[Solved] OpenVPN on Asus RT-AC68U nsCertType

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
chris_vpn
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 18, 2017 6:39 pm

[Solved] OpenVPN on Asus RT-AC68U nsCertType

Post by chris_vpn » Wed Jan 18, 2017 6:52 pm

Hi,

I downloaded EasyRSA-3.0.0-rc2 and have done the following

easyrsa init-pki
easyrsa build-ca - left common name default [Easy-RSA CA]
easyrsa build-server-full server nopass
easyrsa build-client-full client1
easyrsa gen-dh

On the router advanced page I paste in the CA.CRT / Server.CRt / Server.key and dh.pem and apply changes and the system log indicate that the openVPN is running.

Jan 18 11:43:07 rc_service: httpd 453:notify_rc restart_openvpnd;restart_chpass;restart_samba
Jan 18 11:43:10 openvpn[24720]: OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Nov 18 2016
Jan 18 11:43:10 openvpn[24720]: PLUGIN_INIT: POST /usr/lib/openvpn-plugin-auth-pam.so '[/usr/lib/openvpn-plugin-auth-pam.so] [openvpn]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Jan 18 11:43:10 openvpn[24720]: Diffie-Hellman initialized with 2048 bit key
Jan 18 11:43:10 openvpn[24720]: Socket Buffers: R=[122880->131072] S=[122880->131072]
Jan 18 11:43:10 openvpn[24720]: TUN/TAP device tun21 opened
Jan 18 11:43:10 openvpn[24720]: TUN/TAP TX queue length set to 100
Jan 18 11:43:10 openvpn[24720]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 18 11:43:10 openvpn[24720]: /sbin/ifconfig tun21 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Jan 18 11:43:10 openvpn[24720]: /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Jan 18 11:43:10 openvpn[24726]: UDPv4 link local (bound): [undef]
Jan 18 11:43:10 openvpn[24726]: UDPv4 link remote: [undef]
Jan 18 11:43:10 openvpn[24726]: MULTI: multi_init called, r=256 v=256
Jan 18 11:43:10 openvpn[24726]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Jan 18 11:43:10 openvpn[24726]: Initialization Sequence Completed

I then export a ovpn file from the router itself and I have tried various combination on my phone

I filled in the client cert and client key info in the OVPN file and imported to OpenVPN connect but everytime I attempt to connect I get this error
OpenVPN server certificate verification failed : PolarSSL:SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed.

I also tried OpenVPN for android and here I have attempted the OVPN file from above, and I have also tried to directly in the setup for my connection to point at the CRT/Key files on my phone. Here I get a slightly different error

2017-01-18 13:32:09 VERIFY OK: depth=1, CN=Easy-RSA CA
2017-01-18 13:32:09 VERIFY nsCertType ERROR: CN=server, require nsCertType=SERVER
2017-01-18 13:32:09 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Thanks,
Chris
Top
chris_vpn
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 18, 2017 6:39 pm

Re: Unable to connect to OpenVPN on Asus RT-AC68U

Post by chris_vpn » Wed Jan 18, 2017 7:08 pm

I answered my own question

the ovpn file had this line in it

ns-cert-type server

which needs to be replaced with this line.

remote-cert-tls server
Top
Post Reply

Return to “OpenVPN Connect (Android)”