 2022.07.12 23:36:46 - Routes, delete 213.152.161.151/32 for interface "wlo1".
. 2022.07.12 23:36:46 - Routes, delete 213.152.161.151/32 for interface "wlo1", not exists.
. 2022.07.12 23:36:46 - Connection terminated.
! 2022.07.12 23:36:48 - Session terminated.

Share this post


Link to post

Hello!

The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed!

Please:

  • log your AirVPN account in to the web site
  • click "Client Area" from the upper menu
  • click the "Devices" button
  • click your client/key pair "Details" button
  • click "Renew"
  • from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved. (*)

(*) If you don't run Eddie, from the Configuration Generator generate new configuration files for the software you run to connect to AirVPN.

Detailed instructions here:
https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/

Kind regards
 

Share this post


Link to post
On 7/13/2022 at 4:17 AM, Staff said:

Hello!

The error here is different. OpenSSL doesn't accept certificates signed through SHA1. Since 2017 we sign client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed!

Please:

  • log your AirVPN account in to the web site
  • click "Client Area" from the upper menu
  • click the "Devices" button
  • click your client/key pair "Details" button
  • click "Renew"
  • from Eddie main window log your account out and then in again and the problem will get resolved.

Detailed instructions here:
https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/

Kind regards
 


does not resolve the issue -

. 2022.07.15 18:11:25 - Eddie version: 2.21.8 / linux_x64, System: Linux, Name: Kali GNU/Linux Rolling, Version: 2022.2, Mono/.Net: 6.8.0.105 (Debian 6.8.0.105+dfsg-3.2 Tue Jun 29 21:01:01 UTC 2021); Framework: v4.0.30319
. 2022.07.15 18:11:25 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2022.07.15 18:11:25 - Raise system privileges
. 2022.07.15 18:11:29 - Reading options from /home/user/.config/eddie/default.profile
. 2022.07.15 18:11:30 - OpenVPN - Version: 2.5.7 - OpenSSL 3.0.3 3 May 2022, LZO 2.10 (/usr/sbin/openvpn)
. 2022.07.15 18:11:30 - SSH - Version: OpenSSH_9.0p1 Debian-1+b1, OpenSSL 3.0.3 3 May 2022 (/usr/bin/ssh)
. 2022.07.15 18:11:30 - SSL - Version: Initializing (/usr/bin/stunnel4)
. 2022.07.15 18:11:30 - curl - Version: 7.83.1 (/usr/bin/curl)
I 2022.07.15 18:11:32 - Ready
. 2022.07.15 18:11:33 - Collect information about AirVPN completed
I 2022.07.15 18:11:36 - Session starting.
I 2022.07.15 18:11:36 - Checking authorization ...
! 2022.07.15 18:11:36 - Connecting to Aludra (Canada, Toronto, Ontario)
. 2022.07.15 18:11:37 - Routes, add 104.254.90.205/32 for interface "eth0".
. 2022.07.15 18:11:37 - Routes, add 104.254.90.205/32 for interface "eth0", already exists.
. 2022.07.15 18:11:37 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2022.07.15 18:11:37 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
. 2022.07.15 18:11:37 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.07.15 18:11:37 - OpenVPN > Cannot load inline certificate file
. 2022.07.15 18:11:37 - OpenVPN > Exiting due to fatal error
! 2022.07.15 18:11:37 - Disconnecting
. 2022.07.15 18:11:37 - Routes, delete 104.254.90.205/32 for interface "eth0".
. 2022.07.15 18:11:37 - Routes, delete 104.254.90.205/32 for interface "eth0", not exists.
. 2022.07.15 18:11:37 - Connection terminated.
I 2022.07.15 18:11:40 - Checking authorization ...
! 2022.07.15 18:11:41 - Connecting to Mintaka (Canada, Toronto, Ontario)
. 2022.07.15 18:11:41 - Routes, add 184.75.223.221/32 for interface "eth0".
