Block vpn in Russia?

[Fischer 0]

VPN connection does not connect on my IPhone(13 pro) in the OpenVPN app, infinite download followed by an error. I use connection type TCP-443,53,80 ; does not connect. What should I do? 
*I live in Russia, using a Wi-Fi network*

[hawaf 0]

Hello, from yesterday a lot of users from Russia had a problem with connection. How we could resolve the problem? Or vpn in Russia died?

[allexstorm 0]

I have same problem today too (( phone and 2 pc

[Fischer 0]

5 hours ago, hawaf said:

Hello, from yesterday a lot of users from Russia had a problem with connection. How we could resolve the problem? Or vpn in Russia died?

The VPN is still working on my PC, I don't know why it stopped on my phone, do you know how to fix it?

[Blum264 0]

Same problem today (phone and pc through WireGuard).

 

Logs:

2024-05-22 16:28:27.143: [TUN] [wg] Starting WireGuard/0.5.3 (Windows 10.0.19045; amd64)
2024-05-22 16:28:27.144: [TUN] [wg] Watching network interfaces
2024-05-22 16:28:27.145: [TUN] [wg] Resolving DNS names
2024-05-22 16:28:28.353: [TUN] [wg] Creating network adapter
2024-05-22 16:28:28.565: [TUN] [wg] Using existing driver 0.10
2024-05-22 16:28:28.573: [TUN] [wg] Creating adapter
2024-05-22 16:28:28.916: [TUN] [wg] Using WireGuardNT/0.10
2024-05-22 16:28:28.916: [TUN] [wg] Enabling firewall rules
2024-05-22 16:28:28.826: [TUN] [wg] Interface created
2024-05-22 16:28:28.924: [TUN] [wg] Dropping privileges
2024-05-22 16:28:28.925: [TUN] [wg] Setting interface configuration
2024-05-22 16:28:28.925: [TUN] [wg] Peer 1 created
2024-05-22 16:28:28.927: [TUN] [wg] Setting device v4 addresses
2024-05-22 16:28:28.926: [TUN] [wg] Sending keepalive packet to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:28.926: [TUN] [wg] Sending handshake initiation to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:28.927: [TUN] [wg] Interface up
2024-05-22 16:28:28.990: [TUN] [wg] Startup complete
2024-05-22 16:28:33.968: [TUN] [wg] Sending handshake initiation to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:39.015: [TUN] [wg] Sending handshake initiation to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:44.037: [TUN] [wg] Handshake for peer 1 (134.19.179.197:1637) did not complete after 5 seconds, retrying (try 2)
2024-05-22 16:28:44.037: [TUN] [wg] Sending handshake initiation to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:49.093: [TUN] [wg] Sending handshake initiation to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:54.134: [TUN] [wg] Handshake for peer 1 (134.19.179.197:1637) did not complete after 5 seconds, retrying (try 2)
2024-05-22 16:28:54.134: [TUN] [wg] Sending handshake initiation to peer 1 (134.19.179.197:1637)
2024-05-22 16:28:59.205: [TUN] [wg] Handshake for peer 1 (134.19.179.197:1637) did not complete after 5 seconds, retrying (try 2)
 

Edited ... by Blum264

[Staff 9838]

Hello!

We're still gathering information from various sources, therefore this is only a provisional answer. At the moment:
 

• OpenVPN over SSH and OpenVPN over SSL, to various ports except port 53, work
• WireGuard to port 51820 works on a limited set of servers. Unfortunately reports on this subject contradict each other about working servers so we can't say for sure which ones. UPDATE: multiple confirmations that WireGuard to port 51820 works on various servers, but not all of them
• access to bootstrap servers is blocked therefore you can't use Eddie Desktop or Android edition, or the AirVPN Suite integration, but you will need configuration files. UPDATE: we have new reports confirming that "secret" bootstrap servers DO work. You will obtain them by opening a ticket only from your valid AirVPN account
• to generate configuration from the Configuration Generator it's crucial that you can access one of our web sites. Currently they seem all accessible
• configuration files can be used with Eddie Android edition, Hummingbird, OpenVPN and WireGuard native clients, and Eddie Desktop edition through the external provider support option
• OpenVPN in tls-crypt mode over TCP to port 443 (connect to entry-IP address 3 to have this mode) works but only towards a small amount of servers (please test as many as you can)

Kind regards
 

[zimbabwe 4]

Yes, direct OpenVPN, Wireguard and even Tor is now blocked at the TLS handshake stage, because any traffic containing no recognizable data is now rejected by default (just like in China).

Currently this may be circumvented by using SSH or SSL wrapping. More on how to set up an SSH tunnel is here, and the same about SSL is here.

