Page 1 of 1
Error: peer certificate verification failure
Posted: Sun Dec 18, 2022 1:02 pm
by Llmt
I am having a problem when i try to use VPN through open vpn app. (iPhone and iPad)
It says “connection failed. There was an error attempting to connect to the selected server. Error message: peer certificate verification failure.”
Could you indicate me how to solve this problem?
Until yesterday, it has worked without any problem.
Thanks in advance.
Re: Error: peer certificate verification failure
Posted: Sun Dec 18, 2022 4:26 pm
by sisa22
Same problem here. New ios updated trickers the errors?
Re: Error: peer certificate verification failure
Posted: Sun Dec 18, 2022 7:38 pm
by Llmt
I don’t think so cuz I did the update after finding this problem.
And the update did not change anything.
Now the app doesn’t show the error message, but I still can’t use any VPN.
Re: Error: peer certificate verification failure
Posted: Mon Dec 19, 2022 3:06 am
by cedar
It seems that the VPN Gate service certificate has been renewed.
This issue may be a result of that.
Re: Error: peer certificate verification failure
Posted: Mon Dec 19, 2022 12:40 pm
by Llmt
Now I can use VPN without any problem
Re: Error: peer certificate verification failure
Posted: Tue Dec 20, 2022 5:44 am
by lamoz
I do experiences same problem.
Is there solution yet?
Android: not working
iOS: not working
PC: works just fine
Lest is Most recent attempt to connect vpngate
—————
Log
[Dec 20, 2022, 11:02:14] START CONNECTION
[Dec 20, 2022, 11:02:14] ----- OpenVPN Start -----
OpenVPN core 3.git::081bfebe ios arm64 64-bit
[Dec 20, 2022, 11:02:14] OpenVPN core 3.git::081bfebe ios arm64 64-bit
[Dec 20, 2022, 11:02:14] Frame=512/2048/512 mssfix-ctrl=1250
[Dec 20, 2022, 11:02:14] UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
10 [verb] [3]
[Dec 20, 2022, 11:02:14] EVENT: RESOLVE
[Dec 20, 2022, 11:02:14] Contacting 218.221.110.198:1748 via TCPv4
[Dec 20, 2022, 11:02:14] EVENT: WAIT
[Dec 20, 2022, 11:02:14] Connecting to [218.221.110.198]:1748 (218.221.110.198) via TCPv4
[Dec 20, 2022, 11:02:14] EVENT: CONNECTING
[Dec 20, 2022, 11:02:14] Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
[Dec 20, 2022, 11:02:14] Creds: UsernameEmpty/PasswordEmpty
[Dec 20, 2022, 11:02:14] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC
IV_IPv6=1
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.3.2-5086
IV_SSO=webauth,openurl,crtext
[Dec 20, 2022, 11:02:14] VERIFY FAIL: depth=1, /C=US/O=Let's Encrypt/CN=R3, signature: RSA-SHA256 [unable to get local issuer certificate]
[Dec 20, 2022, 11:02:14] Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
[Dec 20, 2022, 11:02:14] EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [ERR]
[Dec 20, 2022, 11:02:14] EVENT: DISCONNECTED
[Dec 20, 2022, 11:02:14] EVENT: CORE_THREAD_DONE
[Dec 20, 2022, 11:02:14] EVENT: DISCONNECT_PENDING
[Dec 20, 2022, 11:02:14] Raw stats on disconnect:
BYTES_IN : 3351
BYTES_OUT : 345
PACKETS_IN : 3
PACKETS_OUT : 3
SSL_ERROR : 1
CERT_VERIFY_FAIL : 1
[Dec 20, 2022, 11:02:14] Performance stats on disconnect:
CPU usage (microseconds): 27981
Network bytes per CPU second: 132089
Tunnel bytes per CPU second: 0
Re: Error: peer certificate verification failure
Posted: Tue Dec 20, 2022 5:26 pm
by sisa22
Llmt wrote: ↑Mon Dec 19, 2022 12:40 pm
Now I can use VPN without any problem
but how you solve this ty in advance
Re: Error: peer certificate verification failure
Posted: Tue Dec 20, 2022 5:33 pm
by sisa22
Oh, mine works now too ...
Re: Error: peer certificate verification failure
Posted: Sat Mar 18, 2023 8:12 am
by mso
Are you experiencing the same problem again?
How can you prevent it from happening again?
