Official client software for OpenVPN Access Server and OpenVPN Cloud.
-
anadolu
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Aug 04, 2017 3:32 pm
Post
by anadolu » Fri Aug 04, 2017 3:59 pm
Hello
I have an Asus AC3200 router running tomato. I set up OpenVPN from a PC successfully using the certificates and the key files created by Easy RSA 3.0.1. But all the efforts to use OpenVPN from my iPhone are failing with the following error:
OpenVPN Error: Polar SSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
My .ovpn file is below:
Code: Select all
client
dev tun
proto tcp
remote mydomain.com 1195
auth-user-pass
resolv-retry infinite
nobind
persist-tun
persist-key
persist-remote-ip
tls-client
cipher AES-256-CBC
auth SHA256
ns-cert-type server
key-direction 1
comp-lzo
verb 3
<ca>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI6XljydtiZCoCAggA
ooM=
-----END ENCRYPTED PRIVATE KEY-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIGmDCCBICgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADCBiDELMAkGA1UEBhMCVVMx
X6UMwQyYeD098rsa
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9
Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
933b4e0a363e352e9071a4f37cde671f
2f8ccd174e4caa2da66cc5608350d6d5
-----END OpenVPN Static key V1-----
</tls-auth>
I emailed this file to the iPhone, then opened it by OpenVPN. As soon as i run it I get this error. Why? both ca.key and ta.keys work with my PC.
I appreciate your help. I will then set up my iPad accordingly. Thank you.
-
anadolu
- OpenVpn Newbie
- Posts: 4
- Joined: Fri Aug 04, 2017 3:32 pm
Post
by anadolu » Fri Aug 04, 2017 8:27 pm
Hello,
Solved. The problem was
Code: Select all
-----BEGIN PRIVATE KEY-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9
Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END PRIVATE KEY-----
it should have been
Code: Select all
-----BEGIN CERTIFICATE-----
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC5ZC4bVjlhjst9
Eq4CWIZVNW/ivF76v19W0aDIF01nMM0=
-----END CERTIFICATE-----
-
glr1926
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jul 23, 2019 9:48 am
Post
by glr1926 » Tue Jul 23, 2019 9:50 am
Pouvez-vous m'aider , j'ai le même message d'erreur .Merci
Code: Select all
dev tun
tls-client
remote x.x.x.x 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option 8.8.8.8
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN PRIVATE KEY-----
[redacted]
-----END PRIVATE KEY-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[redacted]
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
</ca>
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Jul 23, 2019 12:24 pm
glr1926 wrote: ↑Tue Jul 23, 2019 9:50 am
Pouvez-vous m'aider , j'ai le même message d'erreur .Merci
Translation by google:
Can you help me, I have the same error message.
glr1926 wrote: ↑Tue Jul 23, 2019 9:50 am
<cert>
-----BEGIN PRIVATE KEY-----
[redacted]
-----END PRIVATE KEY-----
</cert>
A certificate is not a key.