tioker 2 Posted ... Hello, I have read this post without any effect for me (but I don't know exactly what to do). I have this error on log file where we can see a OpenVPN OpenSSL error. I am on Ubuntu 22.04 Gnome 42.2 Best regards I 2022.07.12 23:36:45 - Session starting. I 2022.07.12 23:36:45 - Checking authorization ... ! 2022.07.12 23:36:45 - Connecting to Zibal (Netherlands, Alblasserdam) . 2022.07.12 23:36:45 - Routes, add 213.152.161.151/32 for interface "wlo1". . 2022.07.12 23:36:45 - Routes, add 213.152.161.151/32 for interface "wlo1", already exists. . 2022.07.12 23:36:45 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 . 2022.07.12 23:36:45 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 . 2022.07.12 23:36:45 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.07.12 23:36:45 - OpenVPN > Cannot load inline certificate file . 2022.07.12 23:36:45 - OpenVPN > Exiting due to fatal error ! 2022.07.12 23:36:45 - Disconnecting . 2022.07.12 23:36:45 - Sending soft termination signal . 2022.07.12 23:36:46 - Routes, delete 213.152.161.151/32 for interface "wlo1". . 2022.07.12 23:36:46 - Routes, delete 213.152.161.151/32 for interface "wlo1", not exists. . 2022.07.12 23:36:46 - Connection terminated. ! 2022.07.12 23:36:48 - Session terminated. Quote Share this post Link to post
Staff 9950 Posted ... Hello! The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed! Please: log your AirVPN account in to the web site click "Client Area" from the upper menu click the "Devices" button click your client/key pair "Details" button click "Renew" from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved. (*) (*) If you don't run Eddie, from the Configuration Generator generate new configuration files for the software you run to connect to AirVPN. Detailed instructions here:https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards 6 4 mxb, spinmaster, dort and 7 others reacted to this Quote Share this post Link to post
anotherrandomuser2791 1 Posted ... On 7/13/2022 at 4:17 AM, Staff said: Hello! The error here is different. OpenSSL doesn't accept certificates signed through SHA1. Since 2017 we sign client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed! Please: log your AirVPN account in to the web site click "Client Area" from the upper menu click the "Devices" button click your client/key pair "Details" button click "Renew" from Eddie main window log your account out and then in again and the problem will get resolved. Detailed instructions here:https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards does not resolve the issue - . 2022.07.15 18:11:25 - Eddie version: 2.21.8 / linux_x64, System: Linux, Name: Kali GNU/Linux Rolling, Version: 2022.2, Mono/.Net: 6.8.0.105 (Debian 6.8.0.105+dfsg-3.2 Tue Jun 29 21:01:01 UTC 2021); Framework: v4.0.30319 . 2022.07.15 18:11:25 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui" . 2022.07.15 18:11:25 - Raise system privileges . 2022.07.15 18:11:29 - Reading options from /home/user/.config/eddie/default.profile . 2022.07.15 18:11:30 - OpenVPN - Version: 2.5.7 - OpenSSL 3.0.3 3 May 2022, LZO 2.10 (/usr/sbin/openvpn) . 2022.07.15 18:11:30 - SSH - Version: OpenSSH_9.0p1 Debian-1+b1, OpenSSL 3.0.3 3 May 2022 (/usr/bin/ssh) . 2022.07.15 18:11:30 - SSL - Version: Initializing (/usr/bin/stunnel4) . 2022.07.15 18:11:30 - curl - Version: 7.83.1 (/usr/bin/curl) I 2022.07.15 18:11:32 - Ready . 2022.07.15 18:11:33 - Collect information about AirVPN completed I 2022.07.15 18:11:36 - Session starting. I 2022.07.15 18:11:36 - Checking authorization ... ! 2022.07.15 18:11:36 - Connecting to Aludra (Canada, Toronto, Ontario) . 2022.07.15 18:11:37 - Routes, add 104.254.90.205/32 for interface "eth0". . 2022.07.15 18:11:37 - Routes, add 104.254.90.205/32 for interface "eth0", already exists. . 2022.07.15 18:11:37 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022 . 2022.07.15 18:11:37 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10 . 2022.07.15 18:11:37 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.07.15 18:11:37 - OpenVPN > Cannot load inline certificate file . 2022.07.15 18:11:37 - OpenVPN > Exiting due to fatal error ! 2022.07.15 18:11:37 - Disconnecting . 2022.07.15 18:11:37 - Routes, delete 104.254.90.205/32 for interface "eth0". . 2022.07.15 18:11:37 - Routes, delete 104.254.90.205/32 for interface "eth0", not exists. . 2022.07.15 18:11:37 - Connection terminated. I 2022.07.15 18:11:40 - Checking authorization ... ! 2022.07.15 18:11:41 - Connecting to Mintaka (Canada, Toronto, Ontario) . 