self signed certificate error

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Mahmood.Vafi
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 14, 2022 8:21 pm

self signed certificate error

Post by Mahmood.Vafi » Fri Oct 14, 2022 11:05 pm

I am using OpenVPN over ssh and I have set all the port forwarding and tunneling as follows. The ssh connection is established over tcp port 9929 and I am using the tunneling on port 9535 of the client to port 443 of the server. Below is the command I use in cmd to establish ssh connection:

ssh myusr@xx.xxx.xx.xx -p 9929 -L 9535:localhost:443

To setup OpenVPN Server and Client, I have followed "https://supporthost.in/how-to-install-a ... indows-11/". Below is the configuration of my server and client and the log files. I am using the same certificate generated on the server for the client. However, as shown in the log, I get the error message
"VERIFY ERROR: depth=0, error=self signed certificate: CN=VPN Server, serial=0"
which is related to self signed certificate. I was wondering if OpenVPN allows self signed certificate. If yes, how do I accomplish that, and if not, how can I solve this problem?

Thank you

Server Configuration
############################################################################################
port 443
proto tcp6-server
dev tun1
dev-node "OpenVPN TAP-Windows6"
ca "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\issued\\SERVER.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\private\\SERVER.key" # This file should be kept secret
dh "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\dh.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.10.0 255.255.255.0"
push "route 192.168.20.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-crypt "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\easytls\\tls-crypt.key" 0 # This file is secret
auth SHA256
cipher AES-256-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
persist-key
persist-tun
status openvpn-status.log
verb 3
############################################################################################
Client Configuration
############################################################################################
client
dev tun1
proto tcp4-client
remote 127.0.0.1 9535
resolv-retry infinite
nobind
persist-key
persist-tun
resolv-retry infinite
ca "C:\\Program Files\\OpenVPN\\config\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\config\\CLIENT.crt"
key "C:\\Program Files\\OpenVPN\\config\\CLIENT.key"
remote-cert-tls server
tls-crypt "C:\\Program Files\\OpenVPN\\easy-rsa\\pki\\easytls\\tls-crypt.key" 1
auth SHA256
cipher AES-256-GCM
tls-client
tls-version-min 1.3
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
verb 4
# socks-proxy-retry
# socks-proxy 127.0.0.1 9535
############################################################################################
Logs
############################################################################################
2022-10-15 00:13:32 us=718000 Current Parameter Settings:
2022-10-15 00:13:32 us=718000 config = 'client.ovpn'
2022-10-15 00:13:32 us=718000 mode = 0
2022-10-15 00:13:32 us=718000 show_ciphers = DISABLED
2022-10-15 00:13:32 us=718000 show_digests = DISABLED
2022-10-15 00:13:32 us=718000 show_engines = DISABLED
2022-10-15 00:13:32 us=718000 genkey = DISABLED
2022-10-15 00:13:32 us=718000 genkey_filename = '[UNDEF]'
2022-10-15 00:13:32 us=718000 key_pass_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 show_tls_ciphers = DISABLED
2022-10-15 00:13:32 us=718000 connect_retry_max = 0
2022-10-15 00:13:32 us=718000 Connection profiles [0]:
2022-10-15 00:13:32 us=718000 proto = tcp4-client
2022-10-15 00:13:32 us=718000 local = '[UNDEF]'
