Connection Error - Log Help Please

Got a problem with Viscosity or need help? Ask here!

Garratt

Posts: 1
Joined: Wed Mar 23, 2022 8:02 am

Post by Garratt » Wed Mar 23, 2022 8:08 am
I was wondering if someone rather more knowledgeable on VPN logs can identify where the problem is. A connection which has worked previously has stopped letting me connect and I am getting this in the logs. Address changed

Viscosity Mac 1.10.1 (1586)
Viscosity OpenVPN Engine Started
Running on macOS 12.3.0
---------
State changed to Connecting
Checking reachability status of connection...
Connection is reachable. Starting connection attempt.
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
OpenVPN 2.5.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Oct 22 2021
library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Valid endpoint found: 1.2.3.4:443:tcp-client
TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:443
Attempting to establish TCP connection with [AF_INET]1.2.3.4:443 [nonblock]
TCP connection established with [AF_INET]1.2.3.4:443
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]1.2.3.4:443
State changed to Authenticating
VERIFY ERROR: depth=0, error=unable to get local issuer certificate: O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN Server, serial=9999999
OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGTERM[soft,tls-error] received, process exiting
State changed to Disconnected (Process Terminated)
Delaying connection reconnect attempt by 600 seconds

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Mar 23, 2022 1:39 pm
Hi Garratt,

This could indicate that there is a problem with the OpenVPN server's certificate, or the server's certificate has changed and the CA certificate for your VPN connection needs to be updated. You'll need to get in touch with your VPN Provider for an updated configuration (or they need to fix an issue with the server):
https://www.sparklabs.com/support/kb/ar ... ovider-is/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1