Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't Connect To IVPN: TLS Error Incoming Plaintext Read Error?

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      openvpn_question
      last edited by

      Hello,

      I'm trying to properly set up an OpenVPN PFSense VM on VirtualBox so that I can chain it to another VM. The VM's connection coming from LAN, and I'm trying connect IVPN. I get an error in Status/OpenVPN which says: Client UDP status: reconnecting; tls-error.

      I've followed these two links to the letter, as well as trying a bunch of stuff in order to make it work. Nothing seems to work.

      https://www.ivpn.net/setup/router-pfsense.html
      https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6

      The second one is more relevant as it ties in with my VirtualBox setup. I'm using a Linux distro to access PFSense's WebGUI. Here's the system logs from the OpenVPN tab:

      Jul 27 06:53:17 openvpn 15284 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jul 27 06:53:17 openvpn 15284 TCP/UDP: Preserving recently used remote address: [AF_INET]136.0.0.194:2049
      Jul 27 06:53:17 openvpn 15284 UDPv4 link local (bound): [AF_INET]10.0.2.15
      Jul 27 06:53:17 openvpn 15284 UDPv4 link remote: [AF_INET]136.0.0.194:2049
      Jul 27 06:53:17 openvpn 15284 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
      Jul 27 06:53:17 openvpn 15284 TLS_ERROR: BIO read tls_read_plaintext error
      Jul 27 06:53:17 openvpn 15284 TLS Error: TLS object -> incoming plaintext read error
      Jul 27 06:53:17 openvpn 15284 TLS Error: TLS handshake failed
      Jul 27 06:53:17 openvpn 15284 SIGUSR1[soft,tls-error] received, process restarting

      Note that I used to be able to set up this exact scenario a week ago, with no TLS problem. I've seen it may be a certificate problem, however, I've checked that they are all copy-pasted with no error.

      Would anyone know how to fix this up? Would be greatly appreciated! I will try to provide as much info as needed.

      Thanks

      EDIT:
      IVPN uses TLS authentication. Here's how I've configured VPN/OpenVPN/Clients/Protocol: UDP:
      Server host or address: My VPN server's IP
      Port: 2049
      Checked: Enable infinite resolve
      User Authentication Settings:
      I enter my IVPN username and password
      Checked: Enable authentication of TLS packets.
      Key starting by –---BEGIN OpenVPN Static key V1----- copy pasted in TLS Key
      Client Certificate: None (Username and password required)
      Encryption Algorithm: AES-256-CBC (256bit)
      Advanced configuration/Custom Options: persist-tun;persist-key;persist-remote-ip;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA;ns-cert-type server;verify-x509-name de name-prefix

      However, I noticed I have no rule under Firewall/Rules/WAN. Do I need to have one?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.