Hi, I'm attempting to get OpenVPN on my ReadyNAS conecting to PIA. I'm no Linix guru but have fudged my way through so far and can get the VPN to fire up but is fails during the certificate verification. I've posted the config and error message below:
NAS_DRIVE:/etc/openvpn# more Sydney.ovpn
client
dev tun
proto udp
remote aus.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass userpass.file
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem
The above config generates the below error:
NAS_DRIVE:/etc/init.d# ./startvpn.sh
Options error: Unrecognized option or missing parameter(s) in Sydney.ovpn:11: remote-cert-tls (2.0)
Use --help for more information.
I have also tried replacing 'remote-cert-tls' with 'ns-cert-type' which gives the below output:
NAS_DRIVE:/etc/init.d# ./startvpn.sh
Sun Apr 19 15:53:37 2015 OpenVPN 2.0 sparc-unknown-linux [SSL] [LZO] [EPOLL] built on Jan 17 2007
Sun Apr 19 15:53:37 2015 WARNING: file 'userpass.file' is group or others accessible
Sun Apr 19 15:53:37 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Apr 19 15:53:37 2015 LZO compression initialized
Sun Apr 19 15:53:37 2015 RESOLVE: NOTE: aus.privateinternetaccess.com resolves to 4 addresses, choosing one by random
Sun Apr 19 15:53:37 2015 UDPv4 link local: [undef]
Sun Apr 19 15:53:37 2015 UDPv4 link remote: 103.43.72.133:1194
Sun Apr 19 15:53:37 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:cert ificate verify failed
Sun Apr 19 15:53:37 2015 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 19 15:53:37 2015 TLS Error: TLS handshake failed
Sun Apr 19 15:53:37 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 19 15:53:39 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Apr 19 15:53:39 2015 Re-using SSL/TLS context
I downloaded a fresh client cert directly from PIA so I am unsure where the issue lies here, if anyone can be of assistance it would be much appreciated..
Cheers
OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Apr 24, 2015 10:17 pm
- maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)
AFAIK openvpn 2.0 does NOT support remote-cert-tls
did you tried to connect without remote-cert-tls OR ns-cert-type?
Michael.
did you tried to connect without remote-cert-tls OR ns-cert-type?
Michael.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)
8 year old software .. bad ideauk_expat wrote:Sun Apr 19 15:53:37 2015 OpenVPN 2.0 sparc-unknown-linux [SSL] [LZO] [EPOLL] built on Jan 17 2007