2022-10-15 00:13:32 us=718000 local_port = '[UNDEF]'
2022-10-15 00:13:32 us=718000 remote = '127.0.0.1'
2022-10-15 00:13:32 us=718000 remote_port = '9535'
2022-10-15 00:13:32 us=718000 remote_float = DISABLED
2022-10-15 00:13:32 us=718000 bind_defined = DISABLED
2022-10-15 00:13:32 us=718000 bind_local = DISABLED
2022-10-15 00:13:32 us=718000 bind_ipv6_only = DISABLED
2022-10-15 00:13:32 us=718000 connect_retry_seconds = 5
2022-10-15 00:13:32 us=718000 connect_timeout = 120
2022-10-15 00:13:32 us=718000 socks_proxy_server = '[UNDEF]'
2022-10-15 00:13:32 us=718000 socks_proxy_port = '[UNDEF]'
2022-10-15 00:13:32 us=718000 tun_mtu = 1500
2022-10-15 00:13:32 us=718000 tun_mtu_defined = ENABLED
2022-10-15 00:13:32 us=718000 link_mtu = 1500
2022-10-15 00:13:32 us=718000 link_mtu_defined = DISABLED
2022-10-15 00:13:32 us=718000 tun_mtu_extra = 0
2022-10-15 00:13:32 us=718000 tun_mtu_extra_defined = DISABLED
2022-10-15 00:13:32 us=718000 mtu_discover_type = -1
2022-10-15 00:13:32 us=718000 fragment = 0
2022-10-15 00:13:32 us=718000 mssfix = 1450
2022-10-15 00:13:32 us=718000 explicit_exit_notification = 0
2022-10-15 00:13:32 us=718000 tls_auth_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 key_direction = not set
2022-10-15 00:13:32 us=718000 tls_crypt_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 tls_crypt_v2_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 Connection profiles END
2022-10-15 00:13:32 us=718000 remote_random = DISABLED
2022-10-15 00:13:32 us=718000 ipchange = '[UNDEF]'
2022-10-15 00:13:32 us=718000 dev = 'tun1'
2022-10-15 00:13:32 us=718000 dev_type = '[UNDEF]'
2022-10-15 00:13:32 us=718000 dev_node = '[UNDEF]'
2022-10-15 00:13:32 us=718000 lladdr = '[UNDEF]'
2022-10-15 00:13:32 us=718000 topology = 1
2022-10-15 00:13:32 us=718000 ifconfig_local = '[UNDEF]'
2022-10-15 00:13:32 us=718000 ifconfig_remote_netmask = '[UNDEF]'
2022-10-15 00:13:32 us=718000 ifconfig_noexec = DISABLED
2022-10-15 00:13:32 us=718000 ifconfig_nowarn = DISABLED
2022-10-15 00:13:32 us=718000 ifconfig_ipv6_local = '[UNDEF]'
2022-10-15 00:13:32 us=718000 ifconfig_ipv6_netbits = 0
2022-10-15 00:13:32 us=718000 ifconfig_ipv6_remote = '[UNDEF]'
2022-10-15 00:13:32 us=718000 shaper = 0
2022-10-15 00:13:32 us=718000 mtu_test = 0
2022-10-15 00:13:32 us=718000 mlock = DISABLED
2022-10-15 00:13:32 us=718000 keepalive_ping = 0
2022-10-15 00:13:32 us=718000 keepalive_timeout = 0
2022-10-15 00:13:32 us=718000 inactivity_timeout = 0
2022-10-15 00:13:32 us=718000 inactivity_minimum_bytes = 0
2022-10-15 00:13:32 us=718000 ping_send_timeout = 0
2022-10-15 00:13:32 us=718000 ping_rec_timeout = 0
2022-10-15 00:13:32 us=718000 ping_rec_timeout_action = 0
2022-10-15 00:13:32 us=718000 ping_timer_remote = DISABLED
2022-10-15 00:13:32 us=718000 remap_sigusr1 = 0
2022-10-15 00:13:32 us=718000 persist_tun = ENABLED
2022-10-15 00:13:32 us=718000 persist_local_ip = DISABLED
2022-10-15 00:13:32 us=718000 persist_remote_ip = DISABLED
2022-10-15 00:13:32 us=718000 persist_key = ENABLED
2022-10-15 00:13:32 us=718000 passtos = DISABLED
2022-10-15 00:13:32 us=718000 resolve_retry_seconds = 1000000000
2022-10-15 00:13:32 us=718000 resolve_in_advance = DISABLED
2022-10-15 00:13:32 us=718000 username = '[UNDEF]'
2022-10-15 00:13:32 us=718000 groupname = '[UNDEF]'
2022-10-15 00:13:32 us=718000 chroot_dir = '[UNDEF]'
2022-10-15 00:13:32 us=718000 cd_dir = '[UNDEF]'
2022-10-15 00:13:32 us=718000 writepid = '[UNDEF]'
2022-10-15 00:13:32 us=718000 up_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 down_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 down_pre = DISABLED
2022-10-15 00:13:32 us=718000 up_restart = DISABLED
2022-10-15 00:13:32 us=718000 up_delay = DISABLED
