Help Center/ Virtual Private Network/ Troubleshooting/ Client Connection Failures/ The Client Log Contains "error:068000A8:asn1 encoding routines:wrong tag"
Updated on 2025-05-14 GMT+08:00
View PDF
Share

The Client Log Contains "error:068000A8:asn1 encoding routines:wrong tag"

Applicable Client

  • Linux
  • Windows OpenVPN GUI
  • Windows OpenVPN Connect

Symptom

A client cannot connect to a P2C VPN gateway, and the log contains the following error information:

error:068000A8:asn1 encoding routines:wrong tag

Possible Causes

The client certificate and private key do not match.

Procedure

  1. Open the client_config.ovpn, p2cclient.com.crt, and p2cclient.com.key files using Notepad or Notepad++.

    In this example, p2cclient.com.crt is the client certificate, and p2cclient.com.key is the client private key.

  2. Copy the client certificate and private key to the client_config.ovpn file.

    Enter the client certificate content and the corresponding private key in between <cert></cert> and <key></key> tags, respectively. An example is as follows:

    <cert>
-----BEGIN CERTIFICATE-----
Client certificate content
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----
Client private key
-----END PRIVATE KEY-----
</key>
  1. Save the .ovpn configuration file.
  2. Start the OpenVPN client.
  3. Import the new client configuration file.
  4. Use the client to reconnect to the VPN gateway.
  5. On Windows, press Win+R and enter cmd to open the command window.

    On Linux, log in as the root user and open the command window.

  6. XX.XX.XX.XX indicates the private IP address of the ECS to be connected. Replace it with the actual private IP address.

    If information similar to the following is displayed, the client can communicate with the ECS:

    64 bytes from XX.XX.XX.XX: icmp_seq=1 ttl=63 time=1.27 ms
64 bytes from XX.XX.XX.XX: icmp_seq=2 ttl=63 time=1.36 ms
64 bytes from XX.XX.XX.XX: icmp_seq=3 ttl=63 time=1.40 ms
64 bytes from XX.XX.XX.XX: icmp_seq=4 ttl=63 time=1.29 ms
64 bytes from XX.XX.XX.XX: icmp_seq=5 ttl=63 time=1.35 ms
64 bytes from XX.XX.XX.XX: icmp_seq=6 ttl=63 time=1.52 ms

If you use a client on Linux, you need to upload the configuration file client_config.conf to the Linux system using Xftp. For details, see Configuring a Client.