Error: peer certificate verification failure

Post your questions about VPN Gate Academic Experiment Service here. Please answer questions if you can afford.
Post Reply
Llmt
Posts: 3
Joined: Sun Dec 18, 2022 12:42 pm

Error: peer certificate verification failure

Post by Llmt » Sun Dec 18, 2022 1:02 pm

I am having a problem when i try to use VPN through open vpn app. (iPhone and iPad)
It says “connection failed. There was an error attempting to connect to the selected server. Error message: peer certificate verification failure.”
Could you indicate me how to solve this problem?
Until yesterday, it has worked without any problem.
Thanks in advance.

sisa22
Posts: 3
Joined: Sun Dec 18, 2022 4:22 pm

Re: Error: peer certificate verification failure

Post by sisa22 » Sun Dec 18, 2022 4:26 pm

Same problem here. New ios updated trickers the errors?

Llmt
Posts: 3
Joined: Sun Dec 18, 2022 12:42 pm

Re: Error: peer certificate verification failure

Post by Llmt » Sun Dec 18, 2022 7:38 pm

I don’t think so cuz I did the update after finding this problem.
And the update did not change anything.
Now the app doesn’t show the error message, but I still can’t use any VPN.

cedar
Site Admin
Posts: 2118
Joined: Sat Mar 09, 2013 5:37 am

Re: Error: peer certificate verification failure

Post by cedar » Mon Dec 19, 2022 3:06 am

It seems that the VPN Gate service certificate has been renewed.
This issue may be a result of that.

Llmt
Posts: 3
Joined: Sun Dec 18, 2022 12:42 pm

Re: Error: peer certificate verification failure

Post by Llmt » Mon Dec 19, 2022 12:40 pm

Now I can use VPN without any problem

lamoz
Posts: 1
Joined: Tue Dec 20, 2022 5:35 am

Re: Error: peer certificate verification failure

Post by lamoz » Tue Dec 20, 2022 5:44 am

I do experiences same problem.

Is there solution yet?

Android: not working
iOS: not working
PC: works just fine

Lest is Most recent attempt to connect vpngate

—————
Log

[Dec 20, 2022, 11:02:14] START CONNECTION

[Dec 20, 2022, 11:02:14] ----- OpenVPN Start -----
OpenVPN core 3.git::081bfebe ios arm64 64-bit

[Dec 20, 2022, 11:02:14] OpenVPN core 3.git::081bfebe ios arm64 64-bit

[Dec 20, 2022, 11:02:14] Frame=512/2048/512 mssfix-ctrl=1250

[Dec 20, 2022, 11:02:14] UNUSED OPTIONS
5 [resolv-retry] [infinite]
6 [nobind]
7 [persist-key]
8 [persist-tun]
10 [verb] [3]

[Dec 20, 2022, 11:02:14] EVENT: RESOLVE

[Dec 20, 2022, 11:02:14] Contacting 218.221.110.198:1748 via TCPv4

[Dec 20, 2022, 11:02:14] EVENT: WAIT

[Dec 20, 2022, 11:02:14] Connecting to [218.221.110.198]:1748 (218.221.110.198) via TCPv4

[Dec 20, 2022, 11:02:14] EVENT: CONNECTING

[Dec 20, 2022, 11:02:14] Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client

[Dec 20, 2022, 11:02:14] Creds: UsernameEmpty/PasswordEmpty

[Dec 20, 2022, 11:02:14] Peer Info:
IV_VER=3.git::081bfebe
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-128-CBC
IV_IPv6=1
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.3.2-5086
IV_SSO=webauth,openurl,crtext


[Dec 20, 2022, 11:02:14] VERIFY FAIL: depth=1, /C=US/O=Let's Encrypt/CN=R3, signature: RSA-SHA256 [unable to get local issuer certificate]

[Dec 20, 2022, 11:02:14] Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

[Dec 20, 2022, 11:02:14] EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [ERR]

[Dec 20, 2022, 11:02:14] EVENT: DISCONNECTED

[Dec 20, 2022, 11:02:14] EVENT: CORE_THREAD_DONE

[Dec 20, 2022, 11:02:14] EVENT: DISCONNECT_PENDING

[Dec 20, 2022, 11:02:14] Raw stats on disconnect:
BYTES_IN : 3351
BYTES_OUT : 345
PACKETS_IN : 3
PACKETS_OUT : 3
SSL_ERROR : 1
CERT_VERIFY_FAIL : 1


[Dec 20, 2022, 11:02:14] Performance stats on disconnect:
CPU usage (microseconds): 27981
Network bytes per CPU second: 132089
Tunnel bytes per CPU second: 0

sisa22
Posts: 3
Joined: Sun Dec 18, 2022 4:22 pm

Re: Error: peer certificate verification failure

Post by sisa22 » Tue Dec 20, 2022 5:26 pm

Llmt wrote:
Mon Dec 19, 2022 12:40 pm
Now I can use VPN without any problem
but how you solve this ty in advance

sisa22
Posts: 3
Joined: Sun Dec 18, 2022 4:22 pm

Re: Error: peer certificate verification failure

Post by sisa22 » Tue Dec 20, 2022 5:33 pm

Oh, mine works now too ...

mso
Posts: 2
Joined: Sat Mar 18, 2023 8:06 am

Re: Error: peer certificate verification failure

Post by mso » Sat Mar 18, 2023 8:12 am

Are you experiencing the same problem again?
How can you prevent it from happening again?