. 2022.07.15 18:11:41 - Routes, add 184.75.223.221/32 for interface "eth0", already exists.
. 2022.07.15 18:11:41 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2022.07.15 18:11:41 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
. 2022.07.15 18:11:41 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.07.15 18:11:41 - OpenVPN > Cannot load inline certificate file
. 2022.07.15 18:11:41 - OpenVPN > Exiting due to fatal error
! 2022.07.15 18:11:41 - Disconnecting
. 2022.07.15 18:11:41 - Sending soft termination signal
. 2022.07.15 18:11:41 - Routes, delete 184.75.223.221/32 for interface "eth0".
. 2022.07.15 18:11:41 - Routes, delete 184.75.223.221/32 for interface "eth0", not exists.
. 2022.07.15 18:11:41 - Connection terminated.
I 2022.07.15 18:11:45 - Checking authorization ...
! 2022.07.15 18:11:45 - Connecting to Sualocin (Canada, Toronto, Ontario)
. 2022.07.15 18:11:45 - Routes, add 184.75.221.45/32 for interface "eth0".
. 2022.07.15 18:11:45 - Routes, add 184.75.221.45/32 for interface "eth0", already exists.
. 2022.07.15 18:11:45 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2022.07.15 18:11:45 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
. 2022.07.15 18:11:45 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.07.15 18:11:45 - OpenVPN > Cannot load inline certificate file
. 2022.07.15 18:11:45 - OpenVPN > Exiting due to fatal error
! 2022.07.15 18:11:45 - Disconnecting
. 2022.07.15 18:11:45 - Sending soft termination signal
. 2022.07.15 18:11:46 - Routes, delete 184.75.221.45/32 for interface "eth0".
. 2022.07.15 18:11:46 - Routes, delete 184.75.221.45/32 for interface "eth0", not exists.
. 2022.07.15 18:11:46 - Connection terminated.
I 2022.07.15 18:11:49 - Checking authorization ...
! 2022.07.15 18:11:49 - Connecting to Lacerta (Canada, Montreal)
. 2022.07.15 18:11:49 - Routes, add 87.101.92.173/32 for interface "eth0".
. 2022.07.15 18:11:49 - Routes, add 87.101.92.173/32 for interface "eth0", already exists.
. 2022.07.15 18:11:50 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2022.07.15 18:11:50 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
. 2022.07.15 18:11:50 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.07.15 18:11:50 - OpenVPN > Cannot load inline certificate file
. 2022.07.15 18:11:50 - OpenVPN > Exiting due to fatal error
! 2022.07.15 18:11:50 - Disconnecting
. 2022.07.15 18:11:50 - Routes, delete 87.101.92.173/32 for interface "eth0".
. 2022.07.15 18:11:50 - Routes, delete 87.101.92.173/32 for interface "eth0", not exists.
. 2022.07.15 18:11:50 - Connection terminated.
I 2022.07.15 18:11:53 - Checking authorization ...
! 2022.07.15 18:11:53 - Connecting to Tyl (Canada, Toronto, Ontario)
. 2022.07.15 18:11:53 - Routes, add 184.75.223.205/32 for interface "eth0".
. 2022.07.15 18:11:53 - Routes, add 184.75.223.205/32 for interface "eth0", already exists.
. 2022.07.15 18:11:54 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2022.07.15 18:11:54 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
. 2022.07.15 18:11:54 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.07.15 18:11:54 - OpenVPN > Cannot load inline certificate file
. 2022.07.15 18:11:54 - OpenVPN > Exiting due to fatal error
! 2022.07.15 18:11:54 - Disconnecting
. 2022.07.15 18:11:54 - Routes, delete 184.75.223.205/32 for interface "eth0".
. 2022.07.15 18:11:54 - Routes, delete 184.75.223.205/32 for interface "eth0", not exists.
. 2022.07.15 18:11:54 - Connection terminated.
I 2022.07.15 18:11:56 - Cancel requested.
! 2022.07.15 18:11:56 - Session terminated.