2022.07.15 18:11:41 - Routes, add 184.75.223.221/32 for interface "eth0". . 2022.07.15 18:11:41 - Routes, add 184.75.223.221/32 for interface "eth0", already exists. . 2022.07.15 18:11:41 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022 . 2022.07.15 18:11:41 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10 . 2022.07.15 18:11:41 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.07.15 18:11:41 - OpenVPN > Cannot load inline certificate file . 2022.07.15 18:11:41 - OpenVPN > Exiting due to fatal error ! 2022.07.15 18:11:41 - Disconnecting . 2022.07.15 18:11:41 - Sending soft termination signal . 2022.07.15 18:11:41 - Routes, delete 184.75.223.221/32 for interface "eth0". . 2022.07.15 18:11:41 - Routes, delete 184.75.223.221/32 for interface "eth0", not exists. . 2022.07.15 18:11:41 - Connection terminated. I 2022.07.15 18:11:45 - Checking authorization ... ! 2022.07.15 18:11:45 - Connecting to Sualocin (Canada, Toronto, Ontario) . 2022.07.15 18:11:45 - Routes, add 184.75.221.45/32 for interface "eth0". . 2022.07.15 18:11:45 - Routes, add 184.75.221.45/32 for interface "eth0", already exists. . 2022.07.15 18:11:45 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022 . 2022.07.15 18:11:45 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10 . 2022.07.15 18:11:45 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.07.15 18:11:45 - OpenVPN > Cannot load inline certificate file . 2022.07.15 18:11:45 - OpenVPN > Exiting due to fatal error ! 2022.07.15 18:11:45 - Disconnecting . 2022.07.15 18:11:45 - Sending soft termination signal . 2022.07.15 18:11:46 - Routes, delete 184.75.221.45/32 for interface "eth0". . 2022.07.15 18:11:46 - Routes, delete 184.75.221.45/32 for interface "eth0", not exists. . 2022.07.15 18:11:46 - Connection terminated. I 2022.07.15 18:11:49 - Checking authorization ... ! 2022.07.15 18:11:49 - Connecting to Lacerta (Canada, Montreal) . 2022.07.15 18:11:49 - Routes, add 87.101.92.173/32 for interface "eth0". . 2022.07.15 18:11:49 - Routes, add 87.101.92.173/32 for interface "eth0", already exists. . 2022.07.15 18:11:50 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022 . 2022.07.15 18:11:50 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10 . 2022.07.15 18:11:50 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.07.15 18:11:50 - OpenVPN > Cannot load inline certificate file . 2022.07.15 18:11:50 - OpenVPN > Exiting due to fatal error ! 2022.07.15 18:11:50 - Disconnecting . 2022.07.15 18:11:50 - Routes, delete 87.101.92.173/32 for interface "eth0". . 2022.07.15 18:11:50 - Routes, delete 87.101.92.173/32 for interface "eth0", not exists. . 2022.07.15 18:11:50 - Connection terminated. I 2022.07.15 18:11:53 - Checking authorization ... ! 2022.07.15 18:11:53 - Connecting to Tyl (Canada, Toronto, Ontario) . 2022.07.15 18:11:53 - Routes, add 184.75.223.205/32 for interface "eth0". . 2022.07.15 18:11:53 - Routes, add 184.75.223.205/32 for interface "eth0", already exists. . 2022.07.15 18:11:54 - OpenVPN > OpenVPN 2.5.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 5 2022 . 2022.07.15 18:11:54 - OpenVPN > library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10 . 2022.07.15 18:11:54 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.07.15 18:11:54 - OpenVPN > Cannot load inline certificate file . 2022.07.15 18:11:54 - OpenVPN > Exiting due to fatal error ! 2022.07.15 18:11:54 - Disconnecting . 2022.07.15 18:11:54 - Routes, delete 184.75.223.205/32 for interface "eth0". . 2022.07.15 18:11:54 - Routes, delete 184.75.223.205/32 for interface "eth0", not exists. . 2022.07.15 18:11:54 - Connection terminated. I 2022.07.15 18:11:56 - Cancel requested. ! 2022.07.15 18:11:56 - Session terminated. 1 tioker reacted to this Quote Share this post Link to post
Staff 9950 Posted ... @anotherrandomuser2791 Hello! Probably Eddie is still passing to OpenVPN your SHA1 signed old certificate. If you did not forget to log your account out, try to delete the file /home/user/.config/eddie/default.profile while Eddie is not running. Kind regards 1 1 tammo and farang reacted to this Quote Share this post Link to post
tioker 2 Posted ... to @Staff Thank you, your solution resolve my problem. As you said, since 2016... See you in 6 years ! Best regards. A question if I could ... is there a chance France was in country list ? It's a problem for me when I want accept to french services when I am abroad. 1 Staff reacted to this Quote Share this post Link to post
