Error unroutable control packet received

error unroutable control packet received

Thu Mar 26 06:37:42 2020 TLS Error: Unroutable control packet received from [AF_INET]XXX.XXX.XXX.XXX:1194 (si=3 op=P_ACK_V1). Thu Jul 23 16:31:46 2020 SIGUSR1[soft,tls-error] received, Thu Jul 23 17:38:59 2020 TLS Error: Unroutable control packet received from. Tue Jan 15 20:15:44 2019 us=227453 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1). error unroutable control packet received

Similar video

SIP - SIP and NAT

TLS Error while connecting, Ubuntu 18.04 LTS #170

I am using the latest version of protonvpn-cli, and have openresolv installed. I get the same "unable to manage ipv6" error while connecting, as in the previously resolved issue, error unroutable control packet received. I have confirmed that it is NOT an authentication issue, and NOT a version issue (I am using the latest 1.1.2). It is a TLS handshake error, mostly because I'm using my university's ethernet.

My partial log file is as follows -

Tue Jan 15 20:15:42 2019 us=925822 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Tue Jan 15 20:15:42 2019 us=925834 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Tue Jan 15 20:15:42 2019 us=926573 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jan 15 20:15:42 2019 us=927151 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jan 15 20:15:42 2019 us=927185 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jan 15 20:15:42 2019 us=927279 Control Channel MTU parms [ L:1654 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Tue Jan 15 20:15:42 2019 us=972976 Data Channel MTU parms [ L:1654 D:1450 EF:122 EB:411 ET:32 EL:3 ]
Tue Jan 15 20:15:42 2019 us=973095 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jan 15 20:15:42 2019 us=973139 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1634,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jan 15 20:15:42 2019 us=973949 TCP/UDP: Preserving recently used remote address: [AF_INET]185.161.200.10:443
Tue Jan 15 20:15:42 2019 us=974005 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jan 15 20:15:42 2019 us=974027 UDP link local: (not bound)
Tue Jan 15 20:15:42 2019 us=974047 UDP link remote: [AF_INET]185.161.200.10:443
Tue Jan 15 20:15:42 2019 us=974063 NOTE: UID/GID downgrade will be delayed because of --client, --pull, error unroutable control packet received, or --up-delay
Tue Jan 15 20:15:44 2019 us=227453 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1)
Tue Jan 15 20:15:48 2019 us=796384 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1)
Tue Jan 15 20:15:57 2019 us=9265 TLS Error: Unroutable control packet received from [AF_INET]185.161.200.10:443 (si=3 op=P_ACK_V1)
Tue Jan 15 20:16:03 2019 us=921110 event_wait : Interrupted system call (code=4)
Tue Jan 15 20:16:03 2019 us=921272 TCP/UDP: Closing socket
Tue Jan 15 20:16:03 2019 us=921311 SIGTERM[hard,] received, process exiting

Please suggest a solution.

how to customize OpenVPN .conf?

(1/2) >>>

BillyEndian:
is it possible to customize the OpenVPN .conf?
I am trying to make a Net-to-Net OpenVPN connection.

the other side is not an Endian Firewall.


How do I customize error unroutable control packet received OpenVPN configuration beyond the bounds of the Endian GUI.

santo:
Hi, error unroutable control packet received, I have a similar request.

I want to switch from DD-WRT to Endian, error unroutable control packet received issues with the openvpn client are preventing me from doing so.

More specifically, when I try to setup my openvpn client connection on my endian firewall towards our company's openvpn server (old SUSE system, not Endian),
I receive the following errors on the client side:

Code:

[.]
Aug 7 22:24:44 MyVpnConnection[19207] OpenVPN 2.1_rc7 i586-endian-linux [SSL] [LZO2] [EPOLL] built on Nov 13 2008
Aug 7 22:24:44 MyVpnConnection[19207] WARNING: file '/var/efw/openvpnclients/MyVpnConnection/certs.p12' is group or others accessible
Aug 7 22:24:44 MyVpnConnection[19207] LZO compression initialized
Aug 7 22:24:44 MyVpnConnection[19207] UDPv4 link local: [undef]
Aug 7 22:24:44 MyVpnConnection[19207] UDPv4 link remote: <openvpn-server-ip>:1194
Aug 7 22:24:44 MyVpnConnection[19207] TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 7 22:24:44 error unroutable control packet received TLS Error: TLS object -> incoming plaintext read error
Aug 7 22:24:44 MyVpnConnection[19207] TLS Error: TLS handshake failed
Aug 7 22:24:44 MyVpnConnection[19207] SIGUSR1[soft,tls-error] received, process restarting
Aug 7 22:24:46 MyVpnConnection[19207] WARNING: file '/var/efw/openvpnclients/MyVpnConnection/certs.p12' is group or others accessible
Aug 7 22:24:46 MyVpnConnection[19207] LZO compression initialized
Aug 7 22:24:46 MyVpnConnection[19207] UDPv4 link local: [undef]
Aug 7 22:24:46 MyVpnConnection[19207] UDPv4 link remote: <openvpn-server-ip>:1194
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:46 MyVpnConnection[19207] TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: TLS object -> incoming plaintext read error
Aug 7 22:24:46 MyVpnConnection[19207] TLS Error: TLS handshake failed
Aug 7 22:24:46 MyVpnConnection[19207] SIGUSR1[soft,tls-error] received, process restarting
Aug 7 22:24:48 MyVpnConnection[19207] WARNING: file '/var/efw/openvpnclients/MyVpnConnection/certs.p12' is group or others accessible
Aug 7 22:24:48 MyVpnConnection[19207] LZO compression initialized
Aug 7 22:24:48 MyVpnConnection[19207] UDPv4 link local: [undef]
Aug 7 22:24:48 MyVpnConnection[19207] UDPv4 link remote: <openvpn-server-ip>:1194
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug hardcore gabber speedcore terrorcore 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:48 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:51 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_ACK_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 error unroutable control packet received TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:53 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 error unroutable control packet received op=P_ACK_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_CONTROL_V1)
Aug 7 22:24:55 MyVpnConnection[19207] TLS Error: Unroutable control packet received from <openvpn-server-ip>:1194 (si=3 op=P_ACK_V1)
Aug 7 22:24:55 MyVpnConnection[19207] event_wait : Interrupted system call (code=4)
Aug 7 22:24:55 MyVpnConnection[19207] OpenVPN STATISTICS
Aug 7 22:24:55 MyVpnConnection[19207] Updated,Fri Aug 7 22:24:55 2009
Aug 7 22:24:55 MyVpnConnection[19207] TUN/TAP read bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] TUN/TAP write bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] TCP/UDP read bytes,3726
Aug 7 22:24:55 MyVpnConnection[19207] TCP/UDP write bytes,56
Aug 7 22:24:55 MyVpnConnection[19207] Auth read bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] pre-compress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] post-compress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] pre-decompress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] post-decompress bytes,0
Aug 7 22:24:55 MyVpnConnection[19207] END
Aug 7 22:24:55 MyVpnConnection[19207] event_wait : Interrupted system call (code=4)
Aug 7 22:24:55 MyVpnConnection[19207] SIGTERM[hard,] received, process exiting

(Message too large, starting second post.)

santo:
(Continuing from previous post.)

And this is the log on the server side:

Code:

