I am doing some tests to doing work the OpenVPN 2.5.1 comunity edition, with some old routers on which OpenVPN 2.1_rc22 is installed.
I generated the keys and certificates with Easyrsa3, installed on Windows 10 together with openvpn 2.5.1, as a test server.
The generated certificates work perfectly if the openVPN version is at least 2.3, but on version 2.1, I get the following errors from openvpn log:
After looking on internet I changed the key from sha256 to sha1, I also activated the "netscape" extensions.
Code: Select all
TLS: Initial packet from [source_IP]:1194, sid=216712af 3baea1bb VERIFY OK: depth=1, /CN=Easy-RSA_CA VERIFY ERROR: could not extract Common Name from X509 subject string ('/CN=vpn-server') -- note that the Common Name length is limited to 64 characters TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134) TLS Error: TLS object -> incoming plaintext read error TLS Error: TLS handshake failed TCP/UDP: Closing socket
But I can't get the router to "digest" the new keys with the old version of OpenVPN (obviously I can't update).
Anyone had a similar problem and can give me some hints?
Code: Select all
set_var EASYRSA "$ PWD" set_var EASYRSA_PKI "$ EASYRSA / pki" set_var EASYRSA_DN "org" set_var EASYRSA_REQ_COUNTRY "XX" set_var EASYRSA_REQ_PROVINCE "Rome" set_var EASYRSA_REQ_CITY "Rome" set_var EASYRSA_REQ_ORG "Company CA Self" set_var EASYRSA_REQ_EMAIL "firstname.lastname@example.org" set_var EASYRSA_REQ_OU "Test_1" set_var EASYRSA_KEY_SIZE 2048 set_var EASYRSA_ALGO rsa set_var EASYRSA_CA_EXPIRE 4000 set_var EASYRSA_CERT_EXPIRE 3650 set_var EASYRSA_NS_SUPPORT "yes" set_var EASYRSA_NS_COMMENT "Comment" set_var EASYRSA_EXT_DIR "$ EASYRSA / x509-types" set_var EASYRSA_SSL_CONF "$ EASYRSA / openssl-easyrsa.cnf" set_var EASYRSA_DIGEST "sha1" set_var EASYRSA_OPENSSL "c: / Program Files / OpenVPN / bin / openssl.exe" set_var EASYRSA_TEMP_DIR "c: / temp_key"