OpenVPN - Something changed in android client and I do not know how to fix it

mumpitz · 6 September 2023 16:05

I has nothing changed in the config of OpenVPN Server and only import the file from ipfire in android client. Since a few days I get this error on server site, client tries to reconnect all the time.
Any advice here how to fix it?

15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 SIGUSR1[soft,tls-error] received, client-instance restarting
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 TLS Error: TLS handshake failed
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 TLS Error: TLS object → incoming plaintext read error
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 TLS_ERROR: BIO read tls_read_plaintext error
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 OpenSSL: error:0A000086:SSL routines::certificate verify faile d
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 VERIFY SCRIPT ERROR: depth=0, C=DE, ST=XXX, O=XXxXXx, CN=(Is also different!!)
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 WARNING: Failed running command (–tls-verify script): externa l program exited with error status: 1
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 VERIFY OK: depth=1, C=DE, ST=XXX, L=XxXxXX, O=xXXccCc, OU=Penthouse Chef, CN=XXxXXx
15:18:58 openvpnserver[3203]: XX.XX.XX.XX:9716 VERIFY SCRIPT OK: depth=1, C=DE, ST=XXX, L=XxXxXX, O=xXXccCc, OU=Penthouse Chef, CN=XXxXXx

@jon Thank you for remedying my inability to give English language a sense of meaning.

peppetech · 6 September 2023 19:41

This log is from the Android client?

could you verify on the server (IPFire) if the packets are arriving
tcpdump -ni eth0 udp and port 1194

that way you see if port forwarding on your modem / router is working

mumpitz · 7 September 2023 00:17

No on client side no errors, only try to reconnect … this is log from server side…

mumpitz · 8 September 2023 10:56

Can it be that I must use the CA certificate of the server now also in the android client?

bonnietwin · 9 September 2023 09:55

Not sure which Android client you are using. I am using OpenVPN for Android on Android version 11. My IPFire is on CU178.

I just tried copying my profile to the android again and remaking the profile in the android phone and it connected immediately without any problems.

The error you are getting is because the certificate details provided by the client are not matching with the ones on the server, so the server is retrying again.

On my OpenVPN for Android app I provide the file location for the .ovpn file first and then the file location for the ta.key and the .p12 file and that is all that was required on my system.

If you have changed anything on the server settings then you need to download the zip package from fresh.
I would suggest download the client connection package from IPFire from fresh and then copy to the android phone and try installing the client profile info again and see if that works.

mumpitz · 10 September 2023 02:14

Yes it works ,but what the hell has changed? I will never know it.