Can't connect VPN from Windows

Post Reply
edeno
OpenVpn Newbie
Posts: 1
Joined: Mon Sep 30, 2019 12:33 am

Can't connect VPN from Windows

Post by edeno » Mon Sep 30, 2019 12:42 am

Hallo,

When I try to connect with the "OpenVPN Connect"-Software from a Windows 10 computer to my VPN I get following error:

Code: Select all

30.9.2019, 00:09:19 OpenVPN core 3.git::1ab9727b win x86_64 64-bit PT_PROXY built on May 31 2019 13:25:03
⏎30.9.2019, 00:09:19 Frame=512/2048/512 mssfix-ctrl=1250
⏎30.9.2019, 00:09:19 UNUSED OPTIONS
4 [resolv-retry] [infinite] 
5 [nobind] 
6 [persist-key] 
7 [persist-tun] 
10 [verify-x509-name] [raspberrypi_817329414....] [name] 
13 [auth-nocache] 
14 [verb] [3] 
⏎30.9.2019, 00:09:19 EVENT: RESOLVE ⏎30.9.2019, 00:09:19 EVENT: WAIT ⏎30.9.2019, 00:09:19 Contacting MY.IP.ADRESS:1194 via UDP
⏎30.9.2019, 00:09:19 Connecting to [mydyndns.hopto.org]:1194 (MY.IP.ADRESS) via UDPv4
⏎30.9.2019, 00:09:19 EVENT: CONNECTING ⏎30.9.2019, 00:09:19 Tunnel Options:V4,dev-type tun,link-mtu 1569,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client
⏎30.9.2019, 00:09:19 Creds: UsernameEmpty/PasswordEmpty
⏎30.9.2019, 00:09:19 Peer Info:
IV_VER=3.git::1ab9727b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1

⏎30.9.2019, 00:09:19 VERIFY FAIL -- The certificate validity starts in the future : depth=1
cert. version     : 3
serial number     : 38:38:BD:14:7B:5E:6F:BA:B3:1F:F4:71:14:3D:5A:D6:77:A8:32:5B
issuer name       : CN=ChangeMe
subject name      : CN=ChangeMe
issued  on        : 2019-09-29 22:25:41
expires on        : 2029-09-26 22:25:41
signed using      : ECDSA with SHA256
EC key size       : 256 bits
basic constraints : CA=true
key usage         : Key Cert Sign, CRL Sign

⏎30.9.2019, 00:09:19 VERIFY FAIL -- The certificate validity starts in the future : depth=0
cert. version     : 3
serial number     : 29:03:BB:68:B7:35:7A:CA:9A:74:12:71:12:31:0D:B4
issuer name       : CN=ChangeMe
subject name      : CN=raspberrypi_302f377f-1041-4745-8828-60da28343333
issued  on        : 2019-09-29 22:25:42
expires on        : 2029-09-26 22:25:42
signed using      : ECDSA with SHA256
EC key size       : 256 bits
basic constraints : CA=false
subject alt name  : raspberrypi_302f377f-1041-4745-8828-60da28343333
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication

⏎30.9.2019, 00:09:19 Transport Error: mbed TLS: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
⏎30.9.2019, 00:09:19 EVENT: CERT_VERIFY_FAIL mbed TLS: SSL read error : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed⏎30.9.2019, 00:09:19 EVENT: DISCONNECTED ⏎
The date under "issued on" is in the past, so I don't know why it says that the validity starts in the future. The date and clock on my Server and Client are the same. I Imported the *.ovpn file to the software.

This is the .ovpn file:

Code: Select all

client
dev tun
proto udp
remote mydyndns.hopto.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
verify-x509-name raspberrypi_302fawda wd-awda8343333 name
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
<ca>
-----BEGIN CERTIFICATE-----
MIIBtTCCAVygAwIBAgIUODi9FHteb7qzH/RxFD1a1neoMlswCgYIKoZIzj0EAwIw
EzERAWDIJ"§EJ§IQ"J"IRJ"RJ"IFJfjaidfjaidj-Changed - CA b6V3ZmGuRofxsOp
oq6eVd4Fv6OK
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIBwDCCAWagAwIBAgIQXfC19zsPRFHE9BxB/77tITAKBggqhkjOPQQDAjATMREw
DwYDVQQDDAhDaGFuZ2VNZTAeFw0xOTA5MjkyMzU5MDRaFw0yMjA5MTMyMzU5MDRa
MA8xDTALBgNVBA Changed - CERT SM49BAMCA0gAMEUC
IQDGWDrDwzEse3OHs/aCsCXhJxXc1bfIHOwt5jAqxSQZ5AIga+wRGXvrazNmriZr
CioSzVHZ6zdMyUUii8yCvwGaOfE=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAjlC+632XhZUQICCAAw
DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIOiUZ9+2GnwcEgZAzmr1eFP0jSdY6
PnPd6dOEQapTa3Nb Changed - Key p2+ay8wn7T5iEipEBh2pZGIAiM+V
tfrmA4JtMOhrDRNaFM3+TI/Dhq2ERUtOUH4hNn1jwJwucXZK/wo=
-----END ENCRYPTED PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
09929c2e86afd0ea68f25acb06ae893a
02a8716e6b363d06f35a1b6ce46030f5
af308885083dd915379abad8c1d64146
Changed Static Key
1befabeca2055765127d7a58a596dde3
22e0b970fb85723c79f5efa4e46ac1d9
-----END OpenVPN Static key V1-----
</tls-crypt>



Cheers,
Edino

novaflash
I should be on the dev team.
Posts: 1017
Joined: Fri Apr 13, 2012 8:43 pm

Re: Can't connect VPN from Windows

Post by novaflash » Mon Sep 30, 2019 6:55 am

I think you had better check the date and time again real carefully.

And I think it will probably work by now.

Post Reply