keine VPN Verbindung

[Kall66]

Hallo an alle,

ich habe ein merkwürdiges Phänomen bei meine DS.
Habe eine DS 112j und eine DS 412j.
Diese stehen zuhause und am Arbeitsplatz.
Die VPN Konfigurationen haben lange Zeit gefunzt.

Sind also relativ identisch.

Bei der DS412j ist ein Router vorgeschaltet. UDP 1194 ist geroutet.
IP Adresse ist fest von der Telekom eingerichtet. Hier geht OpenVPN.

Bei der DS 112j ist ebenfalls ein Router vorgeschaltet und UDP 1194 ist geroutet.
DynDNS Adresse ist eingerichtet und funzt. Das sieht man daher, dass das Backup von der DS412j jede Nacht ein RSync Backup erfolgreich an die DS112j macht.
Ich komme aber nicht per VPN drauf. Wenn ich die ca.crt von der DS 112j herunterlade und in den Config Ordner lege, dann geht der Zugriff auf die DS 112j, aber nicht auf die andere.

Wenn ich das Zertifikat der DS 412j wieder in den Config-Ordner lege, dann geht der Zugriff auf die 112 nicht mehr.

Das Ganze hat aber mal einwandfrei gefunzt und ich habe eigentlich nichts geändert.

Vielleicht kann mir jemand helfen.

Anbei der letzte Log

Jul 16 13:05:40 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Sun Jul 16 13:05:40 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Jul 16 13:05:40 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Sun Jul 16 13:05:42 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 13:05:42 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:05:42 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Jul 16 13:05:42 2017 UDP link remote: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:05:42 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jul 16 13:05:42 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=TW, L=Taipei, O=Synology Inc., CN=synology.com
Sun Jul 16 13:05:42 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Jul 16 13:05:42 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jul 16 13:05:42 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 16 13:05:42 2017 TLS Error: TLS handshake failed
Sun Jul 16 13:05:42 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 16 13:05:48 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 13:05:48 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:05:48 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Jul 16 13:05:48 2017 UDP link remote: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:05:48 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=TW, L=Taipei, O=Synology Inc., CN=synology.com
Sun Jul 16 13:05:48 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Jul 16 13:05:48 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jul 16 13:05:48 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 16 13:05:48 2017 TLS Error: TLS handshake failed
Sun Jul 16 13:05:48 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 16 13:05:53 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 13:05:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:05:53 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Jul 16 13:05:53 2017 UDP link remote: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:05:53 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_ACK_V1)
Sun Jul 16 13:05:54 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:05:55 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:05:55 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_ACK_V1)
Sun Jul 16 13:05:57 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:05:59 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:05:59 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_ACK_V1)
Sun Jul 16 13:05:59 2017 TCP/UDP: Incoming packet rejected from [AF_INET]87.138.197.216:1194[2], expected peer address: [AF_INET]93.215.87.119:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Jul 16 13:06:03 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:06:04 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:06:07 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_ACK_V1)
Sun Jul 16 13:06:09 2017 TCP/UDP: Incoming packet rejected from [AF_INET]87.138.197.216:1194[2], expected peer address: [AF_INET]93.215.87.119:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Jul 16 13:06:14 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:06:15 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:06:19 2017 TCP/UDP: Incoming packet rejected from [AF_INET]87.138.197.216:1194[2], expected peer address: [AF_INET]93.215.87.119:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Jul 16 13:06:20 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:06:20 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_CONTROL_V1)
Sun Jul 16 13:06:23 2017 TLS Error: Unroutable control packet received from [AF_INET]93.215.87.119:1194 (si=3 op=P_ACK_V1)
Sun Jul 16 13:06:29 2017 TCP/UDP: Incoming packet rejected from [AF_INET]87.138.197.216:1194[2], expected peer address: [AF_INET]93.215.87.119:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Jul 16 13:06:39 2017 TCP/UDP: Incoming packet rejected from [AF_INET]87.138.197.216:1194[2], expected peer address: [AF_INET]93.215.87.119:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Jul 16 13:06:49 2017 TCP/UDP: Incoming packet rejected from [AF_INET]87.138.197.216:1194[2], expected peer address: [AF_INET]93.215.87.119:1194 (allow this incoming source address/port by removing --remote or adding --float)
Sun Jul 16 13:06:53 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jul 16 13:06:53 2017 TLS Error: TLS handshake failed
Sun Jul 16 13:06:53 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 16 13:06:58 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 13:06:58 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:06:58 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Jul 16 13:06:58 2017 UDP link remote: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:06:58 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=TW, L=Taipei, O=Synology Inc., CN=synology.com
Sun Jul 16 13:06:58 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Jul 16 13:06:58 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jul 16 13:06:58 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 16 13:06:58 2017 TLS Error: TLS handshake failed
Sun Jul 16 13:06:58 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 16 13:07:03 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jul 16 13:07:03 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:07:03 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Jul 16 13:07:03 2017 UDP link remote: [AF_INET]93.215.87.119:1194
Sun Jul 16 13:07:04 2017 VERIFY ERROR: depth=0, error=certificate signature failure: C=TW, L=Taipei, O=Synology Inc., CN=synology.com
Sun Jul 16 13:07:04 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Jul 16 13:07:04 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sun Jul 16 13:07:04 2017 TLS Error: TLS object -> incoming plaintext read error
Sun Jul 16 13:07:04 2017 TLS Error: TLS handshake failed
Sun Jul 16 13:07:04 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 16 13:07:06 2017 SIGTERM[hard,init_instance] received, process exiting

Danke für ein Feedback.

Gruß

Kall

 

[tproko]

Verwenden Server und Client das gleiche Cert? Bzw. ist dieses noch gültig?

Diese Fehlermeldung macht mich auch noch etwas stutzig:
Sun Jul 16 13:05:42 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Schaut so aus, dass der Server das Zertifikat verloren hat? Evt. liegt das auch an einem Update, nachdem ein anderer User hier auch Probleme mit VPN und Zertifikat hat.
Prüfte mal, ob du in den Systemeinstelungen Zertifikate findest, und ob eines davon für den VPN Server eingetragen wurde.