Windows client can not connect

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Vitaliy69
OpenVpn Newbie
Posts: 1
Joined: Wed Sep 28, 2016 6:58 pm

Windows client can not connect

Post by Vitaliy69 » Wed Sep 28, 2016 7:08 pm

Hello!

I generate certificates for OpenVPN server manually using this https://community.openvpn.net/openvpn/w ... nVPN-Howto instruction with vars file (https://github.com/OpenVPN/easy-rsa/blo ... rs.example).

Install them, server successfully restarted.

However, Windows client cannot connect to server:

Wed Sep 28 12:41:46 2016 OpenVPN 2.3.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 23 2016
Wed Sep 28 12:41:46 2016 Windows version 6.1 (Windows 7) 64bit
Wed Sep 28 12:41:46 2016 library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.09
Enter Management Password:
Wed Sep 28 12:41:47 2016 UDPv4 link local: [undef]
Wed Sep 28 12:41:47 2016 UDPv4 link remote: [AF_INET]5.167.100.107:1194
Wed Sep 28 12:41:49 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: CN=OpenVPN CA
Wed Sep 28 12:41:49 2016 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Sep 28 12:41:49 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep 28 12:41:49 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Sep 28 12:41:49 2016 TLS Error: TLS handshake failed
Wed Sep 28 12:41:49 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 28 12:41:51 2016 UDPv4 link local: [undef]
Wed Sep 28 12:41:51 2016 UDPv4 link remote: [AF_INET]5.167.100.107:1194
Wed Sep 28 12:41:51 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: CN=OpenVPN CA
Wed Sep 28 12:41:51 2016 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Sep 28 12:41:51 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep 28 12:41:51 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Sep 28 12:41:51 2016 TLS Error: TLS handshake failed
Wed Sep 28 12:41:51 2016 SIGUSR1[soft,tls-error] received, process restarting
Wed Sep 28 12:41:52 2016 SIGTERM[hard,init_instance] received, process exiting

On Linux (Manjaro with Kernel 4.4.21 and OpenSSL 1.0.2h) OpenVPN client via KDE NetworkManager works fine... :) Seems, the problem only with Windows OpenVPN client (tried 2.3.12-I601-x86_64 version), try on Windows 7 and Windows 10 with latest updates. Why? :(

OpenVPN server from Asus Merlin firmware, client configuration:

client
dev tun
proto udp
remote somehost.asuscomm.com 1194
float
cipher AES-256-CBC
auth SHA256
comp-lzo adaptive
keepalive 15 60
ns-cert-type server
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>
resolv-retry infinite
nobind

With default server configuration Windows client works fine (use sha1 certificates, generated use sha256).
Top
Post Reply

Return to “Cert / Config management”