Solved VPN fails on Win10 PC and Android devices

Currently reading
Solved VPN fails on Win10 PC and Android devices

4,027
1,378
NAS
DS4l8play, DS202j, DS3623xs+, DSM 7.3.3-25847
Not sure what has happened, as I have no access access via my Win10 or Android users. Today nothing works... just something about expired cert... Here's a partial log that I see...

FWIW, I use LE Cert... still good.

Thu Feb 27 17:40:35 2020 VERIFY ERROR: depth=0, error=certificate has expired: CN=xxxxxxxx.synology.me Thu Feb 27 17:40:35 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Thu Feb 27 17:40:35 2020 TLS_ERROR: BIO read tls_read_plaintext error Thu Feb 27 17:40:35 2020 TLS Error: TLS object -> incoming plaintext read error Thu Feb 27 17:40:35 2020 TLS Error: TLS handshake failed Thu Feb 27 17:40:35 2020 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 27 17:40:40 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Any ideas? This was working 2 weeks ago. Many thanks.
 
Has the certificate expired and renewal failed? Could be that revocation lists are actually being consulted. Does OpenVPN server cache the certificate and it hasn't loaded the new one?

In the OpenVPN config file is there a parameter that can be set to accept expired certificates, just as a test. One reason I keep SSL-VPN and OpenVPN gateways running is in case one fails. Also, I have a limited (users) access for L2TP as well.

All pure guesses but is where I'd start looking and Googling/DuckDuckGo-ing.
 
Has the certificate expired and renewal failed? Could be that revocation lists are actually being consulted. Does OpenVPN server cache the certificate and it hasn't loaded the new one?
My LE cert doesn't expire until early-May. So this is all puzzling. My last VPN session was on Feb 18.

Your comments about caching got me thinking... so I changed the VPN server default cert to synology.com, and then back to the LE cert. That had no immediate affect. Next, I restarted the NAS (grumble, grumble...) and upon restart VPN access was restored.

So maybe there's now a Synology bug that doesn't update the cert. IDK.

But you got me thinking and for now this is resolved. Thank you. 🍪🍪🍪
 
Hey guys,

I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me. I'm getting these errors:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.


Any ideas?
 
Hey guys,

I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me. I'm getting these errors:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.


Any ideas?

You did export the vpn file from your vpn server each time after you have changed your certificate?
 
I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me.
You did export the vpn file from your vpn server each time after you have changed your certificate?
Relatedly, did you check the cert configured for your VPN server through all these changes...
oFKtoKe.png
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
So you have two sites with identical local IP subnets and even IP assignments? If trying to connect from...
Replies
2
Views
1,052
Did you try to directly connect using the NAS's LAN IP? And that also fails? How exactly are you...
Replies
3
Views
1,540
  • Question
Can't offer any solution, but can you try a different VPN type? OpenVPN? Is your router on the latest...
Replies
2
Views
1,443
That would be an option as well ofc. Still depends on the router and how much OP has control over it, but...
Replies
5
Views
1,760
No VPN client setup on the router is "one for all", not SSID specific.
Replies
1
Views
1,316
Update: ISP changed IP address and other issues on the router, problem solved.
Replies
6
Views
2,522

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top