I have one generated .ovpn file filled with ca cert, client certificate and key, i can easily connect using this ovpn file.
But i cannot connect with other .ovpn file with schema like working one.
I'm using Easy-Rsa before i create another client certificate and key i use commnad to generate key like this:
openssl dhparam -out /etc/openvpn/dh2048.pem 2048
next i use:
./clean-all
and
./build-key EXAMPLE NAME
Filled .ovpn file with ca,cert and key don't work.
I have one working excellent .ovpn file but i another created file can't connect i need it to connect from other device.
Please help, any soultion would be great.
Bellow i post logs:
Here is working file .ovpn:
Code: Select all
client
dev tun
proto udp
remote MYSERVERIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
<ca>
CA CERTIFICATE
</ca>
<cert>
CERTIFICATE
</cert>
<key>
KEY
</key>
Code: Select all
client
dev tun
proto udp
remote MYSERVERIP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
<ca>
THIS SAME CA CERTIFICATE LIKE IN WORKING FILE
</ca>
<cert>
DIFFRENT CERT
</cert>
<key>
DIFFRENT KEY
</key>
Code: Select all
MANAGEMENT: >STATE:1460996757,WAIT,,,
MANAGEMENT: >STATE:1460996757,AUTH,,,
TLS: Initial packet from [AF_INET] ...
VERIFY OK: depth=1, ...
VERIFY OK: nsCertType=SERVER
VERIFY OK: depth=0, ...
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Code: Select all
SIGUSR1[soft,tls-error] received, client-instance restarting
TLS: Initial packet from [AF_INET]..., sid=...
VERIFY ERROR: depth=0, error=unable to get local issuer certificate: ...
TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, client-instance restarting
Code: Select all
port 1194
proto udp
dev tun
ca ca.crt
cert name.crt
key name.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS ADDRESS"
push "dhcp-option DNS ADDRESS"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3