asraf5285
By:
asraf5285

OpenSSL error when client connect to server

April 26, 2017 753 views
VPN Ubuntu 16.04

Hai,

i already setup everything with the following tutorial at here...
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

But, i have a problem when a client want to connect with ovpn config. I try with android and Windows platform and got same error. Below this is my error and how to fix the SSL problem?

Thu Apr 27 01:33:16 2017 OpenVPN 2.3.14 x8664-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 7 2016
Thu Apr 27 01:33:16 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Apr 27 01:33:16 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Enter Management Password:
Thu Apr 27 01:33:16 2017 MANAGEMENT: TCP Socket listening on [AF
INET]127.0.0.1:25342
Thu Apr 27 01:33:16 2017 Need hold release from management interface, waiting...
Thu Apr 27 01:33:17 2017 MANAGEMENT: Client connected from [AFINET]127.0.0.1:25342
Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD 'state on'
Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD 'log all on'
Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD 'hold off'
Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD 'hold release'
Thu Apr 27 01:33:17 2017 OpenSSL: error:0906D06C:PEM routines:PEM
readbio:no start line
Thu Apr 27 01:33:17 2017 OpenSSL: error:140AD009:SSL routines:SSL
CTXusecertificate_file:PEM lib
Thu Apr 27 01:33:17 2017 MANAGEMENT: Client disconnected
Thu Apr 27 01:33:17 2017 Cannot load inline certificate file
Thu Apr 27 01:33:17 2017 Exiting due to fatal error

2 Answers

Hi @asraf5285
It says Cannot load inline certificate file so could it be that you're not including the certificate or line ending might be messed up?
http://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste

  • If I'm not including the certificate how to write and where? And if I mess up, how to find the ssl config?

    I try your link but it run on windows. I run the Digital Ocean Linux uBuntu 16.04 as my server..

    • @asraf5285

      Your ovpn config file for the client needs to either include the certificate inline or point to the file containing the certificate.

      The log output you've included is from Windows.

      You generate the certificate key pair in step 6 of the tutorial, but you merge it into the ovpn config file in step 11.

      • OK. Note it and I'm trying..

      • Thank you very much sir. The problem is solve but I got another error. huhu...

        Thu Apr 27 11:57:59 2017 OpenVPN 2.3.14 x8664-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 7 2016
        Thu Apr 27 11:57:59 2017 Windows version 6.1 (Windows 7) 64bit
        Thu Apr 27 11:57:59 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
        Thu Apr 27 11:57:59 2017 MANAGEMENT: TCP Socket listening on [AF
        INET]127.0.0.1:25340
        Thu Apr 27 11:57:59 2017 Need hold release from management interface, waiting...
        Thu Apr 27 11:57:59 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
        Thu Apr 27 11:57:59 2017 MANAGEMENT: CMD 'state on'
        Thu Apr 27 11:57:59 2017 MANAGEMENT: CMD 'log all on'
        Thu Apr 27 11:57:59 2017 MANAGEMENT: CMD 'hold off'
        Thu Apr 27 11:57:59 2017 MANAGEMENT: CMD 'hold release'
        Thu Apr 27 11:57:59 2017 Control Channel Authentication: tls-auth using INLINE static key file
        Thu Apr 27 11:57:59 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
        Thu Apr 27 11:57:59 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
        Thu Apr 27 11:57:59 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
        Thu Apr 27 11:57:59 2017 MANAGEMENT: >STATE:1493265479,RESOLVE,,,
        Thu Apr 27 11:58:02 2017 RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found.
        Thu Apr 27 11:58:02 2017 MANAGEMENT: >STATE:1493265482,RESOLVE,,,
        Thu Apr 27 11:58:04 2017 RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found.
        Thu Apr 27 11:58:11 2017 RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found.
        Thu Apr 27 11:58:18 2017 RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found.
        Thu Apr 27 11:58:26 2017 RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found.

        • But does the address my-server-1 exists on the server network? Is that the real name or have you renamed it before posting here?
          Have a look in you ovpn file - that address must be part of a parameter (or maybe in the openvpn.conf on the server)

          • my-server-1 is not exists in the server network and not the real name that I use. I already find in openvpn-ca/vars but not found. Is there any place I can file the openvpan config on the server to find the name of the address?

@asraf5285
I'm not sure why you're getting RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found.
I would recommend starting over and following the tutorial step by step. Or you could try asking in forums on openvpn.net

Have another answer? Share your knowledge.