Easyrsa3 openvpn 2.5.1 and Openvpn 2.1 rc22

Support forum for Easy-RSA certificate management suite.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
pirox70
OpenVpn Newbie
Posts: 1
Joined: Tue Mar 16, 2021 1:47 pm

Easyrsa3 openvpn 2.5.1 and Openvpn 2.1 rc22

Post by pirox70 » Tue Mar 16, 2021 2:45 pm

Hello everyone!

I am doing some tests to doing work the OpenVPN 2.5.1 comunity edition, with some old routers on which OpenVPN 2.1_rc22 is installed.
I generated the keys and certificates with Easyrsa3, installed on Windows 10 together with openvpn 2.5.1, as a test server.

The generated certificates work perfectly if the openVPN version is at least 2.3, but on version 2.1, I get the following errors from openvpn log:

Code: Select all

TLS: Initial packet from [source_IP]:1194, sid=216712af 3baea1bb
VERIFY OK: depth=1, /CN=Easy-RSA_CA
VERIFY ERROR: could not extract Common Name from X509 subject string ('/CN=vpn-server') -- note that the Common Name length is limited to 64 characters
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
After looking on internet I changed the key from sha256 to sha1, I also activated the "netscape" extensions.
But I can't get the router to "digest" the new keys with the old version of OpenVPN (obviously I can't update).

vars file:

Code: Select all


set_var EASYRSA "$ PWD"
set_var EASYRSA_PKI "$ EASYRSA / pki"
set_var EASYRSA_DN "org"
set_var EASYRSA_REQ_COUNTRY "XX"
set_var EASYRSA_REQ_PROVINCE "Rome"
set_var EASYRSA_REQ_CITY "Rome"
set_var EASYRSA_REQ_ORG "Company CA Self"
set_var EASYRSA_REQ_EMAIL "info@info.com"
set_var EASYRSA_REQ_OU "Test_1"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE 4000
set_var EASYRSA_CERT_EXPIRE 3650
set_var EASYRSA_NS_SUPPORT "yes"
set_var EASYRSA_NS_COMMENT "Comment"
set_var EASYRSA_EXT_DIR "$ EASYRSA / x509-types"
set_var EASYRSA_SSL_CONF "$ EASYRSA / openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha1"
set_var EASYRSA_OPENSSL "c: / Program Files / OpenVPN / bin / openssl.exe"
set_var EASYRSA_TEMP_DIR "c: / temp_key"
Anyone had a similar problem and can give me some hints?

Thank you!

Post Reply