2022-10-15 00:13:32 us=718000 daemon = DISABLED
2022-10-15 00:13:32 us=718000 inetd = 0
2022-10-15 00:13:32 us=718000 log = ENABLED
2022-10-15 00:13:32 us=718000 suppress_timestamps = DISABLED
2022-10-15 00:13:32 us=718000 machine_readable_output = DISABLED
2022-10-15 00:13:32 us=718000 nice = 0
2022-10-15 00:13:32 us=718000 verbosity = 4
2022-10-15 00:13:32 us=718000 mute = 0
2022-10-15 00:13:32 us=718000 status_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 status_file_version = 1
2022-10-15 00:13:32 us=718000 status_file_update_freq = 60
2022-10-15 00:13:32 us=718000 occ = ENABLED
2022-10-15 00:13:32 us=718000 rcvbuf = 0
2022-10-15 00:13:32 us=718000 sndbuf = 0
2022-10-15 00:13:32 us=718000 sockflags = 0
2022-10-15 00:13:32 us=718000 fast_io = DISABLED
2022-10-15 00:13:32 us=718000 comp.alg = 0
2022-10-15 00:13:32 us=718000 comp.flags = 0
2022-10-15 00:13:32 us=718000 route_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 route_default_gateway = '[UNDEF]'
2022-10-15 00:13:32 us=718000 route_default_metric = 0
2022-10-15 00:13:32 us=718000 route_noexec = DISABLED
2022-10-15 00:13:32 us=718000 route_delay = 5
2022-10-15 00:13:32 us=718000 route_delay_window = 30
2022-10-15 00:13:32 us=718000 route_delay_defined = ENABLED
2022-10-15 00:13:32 us=718000 route_nopull = DISABLED
2022-10-15 00:13:32 us=718000 route_gateway_via_dhcp = DISABLED
2022-10-15 00:13:32 us=718000 allow_pull_fqdn = DISABLED
2022-10-15 00:13:32 us=718000 Pull filters:
2022-10-15 00:13:32 us=718000 ignore "route-method"
2022-10-15 00:13:32 us=718000 management_addr = '127.0.0.1'
2022-10-15 00:13:32 us=718000 management_port = '25340'
2022-10-15 00:13:32 us=718000 management_user_pass = 'stdin'
2022-10-15 00:13:32 us=718000 management_log_history_cache = 250
2022-10-15 00:13:32 us=718000 management_echo_buffer_size = 100
2022-10-15 00:13:32 us=718000 management_write_peer_info_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 management_client_user = '[UNDEF]'
2022-10-15 00:13:32 us=718000 management_client_group = '[UNDEF]'
2022-10-15 00:13:32 us=718000 management_flags = 6
2022-10-15 00:13:32 us=718000 shared_secret_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 key_direction = not set
2022-10-15 00:13:32 us=718000 ciphername = 'AES-256-GCM'
2022-10-15 00:13:32 us=718000 ncp_enabled = ENABLED
2022-10-15 00:13:32 us=718000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2022-10-15 00:13:32 us=718000 authname = 'SHA256'
2022-10-15 00:13:32 us=718000 prng_hash = 'SHA1'
2022-10-15 00:13:32 us=718000 prng_nonce_secret_len = 16
2022-10-15 00:13:32 us=718000 keysize = 0
2022-10-15 00:13:32 us=718000 engine = DISABLED
2022-10-15 00:13:32 us=718000 replay = ENABLED
2022-10-15 00:13:32 us=718000 mute_replay_warnings = DISABLED
2022-10-15 00:13:32 us=718000 replay_window = 64
2022-10-15 00:13:32 us=718000 replay_time = 15
2022-10-15 00:13:32 us=718000 packet_id_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 test_crypto = DISABLED
2022-10-15 00:13:32 us=718000 tls_server = DISABLED
2022-10-15 00:13:32 us=718000 tls_client = ENABLED
2022-10-15 00:13:32 us=718000 ca_file = 'C:\Program Files\OpenVPN\config\ca.crt'
2022-10-15 00:13:32 us=718000 ca_path = '[UNDEF]'
2022-10-15 00:13:32 us=718000 dh_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 cert_file = 'C:\Program Files\OpenVPN\config\CLIENT.crt'
2022-10-15 00:13:32 us=718000 extra_certs_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 priv_key_file = 'C:\Program Files\OpenVPN\config\CLIENT.key'
2022-10-15 00:13:32 us=718000 pkcs12_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 cryptoapi_cert = '[UNDEF]'
2022-10-15 00:13:32 us=718000 cipher_list = '[UNDEF]'