Staff 9950 Posted ... On 7/16/2022 at 10:32 PM, tioker said: A question if I could ... is there a chance France was in country list ? It's a problem for me when I want accept to french services when I am abroad. Hello! France servers are not planned at the moment, we're sorry (usual problem of mandatory data retention for hosting providers). We have a "geo-routing" server in France, we may try to "geo-route" services which restrict access to IP addresses geo-located in France: please open a ticket and give the support team the URLs of the services. Kind regards Quote Share this post Link to post
seanwezzy81 0 Posted ... I'm having a similar problem. I try to connect to any server and I just get a constant loop of connecting and disconnecting. Below are my logs: I 2022.08.23 22:44:30 - Session starting. I 2022.08.23 22:44:31 - Checking authorization ... . 2022.08.23 22:44:32 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)" ! 2022.08.23 22:44:32 - Connecting to Sheliak (Netherlands, Alblasserdam) . 2022.08.23 22:44:32 - Routes, add 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)". . 2022.08.23 22:44:32 - Routes, add 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", already exists. . 2022.08.23 22:44:32 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021 . 2022.08.23 22:44:32 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2022.08.23 22:44:32 - OpenVPN > library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 . 2022.08.23 22:44:32 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2022.08.23 22:44:32 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2022.08.23 22:44:32 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2022.08.23 22:44:32 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2022.08.23 22:44:32 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.186.37:443 . 2022.08.23 22:44:32 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2022.08.23 22:44:32 - OpenVPN > UDP link local: (not bound) . 2022.08.23 22:44:32 - OpenVPN > UDP link remote: [AF_INET]213.152.186.37:443 . 2022.08.23 22:44:33 - OpenVPN > TLS: Initial packet from [AF_INET]213.152.186.37:443, sid=7279d741 a276a118 . 2022.08.23 22:44:33 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2022.08.23 22:44:33 - OpenVPN > VERIFY KU OK . 2022.08.23 22:44:33 - OpenVPN > Validating certificate extended key usage . 2022.08.23 22:44:33 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2022.08.23 22:44:33 - OpenVPN > VERIFY EKU OK . 2022.08.23 22:44:33 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Sheliak, emailAddress=info@airvpn.org . 2022.08.23 22:44:33 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 . 2022.08.23 22:44:33 - OpenVPN > [Sheliak] Peer Connection Initiated with [AF_INET]213.152.186.37:443 . 2022.08.23 22:44:33 - OpenVPN > SENT CONTROL [Sheliak]: 'PUSH_REQUEST' (status=1) . 2022.08.23 22:44:33 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.30.46.1,dhcp-option DNS6 fde6:7a:7d20:1a2e::1,tun-ipv6,route-gateway 10.30.46.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1a2e::1020/64 fde6:7a:7d20:1a2e::1,ifconfig 10.30.46.34 255.255.255.0,peer-id 5,cipher AES-256-GCM' . 2022.08.23 22:44:33 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2022.08.23 22:44:33 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.30.46.1' . 2022.08.23 22:44:33 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:1a2e::1' . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: peer-id set . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2022.08.23 22:44:33 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2022.08.23 22:44:33 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2022.08.23 22:44:33 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2022.08.23 22:44:33 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2022.08.23 22:44:33 - OpenVPN > interactive service msg_channel=0 . 2022.08.23 22:44:33 - OpenVPN > open_tun . 2022.08.23 22:44:33 - OpenVPN > All wintun adapters on this system are currently in use or disabled. . 2022.08.23 22:44:33 - OpenVPN > Exiting due to fatal error ! 2022.08.23 22:44:33 - Disconnecting . 2022.08.23 22:44:33 - Routes, delete 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)". . 2022.08.23 22:44:33 - Routes, delete 213.152.186.37/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", not exists. . 2022.08.23 22:44:33 - Connection terminated. I 2022.08.23 22:44:36 - Checking authorization ... . 2022.08.23 22:44:37 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)" ! 2022.08.23 22:44:37 - Connecting to Alya (Canada, Toronto, Ontario) . 