The method is this: you first start an SSL or an SSH client in proxy mode, it connects to a remote AirVPN server, then you start a normal OpenVPN client but specifying it to connect to 127.0.0.1:proxy_port instead of a remote AirVPN server. All the needed settings are already in the config files generated by the Config Generator.

The connection will still be slow and possibly unreliable. I guess DPI is trying to analyze all traffic going to the foreign servers (besides YouTube, Google, etc.) and throttles it if some statistical patterns are detected.

The solution for Tor is to use a webtunnel bridge - those were recently implemented and use the same "fake HTTPS traffic" approach.

[4ni4 1]

Reinstalled all of the tunnels, updated all of the configs. Using UPD Oceania to port 443. It started working yay around 9 pm. Also had luck to connect for an hr during the day. PC.
My phone still doesn't connect. Yet connects via wireguard to wrap (lol).  But I think I will just uninstall openvpn and other tunnels on it and update configs as well.
My cofigs were also old, I was getting error message, that open vpn will stop supporting it soon.
Thanks for this thread, awesome to see that you are not alone 

Edited ... by 4ni4

[milamber 0]

Starting today (Saturday) we have the same issue in Belarus...
iOS: German server works via WG using cellular network (it seems A1 carrier doesn't work with any server/connection)
PC/Mac: OpenVPN over SSL works as well as OpenVPN over TOR. Vanilla WireGuard and OpenVPN don't work for ip addresses outside country. Local WG home-to-home works for now.

 

[Vosiley 2]

please fix config generator for SSL ipv6 connection
1.

remote 127.0.0.1 1413

is not a valid ipv6 address
2.

route 2a02:4840:2:226:5704:5836:cab9:e03b 255.255.255.255 net_gateway

also needs to be fixed.

[ShadeVPN 0]

SSH in Eddie-UI doesnt work because WARNING: UNPROTECTED PRIVATE KEY FILE!
BTW it worked before
Here is an example of the connection:
 

