Forums

Resolved
0 votes
I use the ibVPN on ClearOS release 7.8.1 and set-up an IP-address of a headless system to use the VPN. Because the system is headless it took me sometime to notice it is no longer communicating to the outside world.

After looking into that I found that ibVPN on ClearOs stopped working and always reports the following error:

Jul 27 14:41:51 mail ibvpn[11289]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 27 14:41:51 mail ibvpn[11289]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Jul 27 14:41:51 mail ibvpn[11289]: TCP/UDP: Preserving recently used remote address: [AF_INET]81.30.152.54:80
Jul 27 14:41:51 mail ibvpn[11289]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Jul 27 14:41:51 mail ibvpn[11289]: UDP link local (bound): [AF_INET]192.168.1.5:1190
Jul 27 14:41:51 mail ibvpn[11289]: UDP link remote: [AF_INET]81.30.152.54:80
Jul 27 14:41:51 mail ibvpn[11289]: TLS: Initial packet from [AF_INET]81.30.152.54:80, sid=e671936e ead3a7e9
Jul 27 14:41:51 mail ibvpn[11289]: VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=RO, ST=MS, L=TirguMures, O=Amplusnet, OU=ibVPN, CN=Amplusnet CA, name=EasyRSA, emailAddress=admin@ibvpn.com
Jul 27 14:41:51 mail ibvpn[11289]: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Jul 27 14:41:51 mail ibvpn[11289]: TLS_ERROR: BIO read tls_read_plaintext error
Jul 27 14:41:51 mail ibvpn[11289]: TLS Error: TLS object -> incoming plaintext read error
Jul 27 14:41:51 mail ibvpn[11289]: TLS Error: TLS handshake failed
Jul 27 14:41:51 mail ibvpn[11289]: SIGUSR1[soft,tls-error] received, process restarting
Jul 27 14:41:51 mail ibvpn[11289]: Restart pause, 10 second(s)


I am not sure if is a ClearOS change or a ibVPN change that caused this but found that this started June 9th and I can't match that to anything in yum history..
In ibVPN
Monday, July 27 2020, 12:52 PM
Share this post:
Responses (2)
  • Accepted Answer

    Monday, July 27 2020, 01:53 PM - #Permalink
    Resolved
    0 votes
    Thank you for your quick reply Nick. I did indeed understand it was a certificate error but had no idea which one and more importantly, where to get a new one :-)
    The reply is currently minimized Show
  • Accepted Answer

    Monday, July 27 2020, 01:43 PM - #Permalink
    Resolved
    0 votes
    If you look at the message, there is a certificate problem. It, in fact, expired on Monday 20th. This is a Contributor's app and I have tried contacting the dev, but I believe he is on holiday. In the meanwhile you can back up /etc/clearos/ibvpn.d/ibvpn.com.crt, the replace the certificate with:
    -----BEGIN CERTIFICATE-----
    MIIExDCCA6ygAwIBAgIJAOK5j4WoRJ9rMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD
    VQQGEwJSTzELMAkGA1UECBMCTVMxEzARBgNVBAcTClRpcmd1TXVyZXMxEjAQBgNV
    BAoTCUFtcGx1c25ldDEOMAwGA1UECxMFaWJWUE4xFTATBgNVBAMTDEFtcGx1c25l
    dCBDQTEQMA4GA1UEKRMHRWFzeVJTQTEeMBwGCSqGSIb3DQEJARYPYWRtaW5AaWJ2
    cG4uY29tMB4XDTE3MDEyNzA5MzkzMloXDTM3MDEyMjA5MzkzMlowgZwxCzAJBgNV
    BAYTAlJPMQswCQYDVQQIEwJNUzETMBEGA1UEBxMKVGlyZ3VNdXJlczESMBAGA1UE
    ChMJQW1wbHVzbmV0MQ4wDAYDVQQLEwVpYlZQTjEVMBMGA1UEAxMMQW1wbHVzbmV0
    IENBMRAwDgYDVQQpEwdFYXN5UlNBMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBpYnZw
    bi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+VcGhbC3ucctM
    3pPPPslKVeMF9vCtx3yYReC34dFmg+38aj9fr/rQoQfLwAP67V77xHzlysz0tHlH
    huaAJ0pzgaOo/s/R5ecvvc7w/8Pxc81CiVKh5WNWqbanMvpTt+SIFi5OuoYAlfEa
    Js2K0DJ5fFSmOYxSEb5JRrxmR5i7ZUbtWFbVDNJ6ppxE/SCIyL/PLxadEEawQPV1
    OS/ZU8AM93+7I8G/cbttyFCpsFGM1sTU6WVJctbJkpabs5HzYiPxY+UMjnYq7g9z
    CfEi3uM4h356abLKybyvo3D1daDoM0GoTdrVf6acN8//UB1yO0x2fuY2szuhV14n
    X0tA9MexAgMBAAGjggEFMIIBATAdBgNVHQ4EFgQUZolsRPiX5gLUaXRviFVe8Dr+
    mPwwgdEGA1UdIwSByTCBxoAUZolsRPiX5gLUaXRviFVe8Dr+mPyhgaKkgZ8wgZwx
    CzAJBgNVBAYTAlJPMQswCQYDVQQIEwJNUzETMBEGA1UEBxMKVGlyZ3VNdXJlczES
    MBAGA1UEChMJQW1wbHVzbmV0MQ4wDAYDVQQLEwVpYlZQTjEVMBMGA1UEAxMMQW1w
    bHVzbmV0IENBMRAwDgYDVQQpEwdFYXN5UlNBMR4wHAYJKoZIhvcNAQkBFg9hZG1p
    bkBpYnZwbi5jb22CCQDiuY+FqESfazAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB
    CwUAA4IBAQAFqpJWtCOeNoK7sX+YvjxbqEonEZ8J6phtLsCUlopH65lu0fyPY62z
    t8FV9YPyJpQ1SBkW6OWRwDrP2rdhYg1MFzSZ0KtHUHP/Mw2YD6eA8kXP6Bn4qJAm
    r3ATzewN6zc6ykuezOmP+xtN2pIxlCKhP/R895O9lx5vPj3bOkmihV6j1YL53bjt
    qDmxOCDWQfb+GrKJZvMi883ZH+EXKT1wXkJoxZsk0i3YPxXYjxZav3R10Bimq/eI
    dGhJorVfaddtAsqOvtlWH+eXX/QQHn71AwdmYoJXXQBFXlNphlUzeS8oQJLjoqbN
    ols881AMLD8k5X+BrM5Jogtz+Fs+vW4F
    -----END CERTIFICATE-----
    Then restart ibVPN and it should start working again (if the forum does not munge the certificate).
    The reply is currently minimized Show
Your Reply