2022.08.23 22:44:37 - Routes, add 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)". . 2022.08.23 22:44:37 - Routes, add 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", already exists. . 2022.08.23 22:44:37 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021 . 2022.08.23 22:44:37 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2022.08.23 22:44:37 - OpenVPN > library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 . 2022.08.23 22:44:37 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2022.08.23 22:44:37 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2022.08.23 22:44:37 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2022.08.23 22:44:37 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2022.08.23 22:44:37 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.221.173:443 . 2022.08.23 22:44:37 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2022.08.23 22:44:37 - OpenVPN > UDP link local: (not bound) . 2022.08.23 22:44:37 - OpenVPN > UDP link remote: [AF_INET]184.75.221.173:443 . 2022.08.23 22:44:37 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.221.173:443, sid=ffd8285b a32f07cc . 2022.08.23 22:44:37 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2022.08.23 22:44:37 - OpenVPN > VERIFY KU OK . 2022.08.23 22:44:37 - OpenVPN > Validating certificate extended key usage . 2022.08.23 22:44:37 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2022.08.23 22:44:37 - OpenVPN > VERIFY EKU OK . 2022.08.23 22:44:37 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Alya, emailAddress=info@airvpn.org . 2022.08.23 22:44:38 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 . 2022.08.23 22:44:38 - OpenVPN > [Alya] Peer Connection Initiated with [AF_INET]184.75.221.173:443 . 2022.08.23 22:44:38 - OpenVPN > SENT CONTROL [Alya]: 'PUSH_REQUEST' (status=1) . 2022.08.23 22:44:38 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.8.174.1,dhcp-option DNS6 fde6:7a:7d20:4ae::1,tun-ipv6,route-gateway 10.8.174.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:4ae::104a/64 fde6:7a:7d20:4ae::1,ifconfig 10.8.174.76 255.255.255.0,peer-id 2,cipher AES-256-GCM' . 2022.08.23 22:44:38 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2022.08.23 22:44:38 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.8.174.1' . 2022.08.23 22:44:38 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:4ae::1' . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: peer-id set . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2022.08.23 22:44:38 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2022.08.23 22:44:38 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2022.08.23 22:44:38 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2022.08.23 22:44:38 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2022.08.23 22:44:38 - OpenVPN > interactive service msg_channel=0 . 2022.08.23 22:44:38 - OpenVPN > open_tun . 2022.08.23 22:44:38 - OpenVPN > All wintun adapters on this system are currently in use or disabled. . 2022.08.23 22:44:38 - OpenVPN > Exiting due to fatal error ! 2022.08.23 22:44:38 - Disconnecting . 2022.08.23 22:44:38 - Routes, delete 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)". . 2022.08.23 22:44:38 - Routes, delete 184.75.221.173/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", not exists. . 2022.08.23 22:44:38 - Connection terminated. I 2022.08.23 22:44:41 - Checking authorization ... . 2022.08.23 22:44:42 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)" ! 2022.08.23 22:44:42 - Connecting to Saiph (Canada, Toronto, Ontario) . 2022.08.23 22:44:42 - Routes, add 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)". . 2022.08.23 22:44:42 - Routes, add 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", already exists. . 2022.08.23 22:44:43 - OpenVPN > OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021 . 2022.08.23 22:44:43 - OpenVPN > Windows version 10.0 (Windows 10 or greater) 64bit . 2022.08.23 22:44:43 - OpenVPN > library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10 . 2022.08.23 22:44:43 - OpenVPN > Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2022.08.23 22:44:43 - OpenVPN > Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2022.08.23 22:44:43 - OpenVPN > Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key . 2022.08.23 22:44:43 - OpenVPN > Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication . 2022.08.23 22:44:43 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.229:443 . 2022.08.23 22:44:43 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144] . 