Connecting error: OpenVPN (Sophos UTM) with Linux and Android OpenVPN Clients

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Connecting error: OpenVPN (Sophos UTM) with Linux and Android OpenVPN Clients

Post by TinCanTech » Sun Oct 27, 2019 11:05 pm

Ask your service provider why they cannot do their job.

KR
OpenVpn Newbie
Posts: 12
Joined: Sat Oct 19, 2019 5:50 pm

Re: Connecting error: OpenVPN (Sophos UTM) with Linux and Android OpenVPN Clients

Post by KR » Mon Oct 28, 2019 8:14 pm

Hi TinCanTech,

"I can help but, because this has nothing to do with openvpn, for a fee: tincanteksup <at> gmail"

That was your statement on the OpenVPN forum (by TinCanTech » Sun Oct 27, 2019 7:59 pm)

Okay, I'm interested. Even if I have to pay the money privately. If you write that you can help me, then I will gladly accept that. I don't think it's that easy. But I rely completely on you.

I have just sent you an email to the email address you provided, asking you to send me your bank details and the price.

You show me how I can manage to successfully establish a VPN tunnel with the OpenVPN client in version 2.4.7 with the given config. Under Windows or Linux I don't care. That's the deal.

I ask for an appropriate answer and to keep your promise.

Thanks.

vtwin@cox.net
OpenVpn Newbie
Posts: 1
Joined: Sun Oct 10, 2021 1:20 pm

Re: Connecting error: OpenVPN (Sophos UTM) with Linux and Android OpenVPN Clients

Post by vtwin@cox.net » Sun Oct 10, 2021 2:06 pm

@KR -- wondering if you ever solved your problem, and if so, could you share the solution.

Client has asked me to connect to their vpn (a sophos firewall) which uses openvpn. They provided a .ovpn file which, when I attempt to connect from my linux system (openvpn 2.4.11) yields the same error. The certificate they provided has a Not After Apr 12 18:28:08 2036 GMT timestamp. Client indicates they're on the latest version of their software and have no idea why I have the problem.

After many hours of research, the problem seems to be related to a change implemented in openssl back in 2017 related to strictly enforcing RFC5280, consequently any linux distributions using openssl > 1.0.2l and 1.1.0f will now encounter this issue, even though the certificate otherwise appears valid.

I was able to temporarily work-around the problem on my desktop linux system by downloading openssl 0.9.8 and openvpn 2.3.14, extracting the rpm contents, install the contents into my own set of directories as to not otherwise interact with the default openssl and openvpn installed as part of the distro, and then launch the 2.3.14 version of the openvpn executable against my client's provided ovpn file.

I'm not really thrilled with this hack but it works for the moment.

Wondering if there is a configuration parameter I can put in the .ovpn file which will bypass this 'error' condition.

Post Reply