Solved VPN fails on Win10 PC and Android devices

4,289
1,469
NAS
DS4l8play, DS202j, DS3623xs+, DSM 8.025847-𝘣𝘦𝘵𝘢
Not sure what has happened, as I have no access access via my Win10 or Android users. Today nothing works... just something about expired cert... Here's a partial log that I see...

FWIW, I use LE Cert... still good.

Thu Feb 27 17:40:35 2020 VERIFY ERROR: depth=0, error=certificate has expired: CN=xxxxxxxx.synology.me Thu Feb 27 17:40:35 2020 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Thu Feb 27 17:40:35 2020 TLS_ERROR: BIO read tls_read_plaintext error Thu Feb 27 17:40:35 2020 TLS Error: TLS object -> incoming plaintext read error Thu Feb 27 17:40:35 2020 TLS Error: TLS handshake failed Thu Feb 27 17:40:35 2020 SIGUSR1[soft,tls-error] received, process restarting Thu Feb 27 17:40:40 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Any ideas? This was working 2 weeks ago. Many thanks.
 
Has the certificate expired and renewal failed? Could be that revocation lists are actually being consulted. Does OpenVPN server cache the certificate and it hasn't loaded the new one?

In the OpenVPN config file is there a parameter that can be set to accept expired certificates, just as a test. One reason I keep SSL-VPN and OpenVPN gateways running is in case one fails. Also, I have a limited (users) access for L2TP as well.

All pure guesses but is where I'd start looking and Googling/DuckDuckGo-ing.
 
Has the certificate expired and renewal failed? Could be that revocation lists are actually being consulted. Does OpenVPN server cache the certificate and it hasn't loaded the new one?
My LE cert doesn't expire until early-May. So this is all puzzling. My last VPN session was on Feb 18.

Your comments about caching got me thinking... so I changed the VPN server default cert to synology.com, and then back to the LE cert. That had no immediate affect. Next, I restarted the NAS (grumble, grumble...) and upon restart VPN access was restored.

So maybe there's now a Synology bug that doesn't update the cert. IDK.

But you got me thinking and for now this is resolved. Thank you. 🍪🍪🍪
 
Hey guys,

I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me. I'm getting these errors:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.


Any ideas?
 
Hey guys,

I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me. I'm getting these errors:
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.


Any ideas?

You did export the vpn file from your vpn server each time after you have changed your certificate?
 
I've tried the default synology certificate, my own self signed certificate and a let's encrypt certificate. None of which is working for me.
You did export the vpn file from your vpn server each time after you have changed your certificate?
Relatedly, did you check the cert configured for your VPN server through all these changes...
oFKtoKe.png
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi Fredbert, I followed your "lazy" tip and it works fine. Thanks :)
Replies
8
Views
940
Anyone have VPN split tunneling and have functionality as described below, using an android VPN app...
Replies
0
Views
744

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top