. 2024.05.27 00:39:34 - Elevated: Command:service-conn-mode
I 2024.05.27 00:39:44 - Session starting.
I 2024.05.27 00:39:45 - Checking authorization ...
. 2024.05.27 00:39:45 - Elevated: Command:wintun-adapter-ensure
. 2024.05.27 00:39:46 - Added new network interface "Eddie", Wintun version 0.12
. 2024.05.27 00:39:46 - Using WinTun network interface "Eddie (Wintun Userspace Tunnel)"
! 2024.05.27 00:39:46 - Connecting to Asterion (United Kingdom of Great Britain and Northern Ireland, London)
. 2024.05.27 00:39:46 - Elevated: Command:route-list
. 2024.05.27 00:39:46 - Elevated: Command:route
. 2024.05.27 00:39:46 - Elevated: Exec, path:'C:\Windows\system32\netsh.exe', arg:'interface  ipv4 add route prefix="217.151.98.169/32" interface="15" nexthop="192.168.0.1" metric=0 store=active', exit:0, out:'��.'
. 2024.05.27 00:39:46 - Routes, add 217.151.98.169/32 for interface "Ethernet (Realtek PCIe GbE Family Controller)".
. 2024.05.27 00:39:47 - Elevated: Command:route-list
. 2024.05.27 00:39:47 - Routes, add 217.151.98.169/32 for interface "Ethernet (Realtek PCIe GbE Family Controller)", already exists.
. 2024.05.27 00:39:47 - Exec(8) of 'C:\Windows\system32\icacls.exe', 1 args: '"C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key" /c /t /inheritance:d';
. 2024.05.27 00:39:47 - Exec(8) done in 62 ms, exit: 0, out: '®Ўа Ў®в ­­л© д ©«: C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key
. 2024.05.27 00:39:47 -     “бЇҐи­® ®Ўа Ў®в ­® 1 д ©«®ў; ­Ґ г¤ «®бм ®Ўа Ў®в вм 0 д ©«®ў'
. 2024.05.27 00:39:47 - Exec(9) of 'C:\Windows\system32\icacls.exe', 1 args: '"C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key" /c /t /grant "Asia":F';
. 2024.05.27 00:39:47 - Exec(9) done in 47 ms, exit: 0, out: '®Ўа Ў®в ­­л© д ©«: C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key
. 2024.05.27 00:39:47 -     “бЇҐи­® ®Ўа Ў®в ­® 1 д ©«®ў; ­Ґ г¤ «®бм ®Ўа Ў®в вм 0 д ©«®ў'
. 2024.05.27 00:39:47 - Exec(10) of 'C:\Windows\system32\icacls.exe', 1 args: '"C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key" /c /t /remove:g *S-1-5-11';
. 2024.05.27 00:39:47 - Exec(10) done in 47 ms, exit: 0, out: '®Ўа Ў®в ­­л© д ©«: C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key
. 2024.05.27 00:39:47 -     “бЇҐи­® ®Ўа Ў®в ­® 1 д ©«®ў; ­Ґ г¤ «®бм ®Ўа Ў®в вм 0 д ©«®ў'
. 2024.05.27 00:39:47 - Exec(11) of 'C:\Windows\system32\icacls.exe', 1 args: '"C:\Air\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key" /c /t /remove Administrator "BUILTIN\Administrators" "NT AUTHORITY\Authenticated Users" "BUILTIN\Users" BUILTIN Everyone System Users';
. 2024.05.27 00:39:47 - Exec(11) done in 47 ms, exit: 1332, out: '“бЇҐи­® ®Ўа Ў®в ­® 0 д ©«®ў; ­Ґ г¤ «®бм ®Ўа Ў®в вм 0 д ©«®ў'
. 2024.05.27 00:39:47 - SSH > OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
. 2024.05.27 00:39:47 - SSH > debug1: Connecting to 217.151.98.169 [217.151.98.169] port 22.
. 2024.05.27 00:39:47 - SSH > debug1: Connection established.
. 2024.05.27 00:39:47 - SSH > debug1: identity file C:\\Air\\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key type -1
. 2024.05.27 00:39:47 - SSH > debug1: identity file C:\\Air\\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key-cert type -1
. 2024.05.27 00:39:47 - SSH > debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
. 2024.05.27 00:39:47 - SSH > debug1: Remote protocol version 2.0, remote software version OpenSSH_8.4p1 Debian-5+deb11u1
. 2024.05.27 00:39:47 - SSH > debug1: match: OpenSSH_8.4p1 Debian-5+deb11u1 pat OpenSSH* compat 0x04000000
. 2024.05.27 00:39:47 - SSH > debug1: Authenticating to 217.151.98.169:22 as 'sshtunnel'
. 2024.05.27 00:39:47 - SSH > debug1: SSH2_MSG_KEXINIT sent
. 2024.05.27 00:39:47 - SSH > debug1: SSH2_MSG_KEXINIT received
. 2024.05.27 00:39:47 - SSH > debug1: kex: algorithm: curve25519-sha256
. 2024.05.27 00:39:47 - SSH > debug1: kex: host key algorithm: ecdsa-sha2-nistp256
. 2024.05.27 00:39:47 - SSH > debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
. 2024.05.27 00:39:47 - SSH > debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
. 2024.05.27 00:39:47 - SSH > debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
. 2024.05.27 00:39:47 - SSH > debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3byhtSSm8ht418/v/+fhwQUlD8WLStutMYbrBYGtRjY
. 2024.05.27 00:39:47 - SSH > Warning: Permanently added '217.151.98.169' (ECDSA) to the list of known hosts.
. 2024.05.27 00:39:47 - SSH > debug1: rekey out after 134217728 blocks
. 2024.05.27 00:39:47 - SSH > debug1: SSH2_MSG_NEWKEYS sent
. 2024.05.27 00:39:47 - SSH > debug1: expecting SSH2_MSG_NEWKEYS
. 2024.05.27 00:39:47 - SSH > debug1: SSH2_MSG_NEWKEYS received
. 2024.05.27 00:39:47 - SSH > debug1: rekey in after 134217728 blocks
. 2024.05.27 00:39:47 - SSH > debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
. 2024.05.27 00:39:47 - SSH > debug1: Will attempt key: C:\\Air\\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key  explicit
. 2024.05.27 00:39:47 - SSH > debug1: SSH2_MSG_EXT_INFO received
. 2024.05.27 00:39:47 - SSH > debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
. 2024.05.27 00:39:48 - SSH > debug1: SSH2_MSG_SERVICE_ACCEPT received
. 2024.05.27 00:39:48 - SSH > debug1: Authentications that can continue: publickey
. 2024.05.27 00:39:48 - SSH > debug1: Next authentication method: publickey
. 2024.05.27 00:39:48 - SSH > debug1: Trying private key: C:\\Air\\d10495cf01e5ead7a92c0dcc5112f836c87b8d4b1311348f85df54572a041710.tmp.key
. 2024.05.27 00:39:48 - SSH > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
. 2024.05.27 00:39:48 - SSH > @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
. 2024.05.27 00:39:48 - SSH > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
. 2024.05.27 00:39:48 - SSH > Permissions for 'C:\\Air\\d10495cf01e5ead7a42c0dcc5112f836c47b8d4b1311348f85df54572a041710.tmp.key' are too open.
. 2024.05.27 00:39:48 - SSH > It is required that your private key files are NOT accessible by others.
. 2024.05.27 00:39:48 - SSH > This private key will be ignored.
. 2024.05.27 00:39:48 - SSH > Load key "C:\\Air\\d10495cf01e5ead7a42c0dcc5112f436c87b8d4b1311348f85df54572a041710.tmp.key": bad permissions
. 2024.05.27 00:39:48 - SSH > debug1: No more authentication methods to try.
. 2024.05.27 00:39:48 - SSH > sshtunnel@217.151.98.169: Permission denied (publickey).
! 2024.05.27 00:39:48 - Disconnecting
. 2024.05.27 00:39:48 - Elevated: Command:route-list
. 2024.05.27 00:39:48 - Elevated: Command:route
. 2024.05.27 00:39:48 - Elevated: Exec, path:'C:\Windows\system32\netsh.exe', arg:'interface  ipv4 del route prefix="217.151.98.169/32" interface="15" nexthop="192.168.0.1" store=active', exit:0, out:'��.'
. 2024.05.27 00:39:48 - Routes, delete 217.151.98.169/32 for interface "Ethernet (Realtek PCIe GbE Family Controller)".
. 2024.05.27 00:39:48 - Elevated: Command:route-list
. 2024.05.27 00:39:48 - Routes, delete 217.151.98.169/32 for interface "Ethernet (Realtek PCIe GbE Family Controller)", not exists.
. 2024.05.27 00:39:48 - Connection terminated.
I 2024.05.27 00:39:51 - Cancel requested.
. 2024.05.27 00:39:51 - Elevated: Command:wintun-adapter-removepool
! 2024.05.27 00:39:52 - Session terminated.

