Open fmoledina opened 3 years ago
I am seeing this same problem on one of my containers. Checking the date on the container gives me
Sun Jan 0 00:100:4174038 1900
and the logs are showing the date as 2071 so with the clock very wrong it is reporting all certs as being either too early or expired.
I am seeing the same issue I was thinking that it is also to do with the date being so far out. I have only started trying to setup the container and not been able to run it properly yet. So looking to try and get some help. And I think the first issue to resolve is this time issue
2071-06-05 17:02:40 TLS_ERROR: BIO read tls_read_plaintext error, 2071-06-05 17:03:12 TLS Error: TLS handshake failed, 2071-06-05 17:03:12 TLS Error: TLS object -> incoming plaintext read error, 2071-06-05 17:02:16 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed, 2071-06-05 17:04:40 UDP link remote: [AF_INET]217.138.195.163:1194, 2071-06-05 16:49:28 VERIFY ERROR: depth=1, error=format error in certificate's notBefore field: CN=Privado, serial=14657979451860672462, 2071-06-05 17:04:56 TLS: Initial packet from [AF_INET]217.138.195.163:1194, sid=0183460b 2f5472ec, 2071-06-05 17:04:40 UDP link local: (not bound), 2071-06-05 17:02:32 Socket Buffers: R=[180224->180224] S=[180224->180224], 2071-06-05 17:09:20 SIGUSR1[soft,tls-error] received, process restarting, 2071-06-05 17:06:48 Restart pause, 300 second(s), 2071-06-05 17:03:20 TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.195.163:1194, 2071-06-05 17:05:28 TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.195.163:1194
After doing some digging, this is likely related to the Alpine 3.13 release and its impact on Debian-Buster-based distros on 32-bit ARM hardware (including Ubuntu 20.04). I'm using an Odroid HC2 with Ubuntu 20.04 (i.e. armhf) and that's where this issue has surfaced for me.
See the following links:
The musl-1.2 upgrade changed the definition of time_t to 64-bits on all arches. This affects armhf, armv7 and x86. See the musl time64 release notes and the wiki for more information.
I was able to build an image based using the Dockerfile.armhf
using the arm32v6/alpine:3.12.3
base image.
I've been using this Docker image with AirVPN for the past year without any issues using the generated .ovpn files from their site. With the latest images published yesterday, I now get the following errors when trying to start the container:
docker-compose logs -t --tail 50 ovpn
:Not sure why the timestamps are in the year 2071.
docker-compose.yml
snippet:I've tried creating a new config at AirVPN specifying OpenVPN >= 2.5 but I get the same error. A snippet of this new config is below:
Let me know what other information I can provide. Thanks!