I setup openVPN on a raspberry pi using PIVPN: https://github.com/pivpn/pivpn and I can connect from my android phone using the open vpn app. It works really well every time.
However when I try and connect from my computer (win 10 and win 7 tried) using the open vpn client software and the same .opvn file, I cannot connect. Logs to follow but here is a list of things that I have tried from other suggestions:
- Running as admin
- A different machine
- Trying a machine inside the local network going out and back in, and staying internal (changing the IP to a local one in the opvn)
- Commenting out TLS version
- Changing UDP to TCP
All of these give the same error.
CLIENT LOG: (Addresses removed but correct)
Code: Select all
Thu Mar 16 11:35:03 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Thu Mar 16 11:35:03 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Mar 16 11:35:03 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Thu Mar 16 11:35:10 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Mar 16 11:35:10 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]
Thu Mar 16 11:35:10 2017 UDP link local: (not bound)
Thu Mar 16 11:35:10 2017 UDP link remote: [AF_INET]
Thu Mar 16 11:35:15 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Thu Mar 16 11:35:15 2017 TLS_ERROR: BIO read tls_read_plaintext error
Thu Mar 16 11:35:15 2017 TLS Error: TLS object -> incoming plaintext read error
Thu Mar 16 11:35:15 2017 TLS Error: TLS handshake failed
Thu Mar 16 11:35:15 2017 SIGUSR1[soft,tls-error] received, process restarting
Server Log:
Code: Select all
Thu Mar 16 11:35:10 2017 UTCP connection established with [AF_INET] {MY IP and PORT}
Thu Mar 16 11:35:15 2017 L{MYIPand PORT} Connection reset, restarting [0]
Code: Select all
client
dev tun
proto udp
remote (removed but correct)
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-version-min 1.2
verify-x509-name SRVRNAME name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 1
Server Config:
Code: Select all
dev tun
proto udp
port 1194
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OPenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route LOCALNET LOCALMASK"
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
#crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
log /var/log/openvpn.log
verb 1
# Generated for use by PiVPN.io
Thanks