Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    openvpn server 'ovpns9' user cert CN '' address '' - disconnected

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 793 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Summer
      last edited by

      On a SG-3100 after upgrade to 22.01 started to show this messages:

      Fatal TLS error (check_tls_errors_co), restarting
Peer tried unsupported key-method 1
 openvpn server 'ovpns9' user cert CN '' address '' - disconnected

      But how can I understand:

      • what is 'openvpn9' ?
      • who's the user that seems empty ?
      • what's the address that seems empty too?

      Thanks, BR

      bingo600B 1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600 @Summer
        last edited by bingo600

        @summer
        ovpns9 = "Server 9" ... The 9'th server you defined

        Are you using a TLS Key , smells a bit of an issue there ??

        b33dc30b-76a5-4401-9e61-051c32c94141-image.png

        Status --> Interfaces might give a hint of the s9 interface
        2d7a3bec-8cf5-4ae9-b7c3-ad481fccbb28-image.png

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 0
        • S
          Summer
          last edited by

          Thank you for the reply @bingo600, I've checked and the TLS flag is missing, I cannot set that because some clients need this disabled.

          Please see: https://forum.mikrotik.com/viewtopic.php?p=704530

          Anyway in the log I can see other rows like the one above but the user and address are filled out. This means someone is trying to use this connection?

          Thanks, BR

          bingo600B 1 Reply Last reply Reply Quote 0
          • bingo600B
            bingo600 @Summer
            last edited by

            @summer
            I would agree that something is hitting that ip/port (could be a simple portscan or worse)
            But if you have a secure setup , there is prob. no reason to worry.

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.