 

Share this post


Link to post

to @Staff
Thank you, your solution resolve my problem.
As you said, since 2016...
See you in 6 years !
Best regards.

A question if I could ... is there a chance France was in country list ? It's a problem for me when I want accept to french services when I am abroad. 

Share this post


Link to post
On 7/16/2022 at 10:32 PM, tioker said:


A question if I could ... is there a chance France was in country list ? It's a problem for me when I want accept to french services when I am abroad. 


Hello!

France servers are not planned at the moment, we're sorry (usual problem of mandatory data retention for hosting providers). We have a "geo-routing" server in France, we may try to "geo-route" services which restrict access to IP addresses geo-located in France: please open a ticket and give the support team the URLs of the services.

Kind regards
 

Share this post


Link to post

I'm having a similar problem. I try to connect to any server and I just get a constant loop of connecting and disconnecting. Below are my logs:
I 2022.08.23 22:44:30 - Session starting.
I 2022.08.23 22:44:31 - Checking authorization ...
. 2022.08.23 22:44:32 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)"
! 2022.08.23 22:44:32 - Connecting to Sheliak (Netherlands, Alblasserdam)
. 2022.08.23 22:44:32 - Routes, add 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)".
. 2022.08.23 22:44:32 - Routes, add 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", already exists.
. 2022.08.23 22:44:32 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
. 2022.08.23 22:44:32 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit
. 2022.08.23 22:44:32 - OpenVPN > library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
. 2022.08.23 22:44:32 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2022.08.23 22:44:32 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2022.08.23 22:44:32 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2022.08.23 22:44:32 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2022.08.23 22:44:32 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.186.37:443
. 2022.08.23 22:44:32 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]
. 2022.08.23 22:44:32 - OpenVPN > UDP link local: (not bound)
. 2022.08.23 22:44:32 - OpenVPN > UDP link remote: [AF_INET]213.152.186.37:443
. 2022.08.23 22:44:33 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.186.37:443, sid=7279d741 a276a118
. 2022.08.23 22:44:33 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2022.08.23 22:44:33 - OpenVPN > VERIFY KU OK
. 2022.08.23 22:44:33 - OpenVPN > Validating certificate extended key usage
. 2022.08.23 22:44:33 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2022.08.23 22:44:33 - OpenVPN > VERIFY EKU OK
. 2022.08.23 22:44:33 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Sheliak, emailAddress=info@airvpn.org
. 2022.08.23 22:44:33 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
. 2022.08.23 22:44:33 - OpenVPN > [Sheliak] Peer Connection Initiated with [AF_INET]213.152.186.37:443
. 2022.08.23 22:44:33 - OpenVPN > SENT CONTROL [Sheliak]: 'PUSH_REQUEST' (status=1)
. 2022.08.23 22:44:33 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.30.46.1,dhcp-option DNS6 fde6:7a:7d20:1a2e::1,tun-ipv6,route-gateway 10.30.46.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1a2e::1020/64 fde6:7a:7d20:1a2e::1,ifconfig 10.30.46.34 255.255.255.0,peer-id 5,cipher AES-256-GCM'
. 2022.08.23 22:44:33 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2022.08.23 22:44:33 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.30.46.1'
. 2022.08.23 22:44:33 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:1a2e::1'
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: compression parms modified
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: peer-id set
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625
. 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified
. 2022.08.23 22:44:33 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'