Aug  7 23:59:14 OpenVPNServer openvpn[26021]: MULTI: multi_create_instance called
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Re-using Error unroutable control packet received context
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 LZO compression initialized
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:19 ET:0 EL:0 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Local Options hash (VER=V4): '530fdded'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 Expected Remote Options hash (VER=V4): '41690919'
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [14] from <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 TLS: Initial packet from <openvpn-client-ip>:32778, sid=ee595157 b74fc774
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [26] to <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 0 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [114] from <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [126] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 1 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ error unroutable control packet received ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: error unroutable control packet received UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 3 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 4 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 5 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 6 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: error unroutable control packet received UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 7 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 8 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 9 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 Error unroutable control packet received [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 10 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 11 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 12 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 13 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 14 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 15 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 16 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 17 ]
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Aug  7 23:59:14 OpenVPNServer openvpn[26021]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Aug  7 23:59:14 OpenVPNServer last message repeated 2 times
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [14] from <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 TLS: new session incoming connection from <openvpn-client-ip>:32778
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [26] to <openvpn-client-ip>:32778: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 0 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [114] from <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [126] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 1 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 2 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 3 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 4 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 5 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 6 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 7 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 8 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 9 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 error unroutable control packet received 10 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 error unroutable control packet received 11 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 12 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 c4430 error c++ ] pid=16 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 13 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 14 ]
Aug  7 23:59:16 Error unroutable control packet received openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 15 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 16 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to <openvpn-client-ip>:32778: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 READ [22] from <openvpn-client-ip>:32778: P_ACK_V1 kid=0 [ 17 ]
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: <openvpn-client-ip>:32778 UDPv4 WRITE [114] to error unroutable control packet received P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Aug  7 23:59:16 OpenVPNServer openvpn[26021]: read UDPv4 [ECONNREFUSED]: Connection refused (code=111)


First of all I am using 3 separate certificates on my DD-WRT system, namely the CA cert, error unroutable control packet received, client cert and client key.
Endian doesn't seem to support this, so I created a p12 certificate that contains all 3 files with the following command:

Code:

openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -out myopenvpncert.p12

When comparing the client configs on DD-WRT and Endian, error unroutable control packet received, I see some differences which might be important, error unroutable control packet received, but I have no clue how I can override some of those settings
because the openvpn conf file is being overwritten by endian.
The most important difference that I notice is that the openvpn client conf on endian uses "dev tap" while the openvpn server is configured to use "dev tun"
(the client config on DD-WRT also uses "dev tun")

Can someone put me in the right direction please ?

santo:
After a lot of trial and error I found the culprit to be the following line in openvpnclient.conf.tmpl:

Code:

ns-cert-type server


after commenting that line, the vpn connection *seems* to work as expected.
I said *seems* because the status in the web interface is set to "closed" and I noticed the following errors in the openvpn client log:

Code:

Aug 13 09:40:59 local usage: openvpnbridge.py [init

TLS Error: Unroutable control packet received

Justin Case's profile photo

Justin Case

unread,
Apr 26, 2014, 3:46:34 PM4/26/14

Reply to author

Sign in to reply to author

Forward

Sign in to forward

Delete

You do not have permission to error unroutable control packet received messages in this group

Link

Report message as abuse

Sign in to report message as abuse

Show original message

Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message

to [email protected]

Dear all,

I am not sure if this is a certificate verification problem. I updated the server package on my Synology DSM. After that I couldn't log in to OpenVPN any more, error unroutable control packet received. I restored my certificates like after each server update. I am lost this time.

Thanks for your help!




*Tunnelblick: OS X 10.8.5; Tunnelblick 3.3.2 (build 3518.3792); prior version 3.3.0 (build 3518); Standard user

"Sanitized" configuration file for /Users/bodo/Library/Application Support/Tunnelblick/Configurations/flexlab.tblk:

dev tun
tls-client

remote flexlab.no-ip.org 1194

# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)

#float

# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)

#redirect-gateway

# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.

#dhcp-option Error occured raid 1 DNS_IP_ADDRESS

pull

proto udp
script-security 2

ca ca.crt

comp-lzo

reneg-sec 3600

auth-user-pass



================================================================================

Tunnelblick Log:

2014-04-26 13:37:59 *Tunnelblick: OS X 10.8.5; Tunnelblick 3.3.2 (build 3518.3792); prior version 3.3.0 (build 3518)
2014-04-26 13:38:00 *Tunnelblick: Attempting connection with flexlab using shadow copy; Set nameserver = 1; monitoring 50 fuser error hp laserjet 3050 13:38:00 *Tunnelblick: openvpnstart start flexlab.tblk 1337 1 0 1 0 1329 -ptADGNWradsgnw 2.2.1
2014-04-26 13:38:00 *Tunnelblick: openvpnstart log:
     Loading tun.kext

