C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file
C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file
2017-11-07 19:42:23
Model :

Hardware Version :

Firmware Version :

ISP :

Neither the OpenVPN client on my Mac nor on my Android phone will connect to the OpenVPN in the new firmware. This worked perfectly with the v1 firmware. Here is an extract from the Viscosity (mac client) log. The Androd client (OpenVPN Connect) detects the cert is bad without even trying to connect. It complains that "ASN1 tag was of an unexpected value".


[CODE]2017-11-07 19:35:44: State changed to Connecting
2017-11-07 19:35:44: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-11-07 19:35:44: TCP/UDP: Preserving recently used remote address: [AF_INET]61.123.123.123:1194
2017-11-07 19:35:44: UDP link local: (not bound)
2017-11-07 19:35:44: UDP link remote: [AF_INET]61.123.123.123:1194
2017-11-07 19:35:44: State changed to Authenticating
2017-11-07 19:35:44: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=CN, ST=GD, L=ShenZhen, O=TPLINK, OU=SOHO, CN=TPLINK CA, name=myuserver02, emailAddress=me@myhost.mydomain
2017-11-07 19:35:44: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2017-11-07 19:35:44: TLS_ERROR: BIO read tls_read_plaintext error
2017-11-07 19:35:44: TLS Error: TLS object -> incoming plaintext read error
2017-11-07 19:35:44: TLS Error: TLS handshake failed
2017-11-07 19:35:44: SIGUSR1[soft,tls-error] received, process restarting
2017-11-07 19:35:44: Viscosity Mac 1.7.5 (1420)
2017-11-07 19:35:44: Viscosity OpenVPN Engine Started
2017-11-07 19:35:44: Running on macOS 10.13.1[/CODE]
  0      
  0      
#1
Options
4 Reply
Re:C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file
2017-11-08 10:07:00
  0  
  0  
#2
Options
Re:C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file
2017-11-12 20:06:34
The firmware was rejected by the router. I expect because I've got the US version.

I tried the new update which mentions IOS and OpenVPN in the headline changes but that is bad too (I'm out so I can't give the the version number.) The certificate is ok but, unlike the v1 firmware it doesn't take into account that I'm using dynamic dns. The remote field in the configuration file is populated with the wan ip address which is a private ip handed out by my fibre modem. This worked out-of-the-box before.
  0  
  0  
#3
Options
Re:C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file
2017-11-13 18:38:57
Do you mean the C3150 is connected to your main router, and has private IP on WAN? Do you mean V1 worked out-of-the-box before or V2?
What's the current firmware version of your V2 router ?
  0  
  0  
#4
Options
Re:C3150 v2 firmware v2 OpenVPN: generates bad certificate/config file
2017-11-15 00:22:45
> Do you mean the C3150 is connected to your main router, and has private IP on WAN?
No, it's connected to a ONT fiber modem.

> Do you mean V1 worked out-of-the-box before or V2?
The current release for my router is: 3.0.0 0.9.1 v005f.0 Build 170926 Rel.63400n; I would say this is a v3 release. I bought the router in January and it was in a v1 release. About a two weeks ago I updated it to a v2 release.

By out of the box I mean it just worked. No fuss. Actually, I misread the interface in the Dynamic DNS section. It listed the dynamic dns I'd registerd with the router before and I thought it was bound but I was wrong and hence it was binding the the WAN ip address. When it was bound the remote field in the openvpn client config file listed the dynamic dns name as you would expect. However, although my openvpn clients would connect to it I still couldn't connect to anything on my network.

The pptp vpn did work correctly and I could connect to computers on my network. However, I disabled it again as, from what I read, is relatively insecure. A message in the log even suggested that encryption was disabled (ppp20 rcvd [LCP TermReq id=0x4 "MPPE disabled"].)

I've since setup L2TP on my NAS because I don't really want to mess around with this anymore.
  0  
  0  
#5
Options

Information

Helpful: 0

Views: 1466

Replies: 4

Related Articles