Home

Forums

Stories

Knowledge Base

Business Community > Routers > Unable to connect to OpenVPN server in Windows

< Routers

Unable to connect to OpenVPN server in Windows

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Unable to connect to OpenVPN server in Windows

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

beepi

2023-03-28 22:00:42 - last edited 2023-03-28 22:59:13

Posts: 11

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2023-03-28

Unable to connect to OpenVPN server in Windows

2023-03-28 22:00:42 - last edited 2023-03-28 22:59:13

Tags: #VPN

Model: ER605 (TL-R605)

Hardware Version: V2

Firmware Version: 2.1.2 Build 20230210

Hello,

I created an OpenVPN server on my router, but when trying to connect to it using OpenVPN client on Windows, I get some weird "certificate verify error".

Using the same opvn profile to connect from Ubuntu on WSL running on the same box, I am able to connect to the router.
Any idea why the cert verification fails only on OpenVPN connect client for Windows?

Thanks!

Lior

OpenVPN client log:

⏎[Mar 28, 2023, 22:31:19] UNUSED OPTIONS
5 [nobind]
8 [resolv-retry] [infinite]
10 [persist-key]
⏎[Mar 28, 2023, 22:31:19] EVENT: RESOLVE ⏎[Mar 28, 2023, 22:31:19] Contacting MY_WAN_IP:1194 via UDP
⏎[Mar 28, 2023, 22:31:19] EVENT: WAIT ⏎[Mar 28, 2023, 22:31:19] WinCommandAgent: transmitting bypass route to MY_WAN_IP
{
"host" : "MY_WAN_IP",
"ipv6" : false
}

⏎[Mar 28, 2023, 22:31:19] Connecting to [MY_WAN_IP]:1194 (MY_WAN_IP) via UDPv4
⏎[Mar 28, 2023, 22:31:19] EVENT: CONNECTING ⏎[Mar 28, 2023, 22:31:19] Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Mar 28, 2023, 22:31:19] Creds: UsernameEmpty/PasswordEmpty
⏎[Mar 28, 2023, 22:31:19] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_GUI_VER=OCWindows_3.3.7-2979
IV_SSO=webauth,openurl,crtext

⏎[Mar 28, 2023, 22:31:19] Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
⏎[Mar 28, 2023, 22:31:19] EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
⏎[Mar 28, 2023, 22:31:19] EVENT: DISCONNECTED
⏎[Mar 28, 2023, 22:32:42] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Feb 7 2023 16:08:10

6 Reply

beepi

LV1

2023-03-28 23:17:30 - last edited 2023-03-28 23:40:22

Posts: 11

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2023-03-28

Re:Unable to connect to OpenVPN server in Windows

2023-03-28 23:17:30 - last edited 2023-03-28 23:40:22

Update: I can now successfully connect from the Windows client as well. BUT! if I create a new OpenVPN server and try to connect to it, I get the same certificate error.

It makes me believe this is some sort of datetime issue with the certificate generation.

My router datetime is set correctly, same as my PC - I just confirmed. So I still can't figure what is the root cause of this issue.

Update 2: Luckily, Linux OpenVPN is more verbose. It just confirmed this is a datetime issue as the certificate is not yet valid.

Wed Mar 29 02:20:40 2023 VERIFY ERROR: depth=0, error=certificate is not yet valid: C=CN, ST=GD, L=ShenZhen, O=TP-Link,
OU=SMB-OMADA, CN=server_server0, name=EasyRSA, emailAddress=xxxx@xxxx

Last update: It seems that the router clock was out of sync, despite the fact that it appeared OK in the portal. I had two NTP servers configured, I just reconfigured them and disabled DST and now the OpenVPN cert is generated at the exact time.

Hank21

2023-03-29 06:12:52 - last edited 2023-03-29 06:13:06

Posts: 3673

Helpful: 718

Solutions: 497

Stories: 8

Registered: 2021-12-13

Re:Unable to connect to OpenVPN server in Windows

2023-03-29 06:12:52 - last edited 2023-03-29 06:13:06

Hello @beepi ，

Thanks for reporting this issue to our community.

Could you share the screenshot of your DST settings?

Did you set the boundary time (e.g. Jan 1st, Dec 30th) for the DST?

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

beepi

LV1

2023-03-29 07:04:10 - last edited 2023-03-29 08:37:54

Posts: 11

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2023-03-28

Re:Unable to connect to OpenVPN server in Windows

2023-03-29 07:04:10 - last edited 2023-03-29 08:37:54

@Hank21

Sure right now DST is disabled and the router time is 1 hour earlier than the actual time.

BTW, maybe I don't get it, but why "date mode" requires to specify a year? DST is yearly.

Check out the screenshot below. You have 3 timestamps here:

1) The filename timestamp - indicating the time of the generation which is 8:53)

2) The certificate timestamp which is 9:53

3) My PC time which is the time of file creation on disk - 9:53

Regardless of the DST setting (which is turned off), you can see that the certificate timestamp is 1 hour later than the actual router's clock (filename vs certificate which are supposed to be the same).

Hank21

2023-03-30 08:10:45 - last edited 2023-03-31 08:57:34

Posts: 3673

Helpful: 718

Solutions: 497

Stories: 8

Registered: 2021-12-13

Re:Unable to connect to OpenVPN server in Windows

2023-03-30 08:10:45 - last edited 2023-03-31 08:57:34

Hi @beepi，

Thanks for the detailed answer.

Could you please enable the DST feature and test it again?

beepi wrote

Check out the screenshot below. You have 3 timestamps here:

1) The filename timestamp - indicating the time of the generation which is 8:53)

2) The certificate timestamp which is 9:53

3) My PC time which is the time of file creation on disk - 9:53

After testing, could you describe the specific information of the issue in the format above?

May I know what version of OpenVPN client software is used on your Windows PC?

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

Hank21

2023-04-06 11:36:06

Posts: 3673

Helpful: 718

Solutions: 497

Stories: 8

Registered: 2021-12-13

Re:Unable to connect to OpenVPN server in Windows

2023-04-06 11:36:06

Hello @beepi,

Hope you are doing well. I’m wondering whether your concern was resolved finally?

If the issue still exists, please don't hesitate to reply to above post.

If your concern was resolved, welcome to update this topic thread and share your solution so that others may benefit from it.

We are looking forward to hearing from you again.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*

beepi

LV1

2023-04-06 20:52:06 - last edited 2023-04-06 20:54:04

Posts: 11

Helpful: 4

Solutions: 1

Stories: 0

Registered: 2023-03-28

Re:Unable to connect to OpenVPN server in Windows

2023-04-06 20:52:06 - last edited 2023-04-06 20:54:04

@Hank21

Hi, the issue is persistent. You may reproduce it with the steps I provided.

Since I found a workaround, I prefer not to mess with the router configuration at this point.
Keep in mind that waiting for 1hr before using the opvn file would also be considered a workaround, but not something that I would expect any user to know.

Unable to connect to OpenVPN server in Windows

Unable to connect to OpenVPN server in Windows

Information

Voters 0

Tags