OVPN Inline vs External

Post Reply
pvcflyer
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 25, 2019 3:52 pm

OVPN Inline vs External

Post by pvcflyer » Wed Dec 25, 2019 3:57 pm

Not sure if this is the correct place to post this, however here is my situation. I have a server setup on windows and a client that is an iPhone. When I use an OVPN file with externally referenced cert/key files the tunnel connects correctly. When I use an OVPN file with inline cert/key files the tunnel won't connect. Everything else about two OVPN files is identical.

I think this has something to do with the tls-crypt cert not working when it is included in the OVPN file, but does when it is referenced. Has anyone else had a similar experience?

PC

pvcflyer
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 25, 2019 3:52 pm

Re: OVPN Inline vs External

Post by pvcflyer » Wed Dec 25, 2019 4:13 pm

Follow up with some details from the server log (didn't think to check with my first post).

Code: Select all

Wed Dec 25 11:09:02 2019 100.38.138.95:57753 TLS: Initial packet from [AF_INET6]
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 VERIFY OK: depth=1, 
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 VERIFY OK: depth=0, 
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 OpenSSL: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 OpenSSL: error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 OpenSSL: error:1417B07B:SSL routines:tls_process_cert_verify:bad signature
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 TLS_ERROR: BIO read tls_read_plaintext error
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 TLS Error: TLS object -> incoming plaintext read error
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 TLS Error: TLS handshake failed
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 SIGUSR1[soft,tls-error] received, client-instance restarting
The above entries show up when trying to connect with the OVPN with inline cert/key files.

PC

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6511
Joined: Fri Jun 03, 2016 1:17 pm

Re: OVPN Inline vs External

Post by TinCanTech » Thu Dec 26, 2019 3:48 pm

pvcflyer wrote:
Wed Dec 25, 2019 4:13 pm
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 OpenSSL: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 OpenSSL: error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
Wed Dec 25 11:09:03 2019 100.38.138.95:57753 OpenSSL: error:1417B07B:SSL routines:tls_process_cert_verify:bad signature
Looks like something is wrong with your client certificate.

Please see:
viewtopic.php?f=30&t=22603#p68963

pvcflyer
OpenVpn Newbie
Posts: 3
Joined: Wed Dec 25, 2019 3:52 pm

Re: OVPN Inline vs External

Post by pvcflyer » Thu Dec 26, 2019 5:18 pm

If there was something wrong with any of the certificates why would they work when separated out of the OVPN file?

I made a new connection on my iPhone with all the files separately dumped in via iTunes and it works correctly. This is not ideal however because it makes setting up other iPhones (read not mine) impossible as there isn't a way to get the files to them individually.

I hope I am not over looking something simple.

PC

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 6511
Joined: Fri Jun 03, 2016 1:17 pm

Re: OVPN Inline vs External

Post by TinCanTech » Thu Dec 26, 2019 5:39 pm

pvcflyer wrote:
Thu Dec 26, 2019 5:18 pm
there was something wrong with any of the certificates why would they work when separated out of the OVPN file?
Maybe line endings .. ? How did you create the Inline config ?

We really need configs and logs at --verb 4

Post Reply