Hi, i´m a newbie, and i experience a reproducable issue, and kindly ask for some ideas
I´m running Tomato USB V1.28 by Shibby on an ASUS RT-AC3200
my usecase is like this:
- i download the server configurations from perfect privacy
- i clear NVRAM and install one openvpn config for one server f.i. Berlin and all works fine
- then i replace the openvpn config with another server, f.i. Amsterdam also updating the keys from the Amsterdam.ovpn. still everything works fine after restarting the client.
- but after rebooting the device, to working VPN but the below log.
- if i clear NVRAM again (which takes forever) and install openvpn again, all works fine again.
so it seems i´m unable to change the server without clearing NVRAM
what does "certificate is not yet valid" mean?
Jan 1 01:33:38 unknown user.notice root: vpnrouting: clean-up
Jan 1 01:33:42 unknown daemon.warn openvpn[3022]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 1 01:33:42 unknown daemon.warn openvpn[3022]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Re-using SSL/TLS context
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: LZO compression initializing
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Control Channel MTU parms [ L:1626 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TCP/UDP: Preserving recently used remote address: [AF_INET]80.255.7.98:1149
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Data Channel MTU parms [ L:1626 D:1300 EF:126 EB:407 ET:0 EL:3 ]
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TCP/UDP: Preserving recently used remote address: [AF_INET]80.255.7.98:1149
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TLS: Initial packet from [AF_INET]80.255.7.98:1149, sid=fe642a1f b974fec1
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: OpenSSL: error:14090086:lib(20):func(144):reason(134)
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: TLS_ERROR: BIO read tls_read_plaintext error
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: TLS Error: TLS object -> incoming plaintext read error
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: TLS Error: TLS handshake failed
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TCP/UDP: Closing socket
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: SIGUSR1[soft,tls-error] received, process restarting
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Restart pause, 5 second(s)
thank you!
I´m running Tomato USB V1.28 by Shibby on an ASUS RT-AC3200
my usecase is like this:
- i download the server configurations from perfect privacy
- i clear NVRAM and install one openvpn config for one server f.i. Berlin and all works fine
- then i replace the openvpn config with another server, f.i. Amsterdam also updating the keys from the Amsterdam.ovpn. still everything works fine after restarting the client.
- but after rebooting the device, to working VPN but the below log.
- if i clear NVRAM again (which takes forever) and install openvpn again, all works fine again.
so it seems i´m unable to change the server without clearing NVRAM
what does "certificate is not yet valid" mean?
Jan 1 01:33:38 unknown user.notice root: vpnrouting: clean-up
Jan 1 01:33:42 unknown daemon.warn openvpn[3022]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Jan 1 01:33:42 unknown daemon.warn openvpn[3022]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Re-using SSL/TLS context
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: LZO compression initializing
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Control Channel MTU parms [ L:1626 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TCP/UDP: Preserving recently used remote address: [AF_INET]80.255.7.98:1149
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Data Channel MTU parms [ L:1626 D:1300 EF:126 EB:407 ET:0 EL:3 ]
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ]
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client'
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-128-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-server'
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TCP/UDP: Preserving recently used remote address: [AF_INET]80.255.7.98:1149
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TLS: Initial packet from [AF_INET]80.255.7.98:1149, sid=fe642a1f b974fec1
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=CH, ST=Zug, L=Zug, O=Perfect Privacy, CN=Perfect Privacy, emailAddress=admin@perfect-privacy.com
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: OpenSSL: error:14090086:lib(20):func(144):reason(134)
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: TLS_ERROR: BIO read tls_read_plaintext error
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: TLS Error: TLS object -> incoming plaintext read error
Jan 1 01:33:42 unknown daemon.err openvpn[3022]: TLS Error: TLS handshake failed
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: TCP/UDP: Closing socket
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: SIGUSR1[soft,tls-error] received, process restarting
Jan 1 01:33:42 unknown daemon.notice openvpn[3022]: Restart pause, 5 second(s)
thank you!