Can't Connect To IVPN: TLS Error Incoming Plaintext Read Error?
-
Hello,
I'm trying to properly set up an OpenVPN PFSense VM on VirtualBox so that I can chain it to another VM. The VM's connection coming from LAN, and I'm trying connect IVPN. I get an error in Status/OpenVPN which says: Client UDP status: reconnecting; tls-error.
I've followed these two links to the letter, as well as trying a bunch of stuff in order to make it work. Nothing seems to work.
https://www.ivpn.net/setup/router-pfsense.html
https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-6The second one is more relevant as it ties in with my VirtualBox setup. I'm using a Linux distro to access PFSense's WebGUI. Here's the system logs from the OpenVPN tab:
Jul 27 06:53:17 openvpn 15284 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jul 27 06:53:17 openvpn 15284 TCP/UDP: Preserving recently used remote address: [AF_INET]136.0.0.194:2049
Jul 27 06:53:17 openvpn 15284 UDPv4 link local (bound): [AF_INET]10.0.2.15
Jul 27 06:53:17 openvpn 15284 UDPv4 link remote: [AF_INET]136.0.0.194:2049
Jul 27 06:53:17 openvpn 15284 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Jul 27 06:53:17 openvpn 15284 TLS_ERROR: BIO read tls_read_plaintext error
Jul 27 06:53:17 openvpn 15284 TLS Error: TLS object -> incoming plaintext read error
Jul 27 06:53:17 openvpn 15284 TLS Error: TLS handshake failed
Jul 27 06:53:17 openvpn 15284 SIGUSR1[soft,tls-error] received, process restartingNote that I used to be able to set up this exact scenario a week ago, with no TLS problem. I've seen it may be a certificate problem, however, I've checked that they are all copy-pasted with no error.
Would anyone know how to fix this up? Would be greatly appreciated! I will try to provide as much info as needed.
Thanks
EDIT:
IVPN uses TLS authentication. Here's how I've configured VPN/OpenVPN/Clients/Protocol: UDP:
Server host or address: My VPN server's IP
Port: 2049
Checked: Enable infinite resolve
User Authentication Settings:
I enter my IVPN username and password
Checked: Enable authentication of TLS packets.
Key starting by –---BEGIN OpenVPN Static key V1----- copy pasted in TLS Key
Client Certificate: None (Username and password required)
Encryption Algorithm: AES-256-CBC (256bit)
Advanced configuration/Custom Options: persist-tun;persist-key;persist-remote-ip;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA;ns-cert-type server;verify-x509-name de name-prefixHowever, I noticed I have no rule under Firewall/Rules/WAN. Do I need to have one?