The CA expires in 2027
Server cert expires in 2027
Client cert expires in 2027
I installed OpenVPN on my main notebook to test and it connects fine.
I installed OpenVPN on my 2nd notebook and it says that the certificate has expired!
No matter what I do, I don't come any further. I have de-installed and re-installed the client on both PCs, I have deleted the certificates out of the Windows Cert Store and I deleted the config files. Re-installed, same results. I then deleted the OpenVPN server and re-created it, then the users, then exported the set-up file and re-installed on the clients. Same results.
I also created a second user, it installed and worked on the users main PC, their 2nd PC complained that the certificate had expired!
Interestingly, I exported the Android confiugration and it works fine there.
Here is the connection log from my 2nd PC:
Code: Select all
Sun Apr 09 11:43:54 2017 Warning: cryptapicert used, setting maximum TLS version to 1.1.
Sun Apr 09 11:43:54 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Sun Apr 09 11:43:54 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Apr 09 11:43:54 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Sun Apr 09 11:44:02 2017 [b]WARNING: Your certificate has expired![/b]
Sun Apr 09 11:44:02 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1194
Sun Apr 09 11:44:02 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Apr 09 11:44:02 2017 UDP link remote: [AF_INET]1.1.1.1:1194
Sun Apr 09 11:44:02 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Code: Select all
Sun Apr 09 11:51:23 2017 Warning: cryptapicert used, setting maximum TLS version to 1.1.
Sun Apr 09 11:51:23 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Sun Apr 09 11:51:23 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Apr 09 11:51:23 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Sun Apr 09 11:51:28 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]1.1.1.1:1194
Sun Apr 09 11:51:28 2017 UDP link local (bound): [AF_INET][undef]:1194
Sun Apr 09 11:51:28 2017 UDP link remote: [AF_INET]1.1.1.1:1194
Sun Apr 09 11:51:28 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr 09 11:51:28 2017 [185.74.183.149] Peer Connection Initiated with [AF_INET]1.1.1.1:1194
Sun Apr 09 11:51:29 2017 open_tun
Sun Apr 09 11:51:29 2017 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{E92DAAAC-573A-4856-B177-DFDD460C6471}.tap
Sun Apr 09 11:51:29 2017 Set TAP-Windows TUN subnet mode network/local/netmask = 192.168.57.0/192.168.57.2/255.255.255.0 [SUCCEEDED]
Sun Apr 09 11:51:29 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.57.2/255.255.255.0 on interface {E92DAAAC-573A-4856-B177-DFDD460C6471} [DHCP-serv: 192.168.57.254, lease-time: 31536000]
Sun Apr 09 11:51:29 2017 Successful ARP Flush on interface [9] {E92DAAAC-573A-4856-B177-DFDD460C6471}
Sun Apr 09 11:51:29 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
I tried updating to the latest Windows client and I then got the following erro on the 2nd PCr:
Code: Select all
error -ns-cert is depricated use -remote-cert-tls instead
I have checked the time and location settings, all PCs and server are in the same time zone and show the same time.
The PCs are connecting 1 at a time, so it isn't a spurious error message, that 2 PCs are signing on with the same certificate and user at the same time - in fact, the server is configured to allow multiple simultaneous connection from the same user.
PCs are as follows:
PC 1 - Fujitsu Lifebook A556, Windows 7 SP1 / Windows 10 Pro 1703
PC 2 - HP Spectre x360, Windows 10 1703
And for the second user:
PC 1 - Lenovo IdeaPad Y70 - Windows 10 Pro 1607
PC 2 - MS Surface Pro 3 - Windows 10 Pro 1607