2022.08.23 22:44:43 - OpenVPN > UDP link local: (not bound) . 2022.08.23 22:44:43 - OpenVPN > UDP link remote: [AF_INET]184.75.223.229:443 . 2022.08.23 22:44:43 - OpenVPN > TLS: Initial packet from [AF_INET]184.75.223.229:443, sid=3cc06d9a e4956e70 . 2022.08.23 22:44:43 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org . 2022.08.23 22:44:43 - OpenVPN > VERIFY KU OK . 2022.08.23 22:44:43 - OpenVPN > Validating certificate extended key usage . 2022.08.23 22:44:43 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication . 2022.08.23 22:44:43 - OpenVPN > VERIFY EKU OK . 2022.08.23 22:44:43 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Saiph, emailAddress=info@airvpn.org . 2022.08.23 22:44:43 - OpenVPN > Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA512 . 2022.08.23 22:44:43 - OpenVPN > [Saiph] Peer Connection Initiated with [AF_INET]184.75.223.229:443 . 2022.08.23 22:44:43 - OpenVPN > SENT CONTROL [Saiph]: 'PUSH_REQUEST' (status=1) . 2022.08.23 22:44:43 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.28.238.1,dhcp-option DNS6 fde6:7a:7d20:18ee::1,tun-ipv6,route-gateway 10.28.238.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:18ee::10c1/64 fde6:7a:7d20:18ee::1,ifconfig 10.28.238.195 255.255.255.0,peer-id 6,cipher AES-256-GCM' . 2022.08.23 22:44:43 - OpenVPN > Pushed option removed by filter: 'redirect-gateway ipv6 def1 bypass-dhcp' . 2022.08.23 22:44:43 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS 10.28.238.1' . 2022.08.23 22:44:43 - OpenVPN > Pushed option removed by filter: 'dhcp-option DNS6 fde6:7a:7d20:18ee::1' . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: compression parms modified . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: route-related options modified . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: peer-id set . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: adjusting link_mtu to 1625 . 2022.08.23 22:44:43 - OpenVPN > OPTIONS IMPORT: data channel crypto options modified . 2022.08.23 22:44:43 - OpenVPN > Data Channel: using negotiated cipher 'AES-256-GCM' . 2022.08.23 22:44:43 - OpenVPN > Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2022.08.23 22:44:43 - OpenVPN > Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key . 2022.08.23 22:44:43 - OpenVPN > interactive service msg_channel=0 . 2022.08.23 22:44:43 - OpenVPN > open_tun . 2022.08.23 22:44:43 - OpenVPN > All wintun adapters on this system are currently in use or disabled. . 2022.08.23 22:44:43 - OpenVPN > Exiting due to fatal error ! 2022.08.23 22:44:43 - Disconnecting . 2022.08.23 22:44:43 - Routes, delete 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)". . 2022.08.23 22:44:43 - Routes, delete 184.75.223.229/32 for interface "Ethernet (Intel(R) Ethernet Connection (2) I219-V)", not exists. . 2022.08.23 22:44:43 - Connection terminated. I 2022.08.23 22:44:46 - Cancel requested. ! 2022.08.23 22:44:46 - Session terminated. Quote Share this post Link to post
willee_wonkee 0 Posted ... (edited) This looks relevant to my current problem. I have several (3) machines currently logged in and connected, using AirVPN with no issues. I also have a new machine today, now using "Release Linux Mint 21 Vanessa 64-bit", when the others are using Mint 20 or maybe even Mint 19. This new machine perpetually retries, never connects: I 2022.08.23 22:14:44 - Checking login ... ! 2022.08.23 22:14:45 - Logged in. I 2022.08.23 22:14:56 - Session starting. I 2022.08.23 22:14:57 - Checking authorization ... ! 2022.08.23 22:14:57 - Connecting to Nahn (Canada, Vancouver) . 2022.08.23 22:14:57 - Routes, add 192.30.89.69/32 for interface "enp0s31f6". . 2022.08.23 22:14:57 - Routes, add 192.30.89.69/32 for interface "enp0s31f6", already exists. . 2022.08.23 22:14:58 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 . 2022.08.23 22:14:58 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 . 2022.08.23 22:14:58 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.08.23 22:14:58 - OpenVPN > Cannot load inline certificate file . 2022.08.23 22:14:58 - OpenVPN > Exiting due to fatal error ! 2022.08.23 22:14:58 - Disconnecting . 2022.08.23 22:14:58 - Routes, delete 192.30.89.69/32 for interface "enp0s31f6". . 2022.08.23 22:14:58 - Routes, delete 192.30.89.69/32 for interface "enp0s31f6", not exists. . 2022.08.23 22:14:58 - Connection terminated. I 2022.08.23 22:15:01 - Checking authorization ... ! 2022.08.23 22:15:01 - Connecting to Titawin (Canada, Vancouver) . 2022.08.23 22:15:01 - Routes, add 192.30.89.61/32 for interface "enp0s31f6". . 