     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
          --cd
          /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources
          --daemon
          --management
          127.0.0.1
          1337
          --config
          /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources/config.ovpn
          --log
          /Library/Application Support/Tunnelblick/Logs/-SUsers-Sbodo-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sflexlab.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_1329.1337.openvpn.log
          --management-query-passwords
          --management-hold
          --script-security
          2
          --up
          /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw
          --down
          /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw
          --up-restart

2014-04-26 13:38:00 OpenVPN 2.2.1 i386-apple-darwin10.8.0 [SSL] [LZO2] [PKCS11] [eurephia] built on Apr  8 2014
2014-04-26 13:38:00 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:00 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:00 LZO compression initialized
2014-04-26 13:38:00 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:00 UDPv4 link remote: 10.0.1.5:1194
2014-04-26 13:38:00 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/[email protected]
2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error
2014-04-26 13:38:00 TLS Error: TLS handshake failed
2014-04-26 13:38:00 SIGUSR1[soft,tls-error] received, process restarting
2014-04-26 13:38:00 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:00 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:00 LZO compression initialized
2014-04-26 13:38:00 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:00 UDPv4 link remote: 10.0.1.5:1194
2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/[email protected]
2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error
2014-04-26 13:38:00 TLS Error: TLS handshake failed
2014-04-26 13:38:00 SIGUSR1[soft,tls-error] received, process restarting
2014-04-26 13:38:00 *Tunnelblick: Established communication with OpenVPN
2014-04-26 13:38:00 *Tunnelblick: Obtained VPN username and password from the Keychain
2014-04-26 13:38:00 *Tunnelblick: No 'reconnecting.sh' script to execute
2014-04-26 13:38:00 *Tunnelblick: openvpnstart starting OpenVPN:
                    *                    /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sbodo-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sflexlab.tblk-SContents-SResources-Sconfig.ovpn.1_0_1_0_1329.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -r -ptADGNWradsgnw --up-restart
2014-04-26 13:38:01 *Tunnelblick: No 'reconnecting.sh' script to execute
2014-04-26 13:38:01 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:01 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:01 LZO compression initialized
2014-04-26 13:38:01 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:01 UDPv4 link remote: 10.0.1.5:1194
2014-04-26 13:38:01 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_ACK_V1)
2014-04-26 13:38:03 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:03 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:03 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_ACK_V1)
2014-04-26 13:38:04 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:04 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received error unroutable control packet received 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:05 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:06 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:06 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:07 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:07 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_CONTROL_V1)
2014-04-26 13:38:07 TLS Error: Unroutable control packet received from 10.0.1.5:1194 (si=3 op=P_ACK_V1)
2014-04-26 13:38:09 *Tunnelblick: Disconnecting; 'disconnect' button pressed
2014-04-26 13:38:09 *Tunnelblick: Disconnecting using 'killall'
2014-04-26 13:38:09 event_wait : Interrupted system call (code=4)
2014-04-26 13:38:09 SIGTERM[hard,] received, process exiting
2014-04-26 13:38:09 *Tunnelblick: No 'post-disconnect.sh' script to execute

================================================================================

Console Log:

2014-04-26 11:44:50 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 11:44:50 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 11:57:28 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 11:57:28 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 11:58:20 Tunnelblick[196] OK to go to sleep
2014-04-26 12:06:12 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:06:12 Tunnelblick[196] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 12:14:08 Tunnelblick[196] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:14:08 Tunnelblick[196] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:14:29 Tunnelblick[196] setShutdownVariables: invoked, error unroutable control packet received, but have already set them
2014-04-26 12:14:29 Tunnelblick[196] applicationShouldTerminate: termination because of restart; delayed until 'shutdownTunnelblick' finishes
2014-04-26 12:14:29 Tunnelblick[196] Finished shutting down Tunnelblick; allowing termination
2014-04-26 12:16:32 Tunnelblick[193] Set program update feedURL to https://www.tunnelblick.net/appcast-s.rss
2014-04-26 12:16:33 Tunnelblick[193] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:16:33 Tunnelblick[193] DEBUG: Updater: systemVersion 10.8.5 satisfies minimumSystemVersion 10.4.0
2014-04-26 12:17:15 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:17:15 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 12:17:53 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:17:53 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 12:21:13 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 12:21:13 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 13:24:47 Tunnelblick[193] OK to go to sleep
2014-04-26 13:27:33 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 13:27:33 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 13:28:05 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 13:28:05 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'
2014-04-26 13:38:00 Tunnelblick[193] Keychain item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'username'
2014-04-26 13:38:00 Tunnelblick[193] Maxsite wordpress plugin fatal error item retrieved successfully for service = 'Tunnelblick-Auth-flexlab' account = 'password'

jkbull.gmail.com's profile photo

jkbull.gmail.com

unread,
Apr 26, 2014, 4:15:13 PM4/26/14

Reply to author

Sign in to reply to author

Forward

Sign in to forward

Delete

You do not have permission to delete messages in this group

Link

Report message as abuse

Sign in to report message as abuse

Show original message

Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message

to [email protected]

When you say you "I restored my certificates like after each server update", do you mean you did that on your server? Or that you updated the certificates on your client (the computer running Tunnelblick)? Either way, error unroutable control packet received, you should double-check that you did that properly.

On the client, the best way to replace certificates is to modify your .tblk and then reinstall it. If you manually replace the certificates instead, you need to replace the certificates in

/Users/bodo/Library/Application Support/Tunnelblick/Configurations/flexlab.tblk/Contents/Resources/,

not in

/Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources/

-- if you change the wrong certificates, they will be overwritten the next time you 
Beyond that, I think you'll have to ask some OpenVPN experts about this:
I did notice the earlier error in the log that I'm puzzled by:

2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/[email protected]

2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error

2014-04-26 13:38:00 TLS Error: TLS handshake failed


I interpret this as saying that the info coming from the server did not verify properly.

My understanding is that the "self signed certificate" complaint is misleading, error unroutable control packet received. It is not that there is a self-signed certificate in the chain, it is that the verify failed and there just happens to be a self-signed certificate in the chain (which is sometimes the cause of a verification error, but is probably not the cause in this case). It is not that the verification failed because a self-signed certificate is in the chain.

2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/[email protected]


2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error
2014-04-26 13:38:00 TLS Error: TLS handshake failed
2014-04-26 13:38:00 SIGUSR1[soft,tls-error] received, process restarting
2014-04-26 13:38:00 IMPORTANT: OpenVPN's default port number is now 1194, error unroutable control packet received, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
2014-04-26 13:38:00 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2014-04-26 13:38:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-04-26 13:38:00 LZO compression initialized
2014-04-26 13:38:00 UDPv4 link local (bound): [undef]:1194
2014-04-26 13:38:00 UDPv4 link remote: 10.0.1.5:1194

2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/[email protected]

Justin Case's profile photo

Justin Case

unread,
Apr 26, 2014, 4:20:32 PM4/26/14

Reply to author

Sign in to reply to author

Forward

Sign in to forward

Delete

You do not have permission to delete messages in this group

Link

Report message as abuse

Sign in to report message as abuse

Show original message

Either 1 timeout error occured addresses are anonymous for this group or you need the view member email addresses permission to view the original message

to [email protected]


Hmpf, so no help so far. I am really puzzled. So the Unroutable packets are just a symptom, not a problem?


On 26.04.2014, at 14:15, error unroutable control packet received, "jkbull.gmail.com" <[email protected]> wrote:

> When you say you "I restored my certificates like after each server update", do you mean you did that on your server? Or that you updated the certificates on your client (the computer running Tunnelblick)? Either way, you should double-check that you did that properly.

On the server and I re-did it 3 times to make triple-sure.