[Clodo 172]

18 hours ago, ShadeVPN said:

SSH in Eddie-UI doesnt work because WARNING: UNPROTECTED PRIVATE KEY FILE!
BTW it worked before
Here is an example of the connection:
 

We currently cannot reproduce this issue, still under investigation.
In the meantime, you can check Preferences > Advanced > "Force usage of bundled plink.exe" to restore the old method.
Thanks for the feedback.

[2lexcross 0]

Quote

У кого так же, как у меня перестал подключаться впн, поменяйте протокол, я потыкал и вот через эти впн снова заработал. Надеюсь кому то помог. 

Smart boy, but what about 100x speed decreasing?

______

There are still live servers on UDP and wireguard, I don’t want to write about them in case they are watching.
The most interesting thing is that if the handshaking has already passed, then connect works without any problems 100M in - 100M out, I have one live session to an already banned server for 1 week. Somehow we need to figure out how to switch from the encrypted SSH to the UDP seamlessly, or just buy some proxies for bitcoins

[AG999 3]

On 5/28/2024 at 3:51 AM, 2lexcross said:

Smart boy, but what about 100x speed decreasing?

______

There are still live servers on UDP and wireguard, I don’t want to write about them in case they are watching.
The most interesting thing is that if the handshaking has already passed, then connect works without any problems 100M in - 100M out, I have one live session to an already banned server for 1 week. Somehow we need to figure out how to switch from the encrypted SSH to the UDP seamlessly, or just buy some proxies for bitcoins

SSH>TCP didnt make my speed worse, I am still able to get 300+ Mbit like this Edited ... by AG999
mistake

[kondratiy 0]

Any guide how to config ssh>>tcp openvpn at mikrotik router?

[ATm 0]

What about android AirVPN app? I can't find any settings related to SSH/SSL protocol here

[oderich 0]

I just came upon this thread. I think there should be a proper updated guide from the staff or someone who has been able to setup TCP over SSH without the eddie client on windows/linux/mac/android.
 

3 hours ago, ATm said:

What about android AirVPN app? I can't find any settings related to SSH/SSL protocol here

The android version of eddie doesn't supports TCP over SSH as well as the guide for doing it manually on android did not work for me.

I have managed to use that thing on my very restrictive corporate/work wifi network and it was working. If you have it connected your windows device via Ethernet it will be better. but wifi will work as usual.

Windows:

Step 1 : Select the TCP over SSH connection in eddie UI client on windows and connect and under network lock allow DHCP,if you use network lock

Step 2: Go to mobile hotspot option on windows network and internet and turn it on.

Step 3: Go to network connections.
           You should see a new local area connection* and you will see Microsoft wifi direct virtual adapter under it.
           You will also see a network adapter named - Eddie Tunnel

Step 4: Open eddie tunnel properties (right click on it) and goto the sharing tab

Step 5: select the option - Allow other network users to connect through the computer's internet connection. (It will show a message that its being used by the wireless network, ignore it)

Step 6: select the local area connection * option and click ok


Now when you are connected to the wifi hotspot (that is created in the second step) of your PC/laptop you are connected to the VPN on any of your devices.
The few problems you will face it. Possible DHCP attacks if you dont own the router , Hotspot will fail to connect sometimes and if your connection drops you will have to remove your router wifi password from your android/ios device and turn off mobile data so in case if windows mess up and shuts down the hotspot due to some reason you will not leak data.

