openvpn client with higher openssl version that cert generation

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
sdvpn
OpenVpn Newbie
Posts: 6
Joined: Thu Aug 10, 2017 2:59 am

openvpn client with higher openssl version that cert generation

Post by sdvpn » Thu Aug 10, 2017 3:10 am

Trying to run openvpn server on tomato router and connect with android openvpn client. It's not working, I've tried a few different things so I dont have the exact error in front of me now. But I believe the issue might be that the android openvpn client uses openssl 1.1.0f. But I generated the certificates using easy-rsa on ubuntu 16.04 which uses openssl 1.0.2g. Is that my problem? My router is using openvpn 1.0.2k.

I want to upgrade my easy-rsa scripts on ubuntu 16.04 so I could verify if that is my problem. So I pgraded openvpn and I upgraded openssl to 1.1.0f, but still the easy-rsa scripts point to old openssl. I am getting the error:
easyrsa/openssl.cnf: No such file or directory
pkitool: KEY_CONFIG (set by the ./vars script) is pointing to the wrong
version of openssl.cnf: /home/sd/easyrsa/openssl.cnf
I looked at the easy-rsa directory and see openssl-1.0.0.cnf but I don't see one for version 1.1.0. I also looked on the web and could not find such a file. So I must be on the wrong track. Maybe I went to far and should of just upgraded to openvpn 1.0.2k on ubuntu, might try that next. Or maybe I need to downgrade openvpn on android to something that uses openssl 1.0.2k. Too many things to try, any suggestions?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: openvpn client with higher openssl version that cert generation

Post by TinCanTech » Thu Aug 10, 2017 8:16 pm


Post Reply