Re: Error: peer certificate verification failure
Posted: Sat Mar 18, 2023 9:43 am
by Takagiri
I got "certificate verification failure" message today.
Please help.
Re: Error: peer certificate verification failure
Posted: Sat Mar 18, 2023 12:00 pm
by WuttiGate2006
Now we can't connect to VPN either. Failed server certificate status I am a user from Thailand. If it works then let me know
Re: Error: peer certificate verification failure
Posted: Sat Mar 18, 2023 12:34 pm
by ishan_D
I am facing similar issue but in my case it's server certificate. Following is the error log:
Code: Select all
stdout: 2023-03-18 12:12:41 OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-03-18 12:12:41 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
open_vpn_utl stdout: 2023-03-18 12:12:41 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
open_vpn_utl stdout: 2023-03-18 12:12:41 TCP/UDP: Preserving recently used remote address: [AF_INET]163.182.174.159:8080
open_vpn_utl stdout: 2023-03-18 12:12:41 Socket Buffers: R=[180224->180224] S=[180224->180224]
open_vpn_utl stdout: 2023-03-18 12:12:41 UDP link local: (not bound)
open_vpn_utl stdout: 2023-03-18 12:12:41 UDP link remote: [AF_INET]163.182.174.159:8080
open_vpn_utl stdout: 2023-03-18 12:12:41 TLS: Initial packet from [AF_INET]163.182.174.159:8080, sid=656ce834 4337ac03
open_vpn_utl stdout: 2023-03-18 12:12:42 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
open_vpn_utl stdout: 2023-03-18 12:12:42 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
open_vpn_utl stdout: 2023-03-18 12:12:42 VERIFY ERROR: depth=0, error=certificate has expired: CN=opengw.net, serial=270090734479764202226505740823661288419396
open_vpn_utl stdout: 2023-03-18 12:12:42 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
open_vpn_utl stdout: 2023-03-18 12:12:42 TLS_ERROR: BIO read tls_read_plaintext error
open_vpn_utl stdout: 2023-03-18 12:12:42 TLS Error: TLS object -> incoming plaintext read error
2023-03-18 12:12:42 TLS Error: TLS handshake failed
open_vpn_utl stdout: 2023-03-18 12:12:42 SIGUSR1[soft,tls-error] received, process restarting
open_vpn_utl stdout: 2023-03-18 12:12:42 Restart pause, 5 second(s)
open_vpn_utl stdout: 2023-03-18 12:12:47 All connections have been connect-retry-max (1) times unsuccessful, exiting
Anyone aware how to fix or report this to get the servers fixed?
Re: Error: peer certificate verification failure
Posted: Sat Mar 18, 2023 3:36 pm
by groundzero
Only the person that manages the server certificate can fix this. As a user, your only option is to temporarily disable certificate verification until this issue is fixed (or forever if nobody cares anymore). OpenVPN client doesn't allow you to disable certificate verification, so just use another client. One such client is
SoftEther VPN Client. Just be aware that It's utter crap compared to OpenVPN client, and its only advantages are this (disabling certificate verification) and the ability to select a virtual hub.
Re: Error: peer certificate verification failure
Posted: Sat Mar 18, 2023 4:04 pm
by iddqd
i have the same problem now
Re: Error: peer certificate verification failure
Posted: Sun Mar 19, 2023 4:05 pm
by mso
groundzero wrote: ↑Sat Mar 18, 2023 3:36 pm
Only the person that manages the server certificate can fix this. As a user, your only option is to temporarily disable certificate verification until this issue is fixed (or forever if nobody cares anymore). OpenVPN client doesn't allow you to disable certificate verification, so just use another client. One such client is
SoftEther VPN Client. Just be aware that It's utter crap compared to OpenVPN client, and its only advantages are this (disabling certificate verification) and the ability to select a virtual hub.
I see, unfortunately, there is very little that can be done on the part of the user. I hope I won't have the same problem again in 3 months.
While I couldn't connect, I was wondering if I could use the `tls-cipher "DEFAULT:@SECLEVEL=0"` setting that I found on a search engine, but it is easier to use SoftEther than that. I'll keep that in mind.
Re: Error: peer certificate verification failure
Posted: Sun Mar 19, 2023 7:21 pm
by groundzero
Well, they renewed the certificate so everything should be working fine now. The certificate expires on June 15 2023.
As for --tls-cipher, that wouldn't help because it's just a list of TLS ciphers to use. As I said, only the person who manages the server certificate is able to fix things like this.