I know this is a very lengthy method and it will be slow as well but thats the only way I could find RN. 

 

[farenom 0]

On 6/9/2024 at 7:42 PM, oderich said:

I just came upon this thread. I think there should be a proper updated guide from the staff or someone who has been able to setup TCP over SSH without the eddie client on windows/linux/mac/android.
 

The android version of eddie doesn't supports TCP over SSH as well as the guide for doing it manually on android did not work for me.

I have managed to use that thing on my very restrictive corporate/work wifi network and it was working. If you have it connected your windows device via Ethernet it will be better. but wifi will work as usual.

Windows:

Step 1 : Select the TCP over SSH connection in eddie UI client on windows and connect and under network lock allow DHCP,if you use network lock

Step 2: Go to mobile hotspot option on windows network and internet and turn it on.

Step 3: Go to network connections.
           You should see a new local area connection* and you will see Microsoft wifi direct virtual adapter under it.
           You will also see a network adapter named - Eddie Tunnel

Step 4: Open eddie tunnel properties (right click on it) and goto the sharing tab

Step 5: select the option - Allow other network users to connect through the computer's internet connection. (It will show a message that its being used by the wireless network, ignore it)

Step 6: select the local area connection * option and click ok


Now when you are connected to the wifi hotspot (that is created in the second step) of your PC/laptop you are connected to the VPN on any of your devices.
The few problems you will face it. Possible DHCP attacks if you dont own the router , Hotspot will fail to connect sometimes and if your connection drops you will have to remove your router wifi password from your android/ios device and turn off mobile data so in case if windows mess up and shuts down the hotspot due to some reason you will not leak data.

I know this is a very lengthy method and it will be slow as well but thats the only way I could find RN. 

 

thank you. It's a very good option for those who aren't lazy.

[ATm 0]

Can't connect via Rostelecom ISP
Trying all SSL/SSH protocols in config., no luck

