search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.42k stars 350 forks source link

OpenSSL error connecting to VPN Unlimited: self-signed certificate in certificate chain #2005

Closed regystro closed 8 months ago

regystro commented 9 months ago

Is this urgent?

Yes: unable to use gluetun

Host OS

Debian Bookworm

CPU arch

x86_64

VPN service provider

VPNUnlimited

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2023-12-14T16:10:26.989Z (commit f0f9bdb)

What's the problem 🤔

Unable to connect to VPN due to self signed certificate. It was working 2 days ago. I stopped the container and pulled latest version, but same error.

Share your logs (at least 10 lines)

2023-12-15T10:12:09+01:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2023-12-15T10:12:09+01:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2023-12-15T10:12:09+01:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]<redacted>
2023-12-15T10:12:09+01:00 INFO [openvpn] UDP link local: (not bound)
2023-12-15T10:12:09+01:00 INFO [openvpn] UDP link remote: [AF_INET]151.80.27.199:1194
2023-12-15T10:12:09+01:00 INFO [openvpn] VERIFY ERROR: depth=2, error=self-signed certificate in certificate chain: C=US, ST=NY, L=New York, O=KeepSolid Inc., OU=KeepSolid Root CA, CN=KeepSolid Root CA, emailAddress=admin@keepsolid.com, serial=429164281094478856831696042475561970021707008630
2023-12-15T10:12:09+01:00 INFO [openvpn] OpenSSL: error:0A000086:SSL routines::certificate verify failed
2023-12-15T10:12:09+01:00 INFO [openvpn] TLS_ERROR: BIO read tls_read_plaintext error
2023-12-15T10:12:09+01:00 INFO [openvpn] TLS Error: TLS object -> incoming plaintext read error
2023-12-15T10:12:09+01:00 INFO [openvpn] TLS Error: TLS handshake failed
2023-12-15T10:12:09+01:00 INFO [openvpn] SIGTERM received, sending exit notification to peer
2023-12-15T10:12:09+01:00 INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting

Share your configuration

- VPN_SERVICE_PROVIDER=vpn unlimited
      - SERVER_COUNTRIES=Netherlands,Germany,Finland,Belgium,Denmark,France
      - OPENVPN_USER=<redacted>
      - OPENVPN_PASSWORD=<redacted>
kennyeni commented 6 months ago

Guessing we need something similar to: https://github.com/qdm12/gluetun/commit/cfc29d6a6b3d20abe9e40802388fe1a2391f8f9a ?

Where can we get the new CA? Do we need to talk to Unlimited VPN customer service?