Takagiri
Posts: 1
Joined: Sat Mar 18, 2023 9:41 am

Re: Error: peer certificate verification failure

Post by Takagiri » Sat Mar 18, 2023 9:43 am

I got "certificate verification failure" message today.
Please help.

WuttiGate2006
Posts: 1
Joined: Sat Mar 18, 2023 11:56 am

Re: Error: peer certificate verification failure

Post by WuttiGate2006 » Sat Mar 18, 2023 12:00 pm

Now we can't connect to VPN either. Failed server certificate status I am a user from Thailand. If it works then let me know

ishan_D
Posts: 2
Joined: Sat Mar 18, 2023 12:25 pm

Re: Error: peer certificate verification failure

Post by ishan_D » Sat Mar 18, 2023 12:34 pm

I am facing similar issue but in my case it's server certificate. Following is the error log:

Code: Select all

stdout: 2023-03-18 12:12:41 OpenVPN 2.5.1 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-03-18 12:12:41 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
open_vpn_utl stdout: 2023-03-18 12:12:41 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
open_vpn_utl stdout: 2023-03-18 12:12:41 TCP/UDP: Preserving recently used remote address: [AF_INET]163.182.174.159:8080
open_vpn_utl stdout: 2023-03-18 12:12:41 Socket Buffers: R=[180224->180224] S=[180224->180224]
open_vpn_utl stdout: 2023-03-18 12:12:41 UDP link local: (not bound)
open_vpn_utl stdout: 2023-03-18 12:12:41 UDP link remote: [AF_INET]163.182.174.159:8080
open_vpn_utl stdout: 2023-03-18 12:12:41 TLS: Initial packet from [AF_INET]163.182.174.159:8080, sid=656ce834 4337ac03
open_vpn_utl stdout: 2023-03-18 12:12:42 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
open_vpn_utl stdout: 2023-03-18 12:12:42 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
open_vpn_utl stdout: 2023-03-18 12:12:42 VERIFY ERROR: depth=0, error=certificate has expired: CN=opengw.net, serial=270090734479764202226505740823661288419396
open_vpn_utl stdout: 2023-03-18 12:12:42 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
open_vpn_utl stdout: 2023-03-18 12:12:42 TLS_ERROR: BIO read tls_read_plaintext error
open_vpn_utl stdout: 2023-03-18 12:12:42 TLS Error: TLS object -> incoming plaintext read error
2023-03-18 12:12:42 TLS Error: TLS handshake failed
open_vpn_utl stdout: 2023-03-18 12:12:42 SIGUSR1[soft,tls-error] received, process restarting

open_vpn_utl stdout: 2023-03-18 12:12:42 Restart pause, 5 second(s)
open_vpn_utl stdout: 2023-03-18 12:12:47 All connections have been connect-retry-max (1) times unsuccessful, exiting
Anyone aware how to fix or report this to get the servers fixed?

groundzero
Posts: 2
Joined: Sat Mar 18, 2023 3:21 pm

Re: Error: peer certificate verification failure

Post by groundzero » Sat Mar 18, 2023 3:36 pm

Only the person that manages the server certificate can fix this. As a user, your only option is to temporarily disable certificate verification until this issue is fixed (or forever if nobody cares anymore). OpenVPN client doesn't allow you to disable certificate verification, so just use another client. One such client is SoftEther VPN Client. Just be aware that It's utter crap compared to OpenVPN client, and its only advantages are this (disabling certificate verification) and the ability to select a virtual hub.

iddqd
Posts: 1
Joined: Sat Mar 18, 2023 4:01 pm

Re: Error: peer certificate verification failure

Post by iddqd » Sat Mar 18, 2023 4:04 pm

i have the same problem now

mso
Posts: 2
Joined: Sat Mar 18, 2023 8:06 am

Re: Error: peer certificate verification failure

Post by mso » Sun Mar 19, 2023 4:05 pm

groundzero wrote:
Sat Mar 18, 2023 3:36 pm
Only the person that manages the server certificate can fix this. As a user, your only option is to temporarily disable certificate verification until this issue is fixed (or forever if nobody cares anymore). OpenVPN client doesn't allow you to disable certificate verification, so just use another client. One such client is SoftEther VPN Client. Just be aware that It's utter crap compared to OpenVPN client, and its only advantages are this (disabling certificate verification) and the ability to select a virtual hub.
I see, unfortunately, there is very little that can be done on the part of the user. I hope I won't have the same problem again in 3 months.

While I couldn't connect, I was wondering if I could use the `tls-cipher "DEFAULT:@SECLEVEL=0"` setting that I found on a search engine, but it is easier to use SoftEther than that. I'll keep that in mind.

groundzero
Posts: 2
Joined: Sat Mar 18, 2023 3:21 pm

Re: Error: peer certificate verification failure

Post by groundzero » Sun Mar 19, 2023 7:21 pm

Well, they renewed the certificate so everything should be working fine now. The certificate expires on June 15 2023.

As for --tls-cipher, that wouldn't help because it's just a list of TLS ciphers to use. As I said, only the person who manages the server certificate is able to fix things like this.

Post Reply