you are missing something like ca certificate that is used to verify remote endpoint
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Dec 24 00:53:16 openvpn 10563 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, or turn option off.. 24.12.2017 2.59 "Antonio" <[email protected]> kirjoitti: > Hi, > > I've tried to set up a VPN tunnel using the this guide ( > https://www.expressvpn.com/support/vpn-setup/pfsense- > with-expressvpn-openvpn/#additional > ) which covers the setting up of the tunnel and relative firewall rules > for ExpressVPN. However, it seems like I was having trouble at the early > stages (where it says "Confirm connection success". Instead of seeing > "UP" under "status" when I go to STATUS > OPENVPN, I see "reconnecting; > tls-error". > > Inspection of the logs reveals several batches of the following: > > Dec 24 00:53:16 openvpn 10563 Restart pause, 2 second(s) > Dec 24 00:53:16 openvpn 10563 SIGUSR1[soft,tls-error] > received, > process restarting > Dec 24 00:53:16 openvpn 10563 TLS Error: TLS handshake > failed > Dec 24 00:53:16 openvpn 10563 TLS Error: TLS object -> > incoming > plaintext read error > Dec 24 00:53:16 openvpn 10563 TLS_ERROR: BIO read > tls_read_plaintext > error > Dec 24 00:53:16 openvpn 10563 OpenSSL: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > Dec 24 00:53:16 openvpn 10563 VERIFY ERROR: depth=0, > error=unable to > get local issuer certificate: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, > CN=Server-2720-0a, [email protected] > Dec 24 00:53:16 openvpn 10563 TLS: Initial packet from > [AF_INET]185.183.105.216:1195, sid=83a90840 8590b2bf > Dec 24 00:53:16 openvpn 10563 UDPv4 link remote: > [AF_INET]185.183.105.216:1195 > Dec 24 00:53:16 openvpn 10563 UDPv4 link local (bound): > [AF_INET]192.168.0.2 > Dec 24 00:53:16 openvpn 10563 Socket Buffers: > R=[42080->524288] > S=[57344->524288] > Dec 24 00:53:16 openvpn 10563 NOTE: the current > --script-security > setting may allow this configuration to call user-defined scripts > > I have the same setup with dd-WRT and its working fine. So it can't be a > problem with ExpressVPN. Any suggestions. THey have this web page ( > https://www.expressvpn.com/support/troubleshooting/log- > items/unable-to-connect-tls-handshake-failed/ > ) for > > TLS handshake problem but its generic and windows oriented so pretty > much useless. > > > Thanks for any suggestion or help you may be able to provide. > > > -- > > > Respect your privacy and that of others, don't give your data to big > corporations. > Use alternatives like Signal (https://whispersystems.org/) for your > messaging or > Diaspora* (https://joindiaspora.com/) for your social networking. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
