Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Solved VPN fails on Win10 PC and Android devices

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

Telos

Subscriber
4,402
1,499
NAS
DS4l8play, DS202j, DS3623xs+, DSM 8.025847-𝘣𝘦𝘵𝘢
Not sure what has happened, as I have no access access via my Win10 or Android users. Today nothing works... just something about expired cert... Here's a partial log that I see...

FWIW, I use LE Cert... still good.

Thu Feb 27 17:40:35 2020 VERIFY ERROR: depth=0, error=certificate has expired: CN=xxxxxxxx.synology.me Thu Feb 27 17:40:35 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Thu Feb 27 17:40:35 2020 TLS_ERROR: BIO read tls_read_plaintext error Thu Feb 27 17:40:35 2020 TLS Error: TLS object -> incoming plaintext read error Thu Feb 27 17:40:35 2020 TLS Error: TLS handshake failed Thu Feb 27 17:40:35 2020 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 27 17:40:40 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Any ideas? This was working 2 weeks ago. Many thanks.
 
Has the certificate expired and renewal failed? Could be that revocation lists are actually being consulted. Does OpenVPN server cache the certificate and it hasn't loaded the new one?

In the OpenVPN config file is there a parameter that can be set to accept expired certificates, just as a test. One reason I keep SSL-VPN and OpenVPN gateways running is in case one fails. Also, I have a limited (users) access for L2TP as well.

All pure guesses but is where I'd start looking and Googling/DuckDuckGo-ing.
 
Has the certificate expired and renewal failed? Could be that revocation lists are actually being consulted. Does OpenVPN server cache the certificate and it hasn't loaded the new one?
My LE cert doesn't expire until early-May. So this is all puzzling. My last VPN session was on Feb 18.

Your comments about caching got me thinking... so I changed the VPN server default cert to synology.com, and then back to the LE cert. That had no immediate affect. Next, I restarted the NAS (grumble, grumble...) and upon restart VPN access was restored.

So maybe there's now a Synology bug that doesn't update the cert. IDK.

But you got me thinking and for now this is resolved. Thank you. 🍪🍪🍪
 
Certainly sounds like a bug. But one of those difficult to repeat such that it gets fixed anytime soon.

instead of rebooting the whole NAS you could try disabling OpenVPN and then re-enabling it. Or restarting the daemon from CLI.
 
Hey guys,

I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me. I'm getting these errors:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.


Any ideas?
 
Hey guys,

I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me. I'm getting these errors:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.


Any ideas?

You did export the vpn file from your vpn server each time after you have changed your certificate?
 
I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me.
You did export the vpn file from your vpn server each time after you have changed your certificate?
Relatedly, did you check the cert configured for your VPN server through all these changes...
oFKtoKe.png
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

  • Question Question
Has anyone else been experiencing mobile app connection issues since the 7806 updates. The vpn connects...
Replies
0
Views
396
Hi Fredbert, I followed your "lazy" tip and it works fine. Thanks :)
Replies
8
Views
1,038
Anyone have VPN split tunneling and have functionality as described below, using an android VPN app...
Replies
0
Views
822

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top