Certificates 2.4.6 don't work with Azure routing

Scripts to manage certificates or generate config files
Post Reply
flint2003
OpenVpn Newbie
Posts: 9
Joined: Mon Sep 24, 2018 11:48 am

Certificates 2.4.6 don't work with Azure routing

Post by flint2003 » Mon Sep 24, 2018 12:40 pm

Hi all.
I faced with such interesting trouble with Azure Cloud (OpenVPN Server installed) and Win10pro (OpenVPN client):
I have got two sets of OpenVPN certificates: an old set and a new one. The old one was made two years ago (2.3.10 OpenVPN installation bundle) with Signature Algorithm: md5WithRSAEncryption. The new one was made on last Friday (2.4.6 OpenVPN installation bundle) with Signature Algorithm: sha256WithRSAEncryption
The trouble is: I cannot ping the OVPN client from OVPN server (local IP address) with the new set of certificates. Just having replaced the new set with the old one I can ping OVPN client. Configuration files bot for server and client are not changed. That's all.
Below you can find settings, log-files etc:
1) Server Config:
dev tun
proto udp4
port 5676
ca ca.crt
cert server.crt
key server.key
# dh1024.pem
dh dh1024.pem
topology subnet
tls-server
client-config-dir ccd
setenv PATH "C:\\Windows\\System32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem"
route-method exe
route-delay 10
server 10.8.0.0 255.255.255.0
route-gateway 10.8.0.1
route 10.8.0.0 255.255.255.0
route 192.169.0.0 255.255.255.0 10.8.0.2
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 4
tls-cipher "DEFAULT:@SECLEVEL=0"[/size]



Client Config:
client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 5676
tls-client
ca ca.crt
cert client9.crt
key client9.key
cipher AES-128-CBC
setenv PATH "C:\\Windows\\System32;C:\\Windows;C:\\Windows\\System32\\Wbem"
route-method exe
route-delay 10
route 10.0.0.0 255.255.255.0
pull
comp-lzo
persist-key
persist-tun
verb 4
tls-cipher "DEFAULT:@SECLEVEL=0"


2) Windows 10 ver 10.0.17134.285 in Azure Cloud (OVPN Server)
Windows 10 ver 10.0.15063 (OVPN Client)

flint2003
OpenVpn Newbie
Posts: 9
Joined: Mon Sep 24, 2018 11:48 am

Re: Certificates 2.4.6 don't work with Azure routing

Post by flint2003 » Thu Sep 27, 2018 5:57 am

Dear all.
I consider that this topic can be closed. The reason of nonworking was the wrong-generated certificates. Namely, I did not abide by the following from the OpenVPN HOWTO during a client certificates' creation: "The only parameter which must be explicitly entered is the Common Name". I put the client's name in the row "Name" and press the enter button when I was prompted with "Common Name". And, for sure, the server's name was input there......
It's only amazing that the easy-rsa utulities do not warn about any mistakes and the VPN tunnel is built successfully.

Post Reply