openvpn-client icon indicating copy to clipboard operation
openvpn-client copied to clipboard

Published 20 hours ago verified publisher icon dperson

Format error in certificate's notBefore field

Open fmoledina opened this issue 4 years ago • 3 comments

I've been using this Docker image with AirVPN for the past year without any issues using the generated .ovpn files from their site. With the latest images published yesterday, I now get the following errors when trying to start the container:

docker-compose logs -t --tail 50 ovpn:

ovpn             | 2021-01-15T15:40:30.174556483Z Setup forwarded port: 15000 tcp
ovpn             | 2021-01-15T15:40:30.259004324Z Dump terminated
ovpn             | 2021-01-15T15:40:30.277144094Z + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.conf --script-security 2 --redirect-gateway def1 --route-up '\''/bin/sh -c " iptables -A OUTPUT -d 127.0.0.11 -j ACCEPT"'\'' --route-pre-down '\''/bin/sh -c " iptables -D OUTPUT -d 127.0.0.11 -j ACCEPT"'\''                 '
ovpn             | 2021-01-15T15:40:30.325482687Z 2071-04-24 20:26:40 OpenVPN 2.5.0 armv6-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
ovpn             | 2021-01-15T15:40:30.325587770Z 2071-04-24 20:26:16 library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
ovpn             | 2021-01-15T15:40:30.325718811Z 2071-04-24 20:23:36 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
ovpn             | 2021-01-15T15:40:30.333609223Z 2071-04-24 20:01:44 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
ovpn             | 2021-01-15T15:40:30.333772347Z 2071-04-24 20:01:44 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
ovpn             | 2021-01-15T15:40:30.333831139Z 2071-04-24 20:01:44 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
ovpn             | 2021-01-15T15:40:30.333877722Z 2071-04-24 20:01:44 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
ovpn             | 2021-01-15T15:40:30.333932346Z 2071-04-24 20:20:08 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.132.93:443
ovpn             | 2021-01-15T15:40:30.333983138Z 2071-04-24 20:19:20 Socket Buffers: R=[180224->360448] S=[180224->360448]
ovpn             | 2021-01-15T15:40:30.334031471Z 2071-04-24 20:21:28 UDP link local: (not bound)
ovpn             | 2021-01-15T15:40:30.334076762Z 2071-04-24 20:21:28 UDP link remote: [AF_INET]37.120.132.93:443
ovpn             | 2021-01-15T15:40:30.411898309Z 2071-04-24 20:21:44 TLS: Initial packet from [AF_INET]37.120.132.93:443, sid=5d52b4f0 d8e44911
ovpn             | 2021-01-15T15:40:30.503774274Z 2071-04-24 20:06:16 VERIFY ERROR: depth=1, error=format error in certificate's notBefore field: C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected], serial=10148936457887096835
ovpn             | 2021-01-15T15:40:30.503925940Z 2071-04-24 20:19:04 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
ovpn             | 2021-01-15T15:40:30.503982565Z 2071-04-24 20:19:28 TLS_ERROR: BIO read tls_read_plaintext error
ovpn             | 2021-01-15T15:40:30.504058773Z 2071-04-24 20:20:00 TLS Error: TLS object -> incoming plaintext read error
ovpn             | 2021-01-15T15:40:30.504103564Z 2071-04-24 20:20:00 TLS Error: TLS handshake failed
ovpn             | 2021-01-15T15:40:30.504950226Z 2071-04-24 20:26:08 SIGUSR1[soft,tls-error] received, process restarting
ovpn             | 2021-01-15T15:40:30.505030809Z 2071-04-24 20:23:36 Restart pause, 5 second(s)

Not sure why the timestamps are in the year 2071.

docker-compose.yml snippet:

version: '3.7'
services:
  ovpn:
    image: dperson/openvpn-client
    restart: unless-stopped
    ports:
      - 8000:8000
    dns:
      - 1.1.1.2
      - 1.0.0.2
    cap_add:
      - NET_ADMIN
    devices:
      - '/dev/net/tun:/dev/net/tun:rwm'
    environment:
      FIREWALL: ''
      PUID: 1000
      PGID: 1000
      ROUTE: '192.168.0.0/16'
      VPNPORT: 15000
    networks:
      - prodnet
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
    read_only: true
    tmpfs:
      - /run
      - /tmp
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    volumes:
      - type: bind
        source: ./AirVPN_US-LosAngeles_Teegarden_UDP-443-Entry3.ovpn
        target: /vpn/vpn.conf

I've tried creating a new config at AirVPN specifying OpenVPN >= 2.5 but I get the same error. A snippet of this new config is below:

# --------------------------------------------------------
# Air VPN | https://airvpn.org | Friday 15th of January 2021 03:27:44 PM
# OpenVPN Client Configuration
# AirVPN_US-LosAngeles_Teegarden_UDP-443-Entry3
# --------------------------------------------------------

client
dev tun
remote 37.120.132.93 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
verb 3
explicit-exit-notify 5
rcvbuf 262144
sndbuf 262144
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
comp-lzo no
data-ciphers AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC
proto udp
auth SHA512

Let me know what other information I can provide. Thanks!

fmoledina avatar Jan 15 '21 15:01 fmoledina