auth-nocache
auth SHA1
auth-user-pass
ca cert_export_CA.crt
cert cert_export_MacBook.crt
cipher AES-256-CBC
client
dev tun
key cert_export_MacBook.key
mute-replay-warnings
nobind
persist-key
persist-tun
ping 15
ping-restart 45
ping-timer-rem
proto tcp
pull
redirect-gateway def1
remote-cert-tls server
remote storage-addict.io 51194
resolve-retry infinite
route 10.10.0.0 255.255.255.0 172.21.0.1
tls-client
verb 4
2017-03-18 13:33:44 MANAGEMENT: CMD 'username "Auth" "j_r0dd"'
2017-03-18 13:33:44 MANAGEMENT: CMD 'password [...]'
2017-03-18 13:33:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-18 13:33:44 Socket Buffers: R=[131072->131072] S=[131072->131072]
2017-03-18 13:33:44 MANAGEMENT: >STATE:1489858424,RESOLVE,,,
2017-03-18 13:33:45 Attempting to establish TCP connection with [AF_INET]47.203.55.123:51194 [nonblock]
2017-03-18 13:33:45 MANAGEMENT: >STATE:1489858425,TCP_CONNECT,,,
2017-03-18 13:33:46 TCP connection established with [AF_INET]47.203.55.123:51194
2017-03-18 13:33:46 TCPv4_CLIENT link local: [undef]
2017-03-18 13:33:46 TCPv4_CLIENT link remote: [AF_INET]47.203.55.123:51194
2017-03-18 13:33:46 MANAGEMENT: >STATE:1489858426,WAIT,,,
2017-03-18 13:33:46 MANAGEMENT: >STATE:1489858426,AUTH,,,
2017-03-18 13:33:46 TLS: Initial packet from [AF_INET]47.203.55.123:51194, sid=e996b4cd 854a218f
2017-03-18 13:33:46 VERIFY OK: depth=1, C=US, ST=FL, O=Storage-Addict, OU=IT, CN=CA
2017-03-18 13:33:46 VERIFY ERROR: could not extract CN from X509 subject string ('C=US, ST=FL, O=Storage-Addict, OU=IT') -- note that the username length is limited to 64 characters
2017-03-18 13:33:46 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2017-03-18 13:33:46 TLS_ERROR: BIO read tls_read_plaintext error
2017-03-18 13:33:46 TLS Error: TLS object -> incoming plaintext read error
2017-03-18 13:33:46 TLS Error: TLS handshake failed
2017-03-18 13:33:46 Fatal TLS error (check_tls_errors_co), restarting
2017-03-18 13:33:46 SIGUSR1[soft,tls-error] received, process restarting
2017-03-18 13:33:46 MANAGEMENT: >STATE:1489858426,RECONNECTING,tls-error,,
2017-03-18 13:33:46 MANAGEMENT: CMD 'hold release'
2017-03-18 13:33:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2017-03-18 13:33:46 Socket Buffers: R=[131072->131072] S=[131072->131072]
2017-03-18 13:33:46 MANAGEMENT: >STATE:1489858426,RESOLVE,,,
2017-03-18 13:33:46 Attempting to establish TCP connection with [AF_INET]47.203.55.123:51194 [nonblock]
2017-03-18 13:33:46 MANAGEMENT: >STATE:1489858426,TCP_CONNECT,,,
2017-03-18 13:33:47 TCP connection established with [AF_INET]47.203.55.123:51194
2017-03-18 13:33:47 TCPv4_CLIENT link local: [undef]
2017-03-18 13:33:47 TCPv4_CLIENT link remote: [AF_INET]47.203.55.123:51194
2017-03-18 13:33:47 MANAGEMENT: >STATE:1489858427,WAIT,,,
2017-03-18 13:33:47 MANAGEMENT: >STATE:1489858427,AUTH,,,
2017-03-18 13:33:47 TLS: Initial packet from [AF_INET]47.203.55.123:51194, sid=d7920203 c2cf4eb3
2017-03-18 13:33:49 *Tunnelblick: Disconnecting; user cancelled authorization
2017-03-18 13:33:50 *Tunnelblick: No 'pre-disconnect.sh' script to execute
2017-03-18 13:33:50 *Tunnelblick: Disconnecting using 'kill'
2017-03-18 13:33:50 MANAGEMENT: Client disconnected
2017-03-18 13:33:50 ERROR: could not read Auth username/password/ok/string from management interface
2017-03-18 13:33:46 VERIFY ERROR: could not extract CN from X509 subject string ('C=US, ST=FL, O=Storage-Addict, OU=IT') -- note that the username length is limited to 64 characters
--
You received this message because you are subscribed to a topic in the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tunnelblick-discuss/3m5llv8fRxs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.
--
I tried all the libreSSL options. I'll try to recreate the certificates when I get some extra time. I've just been using ssh reverse proxies on my MacBook to do what I need to when remote. The new EasyRSA rewrite isn't all that easy so I generated the certs on my Mikrotik router and exported them.
--Jared
--
Recreating the certs worked for my MacBook, but now my iPad and iPhone are throwing errors with PolarSSL...oh well the MacBook is more important for connecting to home. This is solved.
--Jared
On Mar 19, 2017, at 11:29 AM, Jared Wechsler <> wrote:
I'll report back when I generate through easyrsa 2. That's what I used for my VPS and works fine. I'm not sure what OpenSSL libraries mikrotik uses. Or the firmware I was on could have generated these bad certs. Thanks.
--Jared