. 2022.08.23 22:44:33 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2022.08.23 22:44:33 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2022.08.23 22:44:33 - OpenVPN > interactive service msg_channel=0
. 2022.08.23 22:44:33 - OpenVPN > open_tun
. 2022.08.23 22:44:33 - OpenVPN > All wintun adapters on this system are currently in use or disabled.
. 2022.08.23 22:44:33 - OpenVPN > Exiting due to fatal error
! 2022.08.23 22:44:33 - Disconnecting
. 2022.08.23 22:44:33 - Routes, delete 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)".
. 2022.08.23 22:44:33 - Routes, delete 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", not exists.
. 2022.08.23 22:44:33 - Connection terminated.
I 2022.08.23 22:44:36 - Checking authorization ...
. 2022.08.23 22:44:37 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)"
! 2022.08.23 22:44:37 - Connecting to Alya (Canada, Toronto, Ontario)
. 2022.08.23 22:44:37 - Routes, add 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)".
. 2022.08.23 22:44:37 - Routes, add 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", already exists.
. 2022.08.23 22:44:37 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
. 2022.08.23 22:44:37 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit
. 2022.08.23 22:44:37 - OpenVPN > library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
. 2022.08.23 22:44:37 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2022.08.23 22:44:37 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2022.08.23 22:44:37 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2022.08.23 22:44:37 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2022.08.23 22:44:37 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.173:443
. 2022.08.23 22:44:37 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]
. 2022.08.23 22:44:37 - OpenVPN > UDP link local: (not bound)
. 2022.08.23 22:44:37 - OpenVPN > UDP link remote: [AF_INET]184.75.221.173:443
. 2022.08.23 22:44:37 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.173:443, sid=ffd8285b a32f07cc
. 2022.08.23 22:44:37 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2022.08.23 22:44:37 - OpenVPN > VERIFY KU OK
. 2022.08.23 22:44:37 - OpenVPN > Validating certificate extended key usage
. 2022.08.23 22:44:37 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2022.08.23 22:44:37 - OpenVPN > VERIFY EKU OK
. 2022.08.23 22:44:37 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Alya, emailAddress=info@airvpn.org
. 2022.08.23 22:44:38 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
. 2022.08.23 22:44:38 - OpenVPN > [Alya] Peer Connection Initiated with [AF_INET]184.75.221.173:443
. 2022.08.23 22:44:38 - OpenVPN > SENT CONTROL [Alya]: 'PUSH_REQUEST' (status=1)
. 2022.08.23 22:44:38 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.8.174.1,dhcp-option DNS6 fde6:7a:7d20:4ae::1,tun-ipv6,route-gateway 10.8.174.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:4ae::104a/64 fde6:7a:7d20:4ae::1,ifconfig 10.8.174.76 255.255.255.0,peer-id 2,cipher AES-256-GCM'
. 2022.08.23 22:44:38 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2022.08.23 22:44:38 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.8.174.1'
. 2022.08.23 22:44:38 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:4ae::1'
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: compression parms modified
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: peer-id set
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625
. 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified
. 2022.08.23 22:44:38 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'
. 2022.08.23 22:44:38 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2022.08.23 22:44:38 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2022.08.23 22:44:38 - OpenVPN > interactive service msg_channel=0
. 2022.08.23 22:44:38 - OpenVPN > open_tun
. 2022.08.23 22:44:38 - OpenVPN > All wintun adapters on this system are currently in use or disabled.
. 2022.08.23 22:44:38 - OpenVPN > Exiting due to fatal error