> On the client, the best way to replace certificates is to modify your .tblk and then reinstall it. If you smtp error code 554 replace the certificates instead, you need to replace the certificates in
> /Users/bodo/Library/Application Support/Tunnelblick/Configurations/flexlab.tblk/Contents/Resources/,
> not in
> /Library/Application Support/Tunnelblick/Users/bodo/flexlab.tblk/Contents/Resources/
> -- if you change the wrong certificates, they will be overwritten the next time you

I didn't change anything on the client. I just updated the server on my NAS and re-installed client- and server certificates.


> I did notice the earlier error in the log that I'm puzzled by:
>

> 2014-04-26 13:38:00 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=TW/ST=Taiwan/L=Taipei/O=Synology_Inc./OU=Certificate_Authority/CN=Synology_Inc._CA/[email protected]

> 2014-04-26 13:38:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> 2014-04-26 13:38:00 TLS Error: TLS object -> incoming plaintext read error
> 2014-04-26 13:38:00 TLS Error: TLS handshake failed
>
> I interpret this as saying that the info coming from the server did not verify properly.
>
> My understanding is that the "self signed certificate" complaint is misleading. It is not that there is a self-signed certificate in the chain, error unroutable control packet received, it is that the verify failed and there just happens to be a self-signed certificate in the chain (which is sometimes the cause of a verification error, but is probably not the cause in this case). It is not that the verification failed because a self-signed certificate is in the chain.

OK that is the vert that comes with the NAS management software of Synology, error unroutable control packet received.


jkbull.gmail.com's profile photo

jkbull.gmail.com

unread,
Apr 26, 2014, 5:55:43 PM4/26/14

Reply to author

Sign in to reply to author

Forward

Sign in to forward

Delete

You do not have permission to delete messages in this group

Link

Report message as abuse

Sign in to report message as abuse

Show original message

Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message

to [email protected]

On Saturday, Error unroutable control packet received 26, error unroutable control packet received, 2014 8:20:32 AM UTC-4, Justin Case wrote:

Hmpf, so no help so far.

Sorry :-(

I am really puzzled. So the Unroutable packets are just a symptom, not a problem?

I think so. Maybe there is a problem in OpenVPN when it retries after the certificate verification fails. But that's just a guess.

One other idea -- you could try OpenVPN 2.3.2 and/or 2.3.3 instead of 2.2.1. Or you could try them in Tunnelblick 3.4beta24.

OK that is the vert that comes with the NAS management software of Synology.

If Synology updated their server, maybe they updated the client certificates you need to use to communicate with the server?

Other than that, this sure sounds like a Synology problem: you changed the server and now can't communicate with it.

Justin Case's profile photo

Justin Case

unread,
Apr 26, 2014, 5:59:37 PM4/26/14

Reply to author

Sign in to reply to author

Forward

Sign in to forward

Delete

You do not have permission to delete messages in this group

Link

Report message as abuse

Sign in to report message as abuse

Show original message

Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message

to [email protected]

restart]
Aug 13 09:40:59 local
Aug 13 09:40:59 local openvpnbridge.py: error: Invalid ip or netmask '10.1.10.10 10.1.10.9'
Aug 13 09:40:59  local  run-parts: /etc/openvpn/ifup.client.d//00bridge exited with return code 2


Any ideas what error unroutable control packet received means and why the status is showed as "closed" in the web interface ?

Note:
Just in case someone else is looking for a way to customize the openvpn client config:
Code:

- /etc/openvpn/openvpnclient.conf.tmpl
- /var/efw/openvpnclients/<your-client-connection-name>/settings

Those files are used to generate the openvpnclient_<your-client-connection-name>.conf file (which is used to setup the connection).

UPDATE:
When I change something in the vpn client settings through the GUI, the device is set to TAP2 in the settings file.
This is very irritating, as the device can't be configured through the GUI and I definitely need it to be TUN
So when Error unroutable control packet received change a setting in the GUI, the vpn doesn't work anymore as the dev is changed to TAP.

