Dear all,
I am not sure if this is a certificate verification problem. I updated the server package on my Synology DSM. After that I couldn't log in to OpenVPN any more. I restored my certificates like after each server update. I am lost this time.
Thanks for your help!
*Tunnelblick: OS X 10.8.5; Tunnelblick 3.3.2 (build 3518.3792); prior version 3.3.0 (build 3518); Standard user
"Sanitized" configuration file for /Users/bodo/Library/Application Support/Tunnelblick/Configurations/flexlab.tblk:
dev tun
tls-client
remote
flexlab.no-ip.org 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 3600
auth-user-pass
================================================================================
Tunnelblick Log:
2014-04-26 13:37:59 *Tunnelblick: OS X 10.8.5; Tunnelblick 3.3.2 (build 3518.3792); prior version 3.3.0 (build 3518)
2014-04-26 13:38:00 *Tunnelblick: Attempting connection with flexlab using shadow copy; Set nameserver = 1; monitoring connection
2014-04-26 13:38:00 *Tunnelblick: openvpnstart start flexlab.tblk 1337 1 0 1 0 1329 -ptADGNWradsgnw 2.2.1
2014-04-26 13:38:00 *Tunnelblick: openvpnstart log:
Loading tun.kext
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
--cd
/Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources
--daemon
--management
127.0.0.1
1337
--config
/Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources/config.ovpn
--log
/Library/Application Support/Tunnelblick/Logs/-SUsers-Sbodo-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sflexlab.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_1329.1337.openvpn.log
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/
client.up.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/
client.down.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw
--up-restart
2014-04-26 13:38:00 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Apr 8 2014
2014-04-26 13:38:00 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:00 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:00 LZO compression initialized
2014-04-26 13:38:00 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:00 UDPv4 link remote:
10.0.1.5:11942014-04-26 13:38:00 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/emailAddress=
pro...@synology.com2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error
2014-04-26 13:38:00 TLS Error: TLS handshake failed
2014-04-26 13:38:00 SIGUSR1[soft,tls-error] received, process restarting
2014-04-26 13:38:00 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:00 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:00 LZO compression initialized
2014-04-26 13:38:00 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:00 UDPv4 link remote:
10.0.1.5:11942014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/emailAddress=
pro...@synology.com2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error
2014-04-26 13:38:00 TLS Error: TLS handshake failed
2014-04-26 13:38:00 SIGUSR1[soft,tls-error] received, process restarting
2014-04-26 13:38:00 *Tunnelblick: Established communication with OpenVPN
2014-04-26 13:38:00 *Tunnelblick: Obtained VPN username and password from the Keychain
2014-04-26 13:38:00 *Tunnelblick: No 'reconnecting.sh' script to execute
2014-04-26 13:38:00 *Tunnelblick: openvpnstart starting OpenVPN:
* /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sbodo-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sflexlab.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_1329.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/
client.up.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/
client.down.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw --up-restart
2014-04-26 13:38:01 *Tunnelblick: No 'reconnecting.sh' script to execute
2014-04-26 13:38:01 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:01 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:01 LZO compression initialized
2014-04-26 13:38:01 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:01 UDPv4 link remote:
10.0.1.5:11942014-04-26 13:38:01 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_ACK_V1)
2014-04-26 13:38:03 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:03 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:03 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_ACK_V1)
2014-04-26 13:38:04 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:04 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:06 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:06 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:07 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:07 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:07 TLS Error: Unroutable control packet received from
10.0.1.5:1194 (si=3 op=P_ACK_V1)
2014-04-26 13:38:09 *Tunnelblick: Disconnecting; 'disconnect' button pressed
2014-04-26 13:38:09 *Tunnelblick: Disconnecting using 'killall'
2014-04-26 13:38:09 event_wait : Interrupted system call (code=4)
2014-04-26 13:38:09 SIGTERM[hard,] received, process exiting
2014-04-26 13:38:09 *Tunnelblick: No 'post-disconnect.sh' script to execute
================================================================================
Console Log:
2014-04-26 11:44:50 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 11:44:50 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 11:57:28 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 11:57:28 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 11:58:20 Tunnelblick[196] OK to go to sleep
2014-04-26 12:06:12 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:06:12 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 12:14:08 Tunnelblick[196] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:14:08 Tunnelblick[196] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:14:29 Tunnelblick[196] setShutdownVariables: invoked, but have already set them
2014-04-26 12:14:29 Tunnelblick[196] applicationShouldTerminate: termination because of restart; delayed until 'shutdownTunnelblick' finishes
2014-04-26 12:14:29 Tunnelblick[196] Finished shutting down Tunnelblick; allowing termination
2014-04-26 12:16:32 Tunnelblick[193] Set program update feedURL to
https://www.tunnelblick.net/appcast-s.rss2014-04-26 12:16:33 Tunnelblick[193] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:16:33 Tunnelblick[193] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:17:15 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:17:15 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 12:17:53 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:17:53 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 12:21:13 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:21:13 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 13:24:47 Tunnelblick[193] OK to go to sleep
2014-04-26 13:27:33 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 13:27:33 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 13:28:05 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 13:28:05 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 13:38:00 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 13:38:00 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'