! 2022.08.23 22:44:38 - Disconnecting
. 2022.08.23 22:44:38 - Routes, delete 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)".
. 2022.08.23 22:44:38 - Routes, delete 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", not exists.
. 2022.08.23 22:44:38 - Connection terminated.
I 2022.08.23 22:44:41 - Checking authorization ...
. 2022.08.23 22:44:42 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)"
! 2022.08.23 22:44:42 - Connecting to Saiph (Canada, Toronto, Ontario)
. 2022.08.23 22:44:42 - Routes, add 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)".
. 2022.08.23 22:44:42 - Routes, add 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", already exists.
. 2022.08.23 22:44:43 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
. 2022.08.23 22:44:43 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit
. 2022.08.23 22:44:43 - OpenVPN > library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
. 2022.08.23 22:44:43 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2022.08.23 22:44:43 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2022.08.23 22:44:43 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
. 2022.08.23 22:44:43 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
. 2022.08.23 22:44:43 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.229:443
. 2022.08.23 22:44:43 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]
. 2022.08.23 22:44:43 - OpenVPN > UDP link local: (not bound)
. 2022.08.23 22:44:43 - OpenVPN > UDP link remote: [AF_INET]184.75.223.229:443
. 2022.08.23 22:44:43 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.223.229:443, sid=3cc06d9a e4956e70
. 2022.08.23 22:44:43 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2022.08.23 22:44:43 - OpenVPN > VERIFY KU OK
. 2022.08.23 22:44:43 - OpenVPN > Validating certificate extended key usage
. 2022.08.23 22:44:43 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2022.08.23 22:44:43 - OpenVPN > VERIFY EKU OK
. 2022.08.23 22:44:43 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Saiph, emailAddress=info@airvpn.org
. 2022.08.23 22:44:43 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512
. 2022.08.23 22:44:43 - OpenVPN > [Saiph] Peer Connection Initiated with [AF_INET]184.75.223.229:443
. 2022.08.23 22:44:43 - OpenVPN > SENT CONTROL [Saiph]: 'PUSH_REQUEST' (status=1)
. 2022.08.23 22:44:43 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.28.238.1,dhcp-option DNS6 fde6:7a:7d20:18ee::1,tun-ipv6,route-gateway 10.28.238.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:18ee::10c1/64 fde6:7a:7d20:18ee::1,ifconfig 10.28.238.195 255.255.255.0,peer-id 6,cipher AES-256-GCM'
. 2022.08.23 22:44:43 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp'
. 2022.08.23 22:44:43 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.28.238.1'
. 2022.08.23 22:44:43 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:18ee::1'
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: compression parms modified
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: peer-id set
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625
. 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified
. 2022.08.23 22:44:43 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM'
. 2022.08.23 22:44:43 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2022.08.23 22:44:43 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
. 2022.08.23 22:44:43 - OpenVPN > interactive service msg_channel=0
. 2022.08.23 22:44:43 - OpenVPN > open_tun
. 2022.08.23 22:44:43 - OpenVPN > All wintun adapters on this system are currently in use or disabled.
. 2022.08.23 22:44:43 - OpenVPN > Exiting due to fatal error
! 2022.08.23 22:44:43 - Disconnecting
. 2022.08.23 22:44:43 - Routes, delete 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)".
. 2022.08.23 22:44:43 - Routes, delete 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", not exists.
. 2022.08.23 22:44:43 - Connection terminated.
I 2022.08.23 22:44:46 - Cancel requested.
! 2022.08.23 22:44:46 - Session terminated.
 