Something else I noticed is that the status in the GUI is set to closed when I use dev=tun (but then the vpn connection works for me (apart from the openvpnbridge.py errors in the log)
When the device is set to tap2 (dev=tap2, the default of endian it seems) the status becomes established in the Error unroutable control packet received but then the vpn connection doesn't work for me !!

santo:
Apparently the vpn connection is only working for the Endian server itself.
In other words, the clients in the LAN (i.e. behind Endian) can't access anything at all on the error unroutable control packet received network.

I think it must be something on the Endian box itself, as I don't get any logmessages on the remote openvpn server.

Navigation

[0] Message Index

[#] Next page

Help Center

The OpenVPN protocol requires the client and server to have synchronized time. If the time on your local PC is incorrect you may see the error TLS Error: Unroutable control packet received from in your logs.

Windows

  1. Go to > > > .
  2. Toggle to .

macOS

  1. Open the .
  2. Click the Date & Time icon and ensure that is selected.

Linux

You need to install and configure an NTP client. Refer to the documentation for your distribution for further instructions.

DD-WRT

Please refer to the section Correct Time on this page http://www.dd-wrt.com/wiki/index.php/OpenVPN

To set the time manually, connect via telnet or ssh and run the following command at the prompt:

If you set the Bios c1 error and Time manually, you will have to do that every time your router is rebooted.

Instead, it is recommended to enable and connect your device to the NTP server to allow system Date and Time automatically sync with the current time. For help, see https://wiki.dd-wrt.com/wiki/index.php/Network_Time_Protocol

pfSense

pfSense will attempt to keep the router device’s time synchronized with the ntp.org Network Time Protocol (NTP) server pool automatically. Check > for details. If time is out of sync, there may be a DNS issue preventing the NTP hostname lookup, error unroutable control packet received. The pfSense system log will show details via > > .

OpenWRT

OpenWrt’s NTP client is enabled by default and will attempt to keep the router device’s system clock synchronized automatically. Configuration details and further information can be found here https://openwrt.org/docs/guide-user/advanced/ntp_configuration



Related Articles

Still have questions?

Get in touch and we'll get back to you in a few hours.

Contact support

Interested in privacy?

Read our latest privacy news and keep up-to-date on IVPN services.

Visit IVPN Blog

[Openvpn-users] TLS Error: Unroutable control packet received

From this thread: https://forums.openvpn.net/viewtopic.php?f=6&t=23526&p=68435#p68421 In the previous posts on that thread the OP had certificate errors (ssl3_get_server_certificate:certificate verify failed) but the OP appears to have managed to rectify that error . This is openvpn on pfSense server to Fedora 25 client ovpn 2.3.14 My question is, what does this mean: "TLS Error: Unroutable control packet received" Is it a network problem or is this something to do with security ? Googling around suggest it is to do with security not networking. I don't want a solution just info about the error. Thanks ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
View previous topic :: View next topic  AuthorMessageplut0
Apprentice
Apprentice


Joined: 21 Dec 2004
Posts: 272

PostPosted: Thu Jul 27, 2006 12:13 am    Post subject: openvpn won't connect [solved]Reply with quote

I just installed openvpn 2.0.6 on gentoo and trying to connect via windows xp 2.0.7. I am not getting error unroutable control packet received far in the connection, i keep getting the messages "Unroutable control packet received from." I did a lot of research but the answers didn't help. One of which says the cert generated is bad, but I verified both the client and server certs. The other answer was date/time is off but that isn't the case either. What am I doing wrong here?

