security issue with openvpn???

Question

security issue with openvpn???

Opened this issue 2 years ago · 0 comments

I was not able to connect with wireguard. The command line is looping itself.
so I tried with openvpn. It looks better but with issues:
note: I successfully ran the GUI connection tool with success.
I am using Ubuntu 22.04
The single difference is I have to use UDP port 123 to avoid blocking port on my internet box (it works with the GUI connection tool)
I also have the same error on my ARM box: (nanopim4v2)
here is what I've done:

change in file connect_to_openvpn_with_token.sh the UDP port to 123

then I ran:

sudo VPN_PROTOCOL=openvpn
DISABLE_IPV6=yes
DIP_TOKEN=no AUTOCONNECT=true
PIA_PF=false PIA_DNS=true
PIA_USER=myuseraccount
PIA_PASS=mypassword
./run_setup.sh

and here are the error log I have:

sudo cat /opt/piavpn-manual/debug_info

2023-01-07 12:58:11 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
2023-01-07 12:58:11 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-01-07 12:58:11 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-01-07 12:58:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-01-07 12:58:11 TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.143:123
2023-01-07 12:58:11 UDP link local: (not bound)
2023-01-07 12:58:11 UDP link remote: [AF_INET]156.146.63.143:123
2023-01-07 12:58:11 VERIFY ERROR: depth=1, error=authority and subject key identifier mismatch: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com, serial=11326266036671781357
2023-01-07 12:58:11 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-01-07 12:58:11 TLS_ERROR: BIO read tls_read_plaintext error
2023-01-07 12:58:11 TLS Error: TLS object -> incoming plaintext read error
2023-01-07 12:58:11 TLS Error: TLS handshake failed
2023-01-07 12:58:11 SIGUSR1[soft,tls-error] received, process restarting
2023-01-07 12:58:16 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-01-07 12:58:16 TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.143:123
2023-01-07 12:58:16 UDP link local: (not bound)
2023-01-07 12:58:16 UDP link remote: [AF_INET]156.146.63.143:123
2023-01-07 12:58:16 VERIFY ERROR: depth=1, error=authority and subject key identifier mismatch: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com, serial=11326266036671781357
2023-01-07 12:58:16 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-01-07 12:58:16 TLS_ERROR: BIO read tls_read_plaintext error
2023-01-07 12:58:16 TLS Error: TLS object -> incoming plaintext read error
2023-01-07 12:58:16 TLS Error: TLS handshake failed
2023-01-07 12:58:16 SIGUSR1[soft,tls-error] received, process restarting
2023-01-07 12:58:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-01-07 12:58:21 TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.143:123
2023-01-07 12:58:21 UDP link local: (not bound)
2023-01-07 12:58:21 UDP link remote: [AF_INET]156.146.63.143:123
2023-01-07 12:58:21 VERIFY ERROR: depth=1, error=authority and subject key identifier mismatch: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com, serial=11326266036671781357
2023-01-07 12:58:21 OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-01-07 12:58:21 TLS_ERROR: BIO read tls_read_plaintext error
2023-01-07 12:58:21 TLS Error: TLS object -> incoming plaintext read error
2023-01-07 12:58:21 TLS Error: TLS handshake failed
2023-01-07 12:58:21 SIGUSR1[soft,tls-error] received, process restarting
2023-01-07 12:58:22 SIGTERM[hard,init_instance] received, process exiting

any help is really welcomed :)