User Tools

Site Tools


Sidebar

Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/6/6c9e8618b2c19fbf682346613c95251d.metadata failed
Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/b/b94b6a665c58cc929457e4b81b260c2e.metadata failed
Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/b/b94b6a665c58cc929457e4b81b260c2e.xhtml failed

img_6759_face.jpg .

Info

Links

links:openvpn_notes
Writing /var/www/html/john.de-graaff.net/webroot/wiki/data/cache/6/6c9e8618b2c19fbf682346613c95251d.xhtml failed

OpenVPN Notes

Time-difference between Client/Server

OpenVPN is relying on a proper time consistency between Client and Server. This can result in problems on 2 levels:

  • TLS/SSL certificates validity/expiration is based on time
  • the encrypted packets have a time-tag to conquer replay-attacks and out-of-sequence delivery

Symptom: OpenVPN refused connecting due to time-difference server-client

with default replay-protection

Client-side

TLS Error: Unroutable control packet received from 80.69.65.224:10494 (si=3 op=P_CONTROL_V1)

Server-side

TLS: new session incoming connection from 80.100.97.87:54702
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

with disabled replay-protection (no-replay)

Client-side

VERIFY ERROR: depth=1, error=certificate is not yet valid: /C=CO/ST=Province/L=City/O=Organisation/CN=ca.auxmgt.ncbv/emailAddress=email@domain.com
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

Server-side

Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 / time = (1199146245) Tue Jan  1 01:10:45 2008 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
/var/www/html/john.de-graaff.net/webroot/wiki/data/pages/links/openvpn_notes.txt · Last modified: 2019/03/06 07:33 (external edit)