I 2024.07.20 19:20:28 - Session starting.
I 2024.07.20 19:20:30 - Checking authorization ...
. 2024.07.20 19:20:30 - IPv6 disabled with packet filtering.
! 2024.07.20 19:20:30 - Connecting to Ain (Sweden, Stockholm)
. 2024.07.20 19:20:30 - Routes, added a new route, 128.127.104.81 for gateway 192.168.0.1
. 2024.07.20 19:20:31 - SSH > Looking up host "128.127.104.81"
. 2024.07.20 19:20:31 - SSH > Connecting to 128.127.104.81 port 22
. 2024.07.20 19:20:31 - SSH > We claim version: SSH-2.0-PuTTY_Release_0.67
. 2024.07.20 19:20:31 - SSH > Server version: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
. 2024.07.20 19:20:31 - SSH > Using SSH protocol version 2
. 2024.07.20 19:20:31 - SSH > Doing Diffie-Hellman group exchange
. 2024.07.20 19:20:31 - SSH > Doing Diffie-Hellman key exchange with hash SHA-256
. 2024.07.20 19:20:31 - SSH > Host key fingerprint is:
. 2024.07.20 19:20:31 - SSH > ssh-rsa 2048 df:ac:f0:c8:a0:da:f3:08:2b:1c:51:27:0c:13:08:02
. 2024.07.20 19:20:31 - SSH > The server's host key is not cached in the registry. You
. 2024.07.20 19:20:31 - SSH > have no guarantee that the server is the computer you
. 2024.07.20 19:20:31 - SSH > think it is.
. 2024.07.20 19:20:31 - SSH > The server's rsa2 key fingerprint is:
. 2024.07.20 19:20:31 - SSH > ssh-rsa 2048 df:ac:f0:c8:a0:da:f3:08:2b:1c:51:27:0c:13:08:02
. 2024.07.20 19:20:31 - SSH > If you trust this host, enter "y" to add the key to
. 2024.07.20 19:20:31 - SSH > PuTTY's cache and carry on connecting.
. 2024.07.20 19:20:31 - SSH > If you want to carry on connecting just once, without
. 2024.07.20 19:20:31 - SSH > adding the key to the cache, enter "n".
. 2024.07.20 19:20:31 - SSH > If you do not trust this host, press Return to abandon the
. 2024.07.20 19:20:31 - SSH > connection.
. 2024.07.20 19:20:32 - SSH > Store key in cache? (y/n) Initialised AES-256 SDCTR client->server encryption
. 2024.07.20 19:20:32 - SSH > Initialised HMAC-SHA-256 client->server MAC algorithm
. 2024.07.20 19:20:32 - SSH > Initialised AES-256 SDCTR server->client encryption
. 2024.07.20 19:20:32 - SSH > Initialised HMAC-SHA-256 server->client MAC algorithm
. 2024.07.20 19:20:32 - SSH > Reading private key file "C:\Users\sopho\AppData\Local\AirVPN\dd47b63f0ff28f79d64355bc28d1235a7e41734256fcfc11e8f3e567858dc0c5.tmp.ppk"
. 2024.07.20 19:20:32 - SSH > Using username "sshtunnel".
. 2024.07.20 19:20:32 - SSH > Offered public key
. 2024.07.20 19:20:32 - SSH > Offer of public key accepted
. 2024.07.20 19:20:32 - SSH > Authenticating with public key ""
. 2024.07.20 19:20:32 - SSH > Sent public key signature
. 2024.07.20 19:20:32 - SSH > Access granted
. 2024.07.20 19:20:32 - SSH > Local port 37705 forwarding to 127.0.0.1:2018
. 2024.07.20 19:20:32 - OpenVPN > OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 27 2018
. 2024.07.20 19:20:32 - OpenVPN > Windows version 6.2 (Windows 8 or greater) 64bit
. 2024.07.20 19:20:32 - OpenVPN > library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
. 2024.07.20 19:20:32 - Connection to OpenVPN Management Interface
. 2024.07.20 19:20:32 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2024.07.20 19:20:32 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2024.07.20 19:20:32 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2024.07.20 19:20:32 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:37705
. 2024.07.20 19:20:32 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]
. 2024.07.20 19:20:32 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:37705 [nonblock]
. 2024.07.20 19:20:32 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:37705
. 2024.07.20 19:20:32 - OpenVPN > TCP_CLIENT link local: (not bound)
. 2024.07.20 19:20:32 - OpenVPN > TCP_CLIENT link remote: [AF_INET]127.0.0.1:37705
. 2024.07.20 19:20:32 - SSH > Opening connection to 127.0.0.1:2018 for forwarding from 127.0.0.1:57960
. 2024.07.20 19:20:32 - SSH > Remote debug message: /home/sshtunnel/.ssh/authorized_keys:1: key options: agent-forwarding command permitopen port-forwarding user-rc
. 2024.07.20 19:20:32 - Above log line repeated 1 times more
. 2024.07.20 19:20:32 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100
. 2024.07.20 19:20:32 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:37705, sid=c9f922f2 14e27185
. 2024.07.20 19:20:33 - OpenVPN > VERIFY ERROR: depth=1, error=certificate has expired: C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2024.07.20 19:20:33 - OpenVPN > OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
. 2024.07.20 19:20:33 - OpenVPN > TLS_ERROR: BIO read tls_read_plaintext error
