Hi, I'm trying to upgrade an old openvpn 2.4 based vpn to 2.7. The old systems do have openssl 1.x while the new systems on AlmaLinux 10 will have openssl 3.2.2.
Trying with a first updated client against the old server gives me the following error: Oct 16 09:48:13 gw-06 openvpn[55973]: TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194 Oct 16 09:48:13 gw-06 openvpn[55973]: Socket Buffers: R=[212992->212992] S=[212992->212992] Oct 16 09:48:13 gw-06 openvpn[55973]: UDPv4 link local: (not bound) Oct 16 09:48:13 gw-06 openvpn[55973]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194 Oct 16 09:48:13 gw-06 openvpn[55973]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=4c8a20e6 cdc15528 Oct 16 09:48:13 gw-06 openvpn[55973]: VERIFY OK: depth=1, C=CH, ST=BL, L=Arisdorf, O=Invoca-Systems, CN=Invoca-Systems CA, [email protected] Oct 16 09:48:13 gw-06 openvpn[55973]: VERIFY ERROR: depth=0, error=certificate signature failure: C=CH, ST=BL, L=Arisdorf, O=Invoca-Systems, CN=server, [email protected], serial=1 Oct 16 09:48:13 gw-06 openvpn[55973]: Sent fatal SSL alert: decrypt error Oct 16 09:48:13 gw-06 openvpn[55973]: OpenSSL: error:0A000086:SSL routines::certificate verify failed: Oct 16 09:48:13 gw-06 openvpn[55973]: TLS_ERROR: BIO read tls_read_plaintext error Oct 16 09:48:13 gw-06 openvpn[55973]: TLS Error: TLS object -> incoming plaintext read error Oct 16 09:48:13 gw-06 openvpn[55973]: TLS Error: TLS handshake failed Oct 16 09:48:13 gw-06 openvpn[55973]: SIGUSR1[soft,tls-error] received, process restarting Oct 16 09:48:13 gw-06 openvpn[55973]: Restart pause, 128 second(s) I also tried with an openvpn 2.4 build and got similar errors. Can it be that the new openssl version breaks compatibility with the old openvpn server? Unfortunately I can not update all systems at the same time so I'm stuck here. Any help is much appreciated! Simon _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