client config:
Code:
client
dev error unroutable control packet received
proto udp
remote [server] 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3



server config:
Code:
port 1194
proto udp
dev tun
ca keys/ca.crt
cert keys/vpn.crt
key keys/vpn.key
dh keys/dh1024.pem
server 10.8.0.1 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.0.0 255.255.0.0"
push "route 10.8.0.0 255.255.255.0"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4



client log:
Code:
Wed Jul 26 19:46:44 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Wed Jul 26 19:46:44 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port, error unroutable control packet received.
Wed Jul 26 19:46:44 2006 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 26 19:46:44 2006 LZO compression initialized
Wed Jul 26 19:46:44 2006 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jul 26 19:46:44 2006 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 Error unroutable control packet received AF:3/1 ]
Wed Jul 26 19:46:44 2006 Local Options hash (VER=V4): '41690919'
Wed Jul 26 19:46:44 2006 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jul 26 19:46:44 2006 UDPv4 link local: [undef]
Wed Jul 26 19:46:44 2006 UDPv4 link remote: [server]:1194
Wed Jul 26 19:46:51 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:01 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:11 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:22 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:32 2006 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:42 2006 TLS Error: Unroutable control packet cara reset printer canon mp198 error e8 from [server]:1194 (si=3 op=P_ACK_V1)
Wed Jul 26 19:47:44 2006 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Jul 26 19:47:44 2006 TLS Error: TLS handshake failed
Wed Jul 26 19:47:44 2006 TCP/UDP: Closing socket
Wed Jul 26 19:47:44 2006 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 26 19:47:44 2006 Restart pause, 2 second(s)



server log:
Code:
Wed Jul 26 19:45:39 2006 OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jul 26 2006
Wed Jul 26 19:45:39 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jul 26 19:45:39 disc error occurred ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
Wed Jul 26 19:45:39 2006 TUN/TAP device tun0 opened
Wed Jul 26 19:45:39 2006 UDPv4 link local (bound): [undef]:1194
Wed Jul 26 19:45:39 2006 UDPv4 link remote: [undef]
Wed Jul 26 19:46:02 2006 Peer Connection Initiated with [client]:1306
Wed Jul 26 19:46:02 2006 Initialization Sequence Completed


Last edited by plut0 on Thu Jul 27, 2006 3:39 pm; edited 1 time in total
Back to top
View user's profileSend private message
magic919
Advocate
Advocate


Joined: 17 Jun 2005
Posts: 2182
Location: Berkshire, UK
PostPosted: Thu Jul 27, 2006 9:32 error unroutable control packet received  Post subject: Reply with quote

You need to read the log. And then follow the link it suggests, error unroutable control packet received.

http://openvpn.net/howto.html#mitm

You've almost cracked it.
Back to top
View user's profileSend private message
plut0
Apprentice
Apprentice


Joined: 21 Dec 2004
Posts: 272

PostPosted: Thu Jul 27, 2006 2:24 pm    Post subject: Reply with quote

Thanks for the info, that got rid of the warning but not the problem unfortunately. This is what I did.

I added this to the client config:
Code:
ns-cert-type server
tls-client
tls-auth ta.key 1
cipher BF-CBC


And this to the server config:
Code:
tls-server
tls-auth keys/ta.key 0
cipher BF-CBC


And now on the client logs the warning message is gone:
Code:
Thu Jul 27 10:11:34 2006 us=221245 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Thu Jul 27 10:11:34 2006 us=221282 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 27 10:11:34 2006 us=242889 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication


But on the server I still get this (not sure if this matters or not):
Code:
Thu Jul 27 10:21:01 2006 us=11862 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext


And on the client I still see these messages:
Code:
Thu Jul 27 10:22:27 2006 us=745792 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Thu Jul 27 10:22:37 2006 us=345341 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Thu Jul 27 10:22:48 2006 us=296248 TLS Error: Unroutable control packet received from [server]:1194 (si=3 op=P_ACK_V1)
Back to top
View user's profileSend private message
plut0
Apprentice
Apprentice


Joined: 21 Dec 2004
Posts: 272

PostPosted: Thu Jul 27, 2006 3:39 pm    Post subject: Reply with quote

Well this is silly but openvpn wasn't using the right config file is why I was having problems, error unroutable control packet received. :oops:
Back to top
View user's profileSend private message

2 Comments

  1. Unfortunately, I can help nothing, but it is assured, that you will find the correct decision. Do not despair.

Leave a Comment