Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: sos_opnsense on May 01, 2024, 09:10:59 AM

Title: Zenarmor causing error "GnuTLS: The TLS connection was non-properly terminated"
Post by: sos_opnsense on May 01, 2024, 09:10:59 AM
Trying to install docker in a container today, I cam across this error when attempting a wget command.

Code Select

Connecting to syd1lxdmirror01.do.letsbuildthe.cloud (syd1lxdmirror01.do.letsbuildthe.cloud)|170.64.160.91|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.


Same issue on a couple of machines, and trying to wget different files.

Being behind my OPNsense router, the first step I tried solved the issue - disabling Zenarmor's active protection on my LAN (netmap).

Thoughts?

Title: Re: Zenarmor causing error "GnuTLS: The TLS connection was non-properly terminated"
Post by: meyergru on May 01, 2024, 09:47:58 AM
1. Search the forum. Try with "zenarmor" "breaks" "ssl".
2. Think about how TLS works. Then think about what needs to be done in order to inspect TLS traffic (Hint: decrypt and re-encrypt). Then ask yourself, which certificate you might see when this is active and which CA it is issued by (Hint: it is not the original one of the website your try to connect to).
3. Guess what could happen if a "wrong" certificate (because it was issued by a non-official CA) might cause (Hint: errors?).
4. Ask yourself why the zenarmor documentation states that the zenarmor CA must be imported into all clients. That is, if you want to use active protection which is rumored to inspect TLS traffic.
5. Try to remember if you did indeed import your zenarmor CA into your docker container and/or the affected machines.
6. Come back here afterwards if any questions remain.

Sorry, could not resist. It always helps to know how things (don't) work.

Title: Re: Zenarmor causing error "GnuTLS: The TLS connection was non-properly terminated"
Post by: sos_opnsense on May 01, 2024, 12:35:55 PM
Quote from: meyergru on May 01, 2024, 09:47:58 AM
It always helps

V. helpful - thanks for the insights!
Title: Re: Zenarmor causing error "GnuTLS: The TLS connection was non-properly terminated"
Post by: Greg_E on May 01, 2024, 03:54:30 PM
Do you have the paid version? I haven't been seeing this with the free version on any of the Debian servers I've been putting up for things like FOG server or KASM server or installing Xen Orchestra.
Title: Re: Zenarmor causing error "GnuTLS: The TLS connection was non-properly terminated"
Post by: sos_opnsense on May 02, 2024, 10:21:23 AM
Quote from: Greg_E on May 01, 2024, 03:54:30 PM
Do you have the paid version?

Nope - free version. I downloaded and installed the Zenarmor CA certificate and installed it on my Windows box, and then could download the file at the https address with the error.

Tried the same in my arch install and also importing the cert into TrueNAS, but still no luck on those machines.
Title: Re: Zenarmor causing error "GnuTLS: The TLS connection was non-properly terminated"
Post by: Greg_E on May 02, 2024, 04:05:09 PM
I must have skipped that option for now, I'll have to look next time I log in.
Text only | Text with Images