. 2024.07.20 19:20:33 - OpenVPN > TLS Error: TLS object -> incoming plaintext read error
. 2024.07.20 19:20:33 - OpenVPN > TLS Error: TLS handshake failed
. 2024.07.20 19:20:33 - OpenVPN > Fatal TLS error (check_tls_errors_co), restarting
. 2024.07.20 19:20:33 - OpenVPN > SIGUSR1[soft,tls-error] received, process restarting
. 2024.07.20 19:20:33 - OpenVPN > Restart pause, 5 second(s)
. 2024.07.20 19:20:33 - SSH > Forwarded port closed due to local error: Network error: Software caused connection abort
! 2024.07.20 19:20:33 - Disconnecting
. 2024.07.20 19:20:33 - Routes, removed a route previously added, 128.127.104.81 for gateway 192.168.0.1
. 2024.07.20 19:20:33 - Sending management termination signal
. 2024.07.20 19:20:33 - Management - Send 'signal SIGTERM'
. 2024.07.20 19:20:33 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM'
. 2024.07.20 19:20:33 - OpenVPN > SIGTERM[hard,init_instance] received, process exiting
. 2024.07.20 19:20:43 - Sending soft termination signal
. 2024.07.20 19:20:53 - Sending hard termination signal
. 2024.07.20 19:20:53 - Connection terminated.
. 2024.07.20 19:20:53 - IPv6 restored with packet filtering.
I 2024.07.20 19:20:56 - Checking authorization ...
. 2024.07.20 19:20:57 - IPv6 disabled with packet filtering.
! 2024.07.20 19:20:57 - Connecting to Nash (Netherlands, Alblasserdam)
. 2024.07.20 19:20:57 - Routes, added a new route, 213.152.161.26 for gateway 192.168.0.1
. 2024.07.20 19:20:57 - SSH > Looking up host "213.152.161.26"
. 2024.07.20 19:20:57 - SSH > Connecting to 213.152.161.26 port 22
. 2024.07.20 19:20:57 - SSH > We claim version: SSH-2.0-PuTTY_Release_0.67
. 2024.07.20 19:20:57 - SSH > Server version: SSH-2.0-OpenSSH_9.2p1 Debian-2
. 2024.07.20 19:20:57 - SSH > Using SSH protocol version 2
. 2024.07.20 19:20:57 - SSH > Couldn't agree a host key algorithm (available: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519)
. 2024.07.20 19:20:57 - SSH > FATAL ERROR: Couldn't agree a host key algorithm (available: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519)
! 2024.07.20 19:20:57 - Disconnecting
. 2024.07.20 19:20:58 - Routes, removed a route previously added, 213.152.161.26 for gateway 192.168.0.1
. 2024.07.20 19:20:58 - Connection terminated.
. 2024.07.20 19:20:58 - IPv6 restored with packet filtering.
I 2024.07.20 19:21:01 - Checking authorization ...
. 2024.07.20 19:21:01 - IPv6 disabled with packet filtering.
! 2024.07.20 19:21:01 - Connecting to Alphecca (Netherlands, Alblasserdam)
. 2024.07.20 19:21:01 - Routes, added a new route, 213.152.187.196 for gateway 192.168.0.1
. 2024.07.20 19:21:02 - SSH > Looking up host "213.152.187.196"
. 2024.07.20 19:21:02 - SSH > Connecting to 213.152.187.196 port 22
. 2024.07.20 19:21:02 - SSH > We claim version: SSH-2.0-PuTTY_Release_0.67
. 2024.07.20 19:21:02 - SSH > Server version: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
. 2024.07.20 19:21:02 - SSH > Using SSH protocol version 2
. 2024.07.20 19:21:02 - SSH > Couldn't agree a host key algorithm (available: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519)
. 2024.07.20 19:21:02 - SSH > FATAL ERROR: Couldn't agree a host key algorithm (available: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519)
! 2024.07.20 19:21:02 - Disconnecting
. 2024.07.20 19:21:02 - Routes, removed a route previously added, 213.152.187.196 for gateway 192.168.0.1
. 2024.07.20 19:21:02 - Connection terminated.
. 2024.07.20 19:21:02 - IPv6 restored with packet filtering.
I 2024.07.20 19:21:05 - Checking authorization ...
. 2024.07.20 19:21:05 - IPv6 disabled with packet filtering.
! 2024.07.20 19:21:05 - Connecting to Diadema (Belgium, Brussels)
. 2024.07.20 19:21:05 - Routes, added a new route, 194.187.251.164 for gateway 192.168.0.1
. 2024.07.20 19:21:06 - SSH > Looking up host "194.187.251.164"
. 2024.07.20 19:21:06 - SSH > Connecting to 194.187.251.164 port 22
. 2024.07.20 19:21:06 - SSH > We claim version: SSH-2.0-PuTTY_Release_0.67
. 2024.07.20 19:21:06 - SSH > Server version: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
. 2024.07.20 19:21:06 - SSH > Using SSH protocol version 2
. 2024.07.20 19:21:06 - SSH > Couldn't agree a host key algorithm (available: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519)
. 2024.07.20 19:21:06 - SSH > FATAL ERROR: Couldn't agree a host key algorithm (available: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519)
! 2024.07.20 19:21:06 - Disconnecting
. 2024.07.20 19:21:06 - Routes, removed a route previously added, 194.187.251.164 for gateway 192.168.0.1
. 2024.07.20 19:21:06 - Connection terminated.
. 2024.07.20 19:21:06 - IPv6 restored with packet filtering.