2022.08.23 22:15:02 - Routes, add 192.30.89.61/32 for interface "enp0s31f6", already exists. . 2022.08.23 22:15:02 - OpenVPN > OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 . 2022.08.23 22:15:02 - OpenVPN > library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 . 2022.08.23 22:15:02 - OpenVPN > OpenSSL: error:0A00018E:SSL routines::ca md too weak . 2022.08.23 22:15:02 - OpenVPN > Cannot load inline certificate file . 2022.08.23 22:15:02 - OpenVPN > Exiting due to fatal error ! 2022.08.23 22:15:02 - Disconnecting . 2022.08.23 22:15:02 - Sending soft termination signal . 2022.08.23 22:15:02 - Routes, delete 192.30.89.61/32 for interface "enp0s31f6". . 2022.08.23 22:15:02 - Routes, delete 192.30.89.61/32 for interface "enp0s31f6", not exists. . 2022.08.23 22:15:02 - Connection terminated. I 2022.08.23 22:15:05 - Cancel requested. I would use the suggested fix, but I"m concerned that it will break the other machines which are quite happy. Is this a new issue with the newest Mint (21), or something else? Can I apply the suggested fix without breaking the other machines? Thanks Edited ... by willee_wonkee I love AirVPN Quote Share this post Link to post
tioker 2 Posted ... Hye willee_wonkee Did you apply this solution ? Quote Share this post Link to post
willee_wonkee 0 Posted ... I reread the instructions for the fix (renew the certificate), saw elsewhere that Mint 21's updated ssl/openvpn was the immediate cause of the problem on the new machine, and that I've been using AirVPN so long that my certificates were antiques. So renew, watch existing connections drop, log in/out, cross my fingers, and restart everywhere and ... all is well again. Quote Share this post Link to post
Staff 9950 Posted ... @seanwezzy81 Hello! That's a different problem. The following interface: Quote . 2022.08.23 22:44:32 - Using WinTun network interface "Local Area Connection 2 (Kaspersky VPN)" is causing a critical error: Quote . 2022.08.23 22:44:38 - OpenVPN > All wintun adapters on this system are currently in use or disabled. . 2022.08.23 22:44:38 - OpenVPN > Exiting due to fatal error Eddie's developer is looking into the apparent incompatibility or conflict, which occurs even with NordVPN and ExpressVPN wintun interfaces and causes OpenVPN to exit. In the the meantime you should be able to resolve the problem by disabling the Kaspersky Wintun interface. Kind regards Quote Share this post Link to post
lnbtkyjjkw 0 Posted ... On 7/13/2022 at 10:17 AM, Staff said: Thank you, had the same problem and this worked for me, too. Cheers!🙂 Hello! The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed! Please: log your AirVPN account in to the web site click "Client Area" from the upper menu click the "Devices" button click your client/key pair "Details" button click "Renew" from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved. Detailed instructions here:https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards Quote Share this post Link to post
tammo 5 Posted ... Yes, thanks, that (post 2 + 4 (delete default.profile from Eddie) also solved my problem . My Manjaro had an update from openssl 1.1.1.q-1 to 3.0.7.-2 and that triggered the problem, as I'm also one of the "old" customers (who still used SHA1)! :) Quote Share this post Link to post
cstreet 3 Posted ... "3 sec restart loop" problem fixed after updating the certificate, using the clear explanation and instructions provided by staff above. Grazie, Edoardo - from New World. Quote Share this post Link to post
dalesd 6 Posted ... On 7/13/2022 at 4:17 AM, Staff said: Hello! The error here is different. OpenSSL 3 doesn't accept certificates signed through SHA1. Since 2017 we have been signing client certificates with SHA512 and you have a pair generated in 2016. We don't force the renewal to avoid sudden and unexpected disconnections to our unaware users. Thank you, you're a long time customer indeed! Please: log your AirVPN account in to the web site click "Client Area" from the upper menu click the "Devices" button click your client/key pair "Details" button click "Renew" from Eddie main window uncheck "Remember me", log your account out and then in again (you will have to re-enter your AirVPN account credentials) and the problem will get resolved. Detailed instructions here:https://airvpn.org/forums/topic/26209-how-to-manage-client-certificatekey-pairs/ Kind regards I had this issue when upgrading to Ubuntu Mate 22.04LTS and this fixed it for me. Thanks. Customer since 2014 1 Staff reacted to this Quote Share this post Link to post