Synology Let's authenticate authentication failure
Posted: Tue Aug 13, 2019 4:09 am
I am inexperienced with server certificates, so please be gentle.
I set up an OpenVPN server on my Synology NAS and set up Viscosity Mac according to your guide. I double-checked all settings and everything looks OK.
Connections to the VPN Server fail immediately. The problem seems to be with verifying my Let's Authenticate server certificate. The certificate is valid, as indicated in the Synology Security control panel. I attached a screen shot of that.
I tried Viscosity configurations with both the IP address and the domain name on the certificate <russcusimano.com>
The referenced <http://openvpn.net/howto.html#mitm> is incomprehensible to me.
Can you point me in the right direction to get this running.
Thanks in advance.
Here is the synology log:
2019-08-12 10:34:46: Viscosity Mac 1.7.16 (1491)
2019-08-12 10:34:46: Viscosity OpenVPN Engine Started
2019-08-12 10:34:46: Running on macOS 10.14.5
2019-08-12 10:34:46: ---------
2019-08-12 10:34:46: State changed to Connecting
2019-08-12 10:34:46: Checking reachability status of connection...
2019-08-12 10:34:46: Connection is reachable. Starting connection attempt.
2019-08-12 10:34:46: OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 29 2019
2019-08-12 10:34:46: library versions: OpenSSL 1.0.2s 28 May 2019, LZO 2.10
2019-08-12 10:34:58: Valid endpoint found: 35.132.171.123udp
2019-08-12 10:34:59: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2019-08-12 10:34:59: TCP/UDP: Preserving recently used remote address: [AF_INET]35.132.171.123:1194
2019-08-12 10:34:59: UDP link local: (not bound)
2019-08-12 10:34:59: UDP link remote: [AF_INET]35.132.171.123:1194
2019-08-12 10:34:59: State changed to Authenticating
2019-08-12 10:34:59: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-08-12 10:34:59: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
2019-08-12 10:34:59: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2019-08-12 10:34:59: TLS_ERROR: BIO read tls_read_plaintext error
2019-08-12 10:34:59: TLS Error: TLS object -> incoming plaintext read error
2019-08-12 10:34:59: TLS Error: TLS handshake failed
2019-08-12 10:34:59: SIGTERM[soft,tls-error] received, process exiting
2019-08-12 10:34:59: State changed to Disconnected
2019-08-12 10:35:00: Viscosity Mac 1.7.16 (1491)
2019-08-12 10:35:00: Viscosity OpenVPN Engine Started
2019-08-12 10:35:00: Running on macOS 10.14.5
2019-08-12 10:35:00: ---------
I set up an OpenVPN server on my Synology NAS and set up Viscosity Mac according to your guide. I double-checked all settings and everything looks OK.
Connections to the VPN Server fail immediately. The problem seems to be with verifying my Let's Authenticate server certificate. The certificate is valid, as indicated in the Synology Security control panel. I attached a screen shot of that.
I tried Viscosity configurations with both the IP address and the domain name on the certificate <russcusimano.com>
The referenced <http://openvpn.net/howto.html#mitm> is incomprehensible to me.
Can you point me in the right direction to get this running.
Thanks in advance.
Here is the synology log:
2019-08-12 10:34:46: Viscosity Mac 1.7.16 (1491)
2019-08-12 10:34:46: Viscosity OpenVPN Engine Started
2019-08-12 10:34:46: Running on macOS 10.14.5
2019-08-12 10:34:46: ---------
2019-08-12 10:34:46: State changed to Connecting
2019-08-12 10:34:46: Checking reachability status of connection...
2019-08-12 10:34:46: Connection is reachable. Starting connection attempt.
2019-08-12 10:34:46: OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 29 2019
2019-08-12 10:34:46: library versions: OpenSSL 1.0.2s 28 May 2019, LZO 2.10
2019-08-12 10:34:58: Valid endpoint found: 35.132.171.123udp
2019-08-12 10:34:59: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2019-08-12 10:34:59: TCP/UDP: Preserving recently used remote address: [AF_INET]35.132.171.123:1194
2019-08-12 10:34:59: UDP link local: (not bound)
2019-08-12 10:34:59: UDP link remote: [AF_INET]35.132.171.123:1194
2019-08-12 10:34:59: State changed to Authenticating
2019-08-12 10:34:59: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-08-12 10:34:59: VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
2019-08-12 10:34:59: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2019-08-12 10:34:59: TLS_ERROR: BIO read tls_read_plaintext error
2019-08-12 10:34:59: TLS Error: TLS object -> incoming plaintext read error
2019-08-12 10:34:59: TLS Error: TLS handshake failed
2019-08-12 10:34:59: SIGTERM[soft,tls-error] received, process exiting
2019-08-12 10:34:59: State changed to Disconnected
2019-08-12 10:35:00: Viscosity Mac 1.7.16 (1491)
2019-08-12 10:35:00: Viscosity OpenVPN Engine Started
2019-08-12 10:35:00: Running on macOS 10.14.5
2019-08-12 10:35:00: ---------