Share this post


Link to post
Posted ... (edited)

This looks relevant to my current problem. I have several (3) machines currently logged in and connected, using AirVPN with no issues. I also have a new machine today, now using "Release Linux Mint 21 Vanessa 64-bit", when the others are using Mint 20 or maybe even Mint 19. This new machine perpetually retries, never connects:

I 2022.08.23 22:14:44 - Checking login ...
! 2022.08.23 22:14:45 - Logged in.
I 2022.08.23 22:14:56 - Session starting.
I 2022.08.23 22:14:57 - Checking authorization ...
! 2022.08.23 22:14:57 - Connecting to Nahn (Canada, Vancouver)
. 2022.08.23 22:14:57 - Routes, add 192.30.89.69/32 for interface "enp0s31f6".
. 2022.08.23 22:14:57 - Routes, add 192.30.89.69/32 for interface "enp0s31f6", already exists.
. 2022.08.23 22:14:58 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
. 2022.08.23 22:14:58 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
. 2022.08.23 22:14:58 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.08.23 22:14:58 - OpenVPN > Cannot load inline certificate file
. 2022.08.23 22:14:58 - OpenVPN > Exiting due to fatal error
! 2022.08.23 22:14:58 - Disconnecting
. 2022.08.23 22:14:58 - Routes, delete 192.30.89.69/32 for interface "enp0s31f6".
. 2022.08.23 22:14:58 - Routes, delete 192.30.89.69/32 for interface "enp0s31f6", not exists.
. 2022.08.23 22:14:58 - Connection terminated.
I 2022.08.23 22:15:01 - Checking authorization ...
! 2022.08.23 22:15:01 - Connecting to Titawin (Canada, Vancouver)
. 2022.08.23 22:15:01 - Routes, add 192.30.89.61/32 for interface "enp0s31f6".
. 2022.08.23 22:15:02 - Routes, add 192.30.89.61/32 for interface "enp0s31f6", already exists.
. 2022.08.23 22:15:02 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
. 2022.08.23 22:15:02 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
. 2022.08.23 22:15:02 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak
. 2022.08.23 22:15:02 - OpenVPN > Cannot load inline certificate file
. 2022.08.23 22:15:02 - OpenVPN > Exiting due to fatal error
! 2022.08.23 22:15:02 - Disconnecting
. 2022.08.23 22:15:02 - Sending soft termination signal
. 2022.08.23 22:15:02 - Routes, delete 192.30.89.61/32 for interface "enp0s31f6".
. 2022.08.23 22:15:02 - Routes, delete 192.30.89.61/32 for interface "enp0s31f6", not exists.
. 2022.08.23 22:15:02 - Connection terminated.
I 2022.08.23 22:15:05 - Cancel requested.

I would use the suggested fix, but I"m concerned that it will break the other machines which are quite happy. Is this a new issue with the newest Mint (21), or something else? Can I apply the suggested fix without breaking the other machines?

Thanks

Edited ... by willee_wonkee
I love AirVPN

Share this post


Link to post

I reread the instructions for the fix (renew the certificate), saw elsewhere that Mint 21's updated ssl/openvpn was the immediate cause of the problem on the new machine, and that I've been using AirVPN so long that my certificates were antiques.

So renew, watch existing connections drop, log in/out, cross my fingers, and restart everywhere and ... all is well again.

 

Share this post


Link to post
@seanwezzy81

Hello!

That's a different problem. The following interface:
Quote

. 2022.08.23 22:44:32 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)"


is causing a critical error:
Quote

. 2022.08.23 22:44:38 - OpenVPN > All wintun adapters on this system are currently in use or disabled.
. 2022.08.23 22:44:38 - OpenVPN > Exiting due to fatal error


Eddie's developer is looking into the apparent incompatibility or conflict, which occurs even with NordVPN and ExpressVPN wintun interfaces and causes OpenVPN to exit. In the the meantime you should be able to resolve the problem by disabling the Kaspersky Wintun interface.

Kind regards
 

Share this post


Link to post
On 7/13/2022 at 10:17 AM, Staff said:

Thank you, had the same problem and this worked for me, too.
Cheers!
🙂

Hello!

The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed!

Please:

  • log your AirVPN account in to the web site
  • click "Client Area" from the upper menu
  • click the "Devices" button
  • click your client/key pair "Details" button
  • click "Renew"
  • from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved.

Detailed instructions here:
https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/

Kind regards

Share this post


Link to post

Yes, thanks, that (post 2 + 4 (delete default.profile from Eddie) also solved my problem .

My Manjaro had an update from openssl 1.1.1.q-1 to 3.0.7.-2 and that triggered the problem, as I'm also one of the "old" customers (who still used SHA1)! :)

Share this post


Link to post

"3 sec restart loop" problem fixed after updating the certificate, using the clear explanation and instructions provided by staff above. Grazie, Edoardo - from New World.

Share this post


Link to post
On 7/13/2022 at 4:17 AM, Staff said:

Hello!

The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed!

Please:

  • log your AirVPN account in to the web site
  • click "Client Area" from the upper menu
  • click the "Devices" button
  • click your client/key pair "Details" button
  • click "Renew"
  • from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved.

Detailed instructions here:
https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/

Kind regards
 
I had this issue when upgrading to Ubuntu Mate 22.04LTS and this fixed it for me.  
Thanks. 
Customer since 2014

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...