[Staff 9838]

1 hour ago, ATm said:

. 2024.07.20 19:20:33 - OpenVPN > VERIFY ERROR: depth=1, error=certificate has expired: C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

Hello!

Here the problem looks different, please see here to resolve this issue and test again:
https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?do=findComment&comment=231319

Kind regards
 

[ATm 0]

Yeah, thank you. My issue was not related to ISP but Eddie-UI. But simple relogin not fully helps - I got another issue with TAP, so reinstalled with reboot. After that SSH->TCP works smoothly

[zimbabwe 4]

Since about 3 days ago, when connecting via SSL tunnel manually (not using Eddie), I am getting the "Peer certificate required" error for almost all servers in the world. SSH tunnel works fine. I am using configuration files generated by the AirVPN Config Generator with all IPs pre-resolved and certificates/keys in separate files.

I am using my own script and a systemd service for automatic rotation of servers to make the connections look a bit more like normal connections, to prevent possible blacklisting (in case such a thing already exists).

If it's not an AirVPN problem, to me it looks like the sign of an attempted certificate substitution. In my script the stunnel daemon is started without any custom options, just by supplying the generated .ssl file.

Here is the log.
 

июл 21 14:04:53 *** systemd[1]: Starting openvpn_ssl_rotate.service - Rotate OpenVPN servers (SSL tunnel version)...
июл 21 14:04:58 *** systemd[1]: Started openvpn_ssl_rotate.service - Rotate OpenVPN servers (SSL tunnel version).
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Deleting the old full list... deleted
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Creating the full list of servers to rotate... created
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Shuffling the list... done
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: New server: AirVPN/AirVPN_RO-Bucharest_Alamak_SSL-443.conf
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Changing server: Done
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: Starting the SSL tunnel...
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: stunnel PID: 481555
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: Waiting for the tunnel to appear (10s max)...
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Initializing inetd mode configuration
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Initializing inetd mode configuration
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: stunnel 5.68 on x86_64-pc-linux-gnu platform
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: Compiled with OpenSSL 3.0.9 30 May 2023
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: Running  with OpenSSL 3.0.13 30 Jan 2024
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Initializing inetd mode configuration
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: Reading configuration from file /etc/openvpn/AirVPN_ssl/AirVPN_RO-Bucharest_Alamak_SSL-443.ssl
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: UTF-8 byte order mark not detected
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: FIPS mode disabled
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Compression disabled
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Initializing service [openvpn]
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: OpenSSL security level is used: 2
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Session resumption enabled
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Configured trusted server CA: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: DH initialization skipped: client section
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG5[ui]: Configuration successful
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Service [openvpn] (FD=9) bound to 127.0.0.1:1413
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[ui]: Accepting new connections
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: stunnel 5.68 on x86_64-pc-linux-gnu platform
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[cron]: Executing cron jobs
июл 21 14:04:59 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:04:59 LOG6[cron]: Cron jobs completed in 0 seconds
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: Compiled with OpenSSL 3.0.9 30 May 2023
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: Running  with OpenSSL 3.0.13 30 Jan 2024
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Initializing inetd mode configuration
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: Reading configuration from file /etc/openvpn/AirVPN_ssl/AirVPN_RO-Bucharest_Alamak_SSL-443.ssl
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: UTF-8 byte order mark not detected
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: FIPS mode disabled
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Compression disabled
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Initializing service [openvpn]
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: OpenSSL security level is used: 2
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Session resumption enabled
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Configured trusted server CA: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: DH initialization skipped: client section
июл 21 14:04:59 *** stunnel[481555]: LOG5[ui]: Configuration successful
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Service [openvpn] (FD=9) bound to 127.0.0.1:1413
июл 21 14:04:59 *** stunnel[481555]: LOG6[ui]: Accepting new connections
июл 21 14:04:59 *** stunnel[481555]: LOG6[cron]: Executing cron jobs
июл 21 14:04:59 *** stunnel[481555]: LOG6[cron]: Cron jobs completed in 0 seconds
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: SSL tunnel started
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: Starting the OpenVPN tunnel...
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: openvpn PID: 481561
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481531]: Starting tunnels: Waiting for the tunnel to appear (10s max)...
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 Note: --data-cipher-fallback with cipher 'AES-256-CBC' disables data channel offload.
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 library versions: OpenSSL 3.0.13 30 Jan 2024, LZO 2.10
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 DCO version: N/A
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1413
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 Socket Buffers: R=[131072->131072] S=[16384->16384]
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 TCP connection established with [AF_INET]127.0.0.1:1413
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 TCPv4_CLIENT link local: (not bound)
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481561]: 2024-07-21 14:05:00 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1413
июл 21 14:05:00 *** stunnel[481555]: LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:32804
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:05:00 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:32804
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:05:00 LOG6[0]: s_connect: connecting 91.207.102.166:443
июл 21 14:05:00 *** stunnel[481555]: LOG6[0]: s_connect: connecting 91.207.102.166:443
июл 21 14:05:00 *** stunnel[481555]: LOG5[0]: s_connect: connected 91.207.102.166:443
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:05:00 LOG5[0]: s_connect: connected 91.207.102.166:443
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:05:00 LOG5[0]: Service [openvpn] connected remote server from 192.168.0.111:49182
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:05:00 LOG6[0]: SNI: sending servername: 91.207.102.166
июл 21 14:05:00 *** stunnel[481555]: LOG5[0]: Service [openvpn] connected remote server from 192.168.0.111:49182
июл 21 14:05:00 *** stunnel[481555]: LOG6[0]: SNI: sending servername: 91.207.102.166
июл 21 14:05:00 *** stunnel[481555]: LOG6[0]: Peer certificate required
июл 21 14:05:00 *** openvpn_ssl_rotate.sh[481555]: 2024.07.21 14:05:00 LOG6[0]: Peer certificate required
июл 21 14:05:10 *** openvpn_ssl_rotate.sh[481531]: Killing stunnel (pid: 481555)...
июл 21 14:05:10 *** openvpn_ssl_rotate.sh[481531]: Killing openvpn (pid: 481561)...
июл 21 14:05:10 *** openvpn_ssl_rotate.sh[481531]: Daemons stopped
июл 21 14:05:10 *** openvpn_ssl_rotate.sh[481531]: Something went wrong. Trying another server...