Can't Connect To IVPN: TLS Error Incoming Plaintext Read Error?



  • Hello,

    I'm trying to properly set up an OpenVPN PFSense VM on VirtualBox so that I can chain it to another VM. The VM's connection coming from LAN, and I'm trying connect IVPN. I get an error in Status/OpenVPN which says: Client UDP status: reconnecting; tls-error.

    I've followed these two links to the letter, as well as trying a bunch of stuff in order to make it work. Nothing seems to work.

    https://www.ivpn.net/setup/router-pfsense.html
    https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6

    The second one is more relevant as it ties in with my VirtualBox setup. I'm using a Linux distro to access PFSense's WebGUI. Here's the system logs from the OpenVPN tab:

    Jul 27 06:53:17 openvpn 15284 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Jul 27 06:53:17 openvpn 15284 TCP/UDP: Preserving recently used remote address: [AF_INET]136.0.0.194:2049
    Jul 27 06:53:17 openvpn 15284 UDPv4 link local (bound): [AF_INET]10.0.2.15
    Jul 27 06:53:17 openvpn 15284 UDPv4 link remote: [AF_INET]136.0.0.194:2049
    Jul 27 06:53:17 openvpn 15284 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Jul 27 06:53:17 openvpn 15284 TLS_ERROR: BIO read tls_read_plaintext error
    Jul 27 06:53:17 openvpn 15284 TLS Error: TLS object -> incoming plaintext read error
    Jul 27 06:53:17 openvpn 15284 TLS Error: TLS handshake failed
    Jul 27 06:53:17 openvpn 15284 SIGUSR1[soft,tls-error] received, process restarting

    Note that I used to be able to set up this exact scenario a week ago, with no TLS problem. I've seen it may be a certificate problem, however, I've checked that they are all copy-pasted with no error.

    Would anyone know how to fix this up? Would be greatly appreciated! I will try to provide as much info as needed.

    Thanks

    EDIT:
    IVPN uses TLS authentication. Here's how I've configured VPN/OpenVPN/Clients/Protocol: UDP:
    Server host or address: My VPN server's IP
    Port: 2049
    Checked: Enable infinite resolve
    User Authentication Settings:
    I enter my IVPN username and password
    Checked: Enable authentication of TLS packets.
    Key starting by –---BEGIN OpenVPN Static key V1----- copy pasted in TLS Key
    Client Certificate: None (Username and password required)
    Encryption Algorithm: AES-256-CBC (256bit)
    Advanced configuration/Custom Options: persist-tun;persist-key;persist-remote-ip;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA;ns-cert-type server;verify-x509-name de name-prefix

    However, I noticed I have no rule under Firewall/Rules/WAN. Do I need to have one?


Log in to reply