OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
uk_expat
OpenVpn Newbie
Posts: 1
Joined: Fri Apr 24, 2015 10:17 pm

OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)

Post by uk_expat » Fri Apr 24, 2015 10:54 pm

Hi, I'm attempting to get OpenVPN on my ReadyNAS conecting to PIA. I'm no Linix guru but have fudged my way through so far and can get the VPN to fire up but is fails during the certificate verification. I've posted the config and error message below:

NAS_DRIVE:/etc/openvpn# more Sydney.ovpn
client
dev tun
proto udp
remote aus.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass userpass.file
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem

The above config generates the below error:

NAS_DRIVE:/etc/init.d# ./startvpn.sh
Options error: Unrecognized option or missing parameter(s) in Sydney.ovpn:11: remote-cert-tls (2.0)
Use --help for more information.

I have also tried replacing 'remote-cert-tls' with 'ns-cert-type' which gives the below output:

NAS_DRIVE:/etc/init.d# ./startvpn.sh
Sun Apr 19 15:53:37 2015 OpenVPN 2.0 sparc-unknown-linux [SSL] [LZO] [EPOLL] built on Jan 17 2007
Sun Apr 19 15:53:37 2015 WARNING: file 'userpass.file' is group or others accessible
Sun Apr 19 15:53:37 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Apr 19 15:53:37 2015 LZO compression initialized
Sun Apr 19 15:53:37 2015 RESOLVE: NOTE: aus.privateinternetaccess.com resolves to 4 addresses, choosing one by random
Sun Apr 19 15:53:37 2015 UDPv4 link local: [undef]
Sun Apr 19 15:53:37 2015 UDPv4 link remote: 103.43.72.133:1194
Sun Apr 19 15:53:37 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:cert ificate verify failed
Sun Apr 19 15:53:37 2015 TLS Error: TLS object -> incoming plaintext read error
Sun Apr 19 15:53:37 2015 TLS Error: TLS handshake failed
Sun Apr 19 15:53:37 2015 SIGUSR1[soft,tls-error] received, process restarting
Sun Apr 19 15:53:39 2015 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Apr 19 15:53:39 2015 Re-using SSL/TLS context

I downloaded a fresh client cert directly from PIA so I am unsure where the issue lies here, if anyone can be of assistance it would be much appreciated..

Cheers
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)

Post by maikcat » Mon Apr 27, 2015 5:49 am

AFAIK openvpn 2.0 does NOT support remote-cert-tls

did you tried to connect without remote-cert-tls OR ns-cert-type?

Michael.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: OpenVPN <--> PIA on ReadyNAS Duo v1 (Sparc)

Post by Traffic » Mon Apr 27, 2015 11:01 am

uk_expat wrote:Sun Apr 19 15:53:37 2015 OpenVPN 2.0 sparc-unknown-linux [SSL] [LZO] [EPOLL] built on Jan 17 2007
8 year old software .. bad idea :!: :geek:
Top
Post Reply

Return to “The OpenVPN Access Server”