2022-10-15 00:13:32 us=718000 cipher_list_tls13 = '[UNDEF]'
2022-10-15 00:13:32 us=718000 tls_cert_profile = '[UNDEF]'
2022-10-15 00:13:32 us=718000 tls_verify = '[UNDEF]'
2022-10-15 00:13:32 us=718000 tls_export_cert = '[UNDEF]'
2022-10-15 00:13:32 us=718000 verify_x509_type = 0
2022-10-15 00:13:32 us=718000 verify_x509_name = '[UNDEF]'
2022-10-15 00:13:32 us=718000 crl_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 ns_cert_type = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 65535
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku[i] = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku[i] = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku[i] = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku[i] = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku[i] = 0
2022-10-15 00:13:32 us=718000 remote_cert_ku[i] = 0
2022-10-15 00:13:32 us=718000 remote_cert_eku = 'TLS Web Server Authentication'
2022-10-15 00:13:32 us=718000 ssl_flags = 0
2022-10-15 00:13:32 us=718000 tls_timeout = 2
2022-10-15 00:13:32 us=718000 renegotiate_bytes = -1
2022-10-15 00:13:32 us=718000 renegotiate_packets = 0
2022-10-15 00:13:32 us=718000 renegotiate_seconds = 3600
2022-10-15 00:13:32 us=718000 handshake_window = 60
2022-10-15 00:13:32 us=718000 transition_window = 3600
2022-10-15 00:13:32 us=718000 single_session = DISABLED
2022-10-15 00:13:32 us=718000 push_peer_info = DISABLED
2022-10-15 00:13:32 us=718000 tls_exit = DISABLED
2022-10-15 00:13:32 us=718000 tls_crypt_v2_metadata = '[UNDEF]'
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_protected_authentication = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_private_mode = 00000000
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_cert_private = DISABLED
2022-10-15 00:13:32 us=718000 pkcs11_pin_cache_period = -1
2022-10-15 00:13:32 us=718000 pkcs11_id = '[UNDEF]'
2022-10-15 00:13:32 us=718000 pkcs11_id_management = DISABLED
2022-10-15 00:13:32 us=718000 server_network = 0.0.0.0
2022-10-15 00:13:32 us=718000 server_netmask = 0.0.0.0
2022-10-15 00:13:32 us=718000 server_network_ipv6 = ::
2022-10-15 00:13:32 us=718000 server_netbits_ipv6 = 0
2022-10-15 00:13:32 us=718000 server_bridge_ip = 0.0.0.0
2022-10-15 00:13:32 us=718000 server_bridge_netmask = 0.0.0.0
2022-10-15 00:13:32 us=718000 server_bridge_pool_start = 0.0.0.0
2022-10-15 00:13:32 us=718000 server_bridge_pool_end = 0.0.0.0
2022-10-15 00:13:32 us=718000 ifconfig_pool_defined = DISABLED
2022-10-15 00:13:32 us=718000 ifconfig_pool_start = 0.0.0.0
2022-10-15 00:13:32 us=718000 ifconfig_pool_end = 0.0.0.0
2022-10-15 00:13:32 us=718000 ifconfig_pool_netmask = 0.0.0.0
2022-10-15 00:13:32 us=718000 ifconfig_pool_persist_filename = '[UNDEF]'
2022-10-15 00:13:32 us=718000 ifconfig_pool_persist_refresh_freq = 600
2022-10-15 00:13:32 us=718000 ifconfig_ipv6_pool_defined = DISABLED
2022-10-15 00:13:32 us=718000 ifconfig_ipv6_pool_base = ::
2022-10-15 00:13:32 us=718000 ifconfig_ipv6_pool_netbits = 0
2022-10-15 00:13:32 us=718000 n_bcast_buf = 256
2022-10-15 00:13:32 us=718000 tcp_queue_limit = 64
2022-10-15 00:13:32 us=718000 real_hash_size = 256
2022-10-15 00:13:32 us=718000 virtual_hash_size = 256
2022-10-15 00:13:32 us=718000 client_connect_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 learn_address_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 client_disconnect_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 client_config_dir = '[UNDEF]'
2022-10-15 00:13:32 us=718000 ccd_exclusive = DISABLED
2022-10-15 00:13:32 us=718000 tmp_dir = 'C:\Users\ADMINI~1\AppData\Local\Temp\'
2022-10-15 00:13:32 us=718000 push_ifconfig_defined = DISABLED
2022-10-15 00:13:32 us=718000 push_ifconfig_local = 0.0.0.0
2022-10-15 00:13:32 us=718000 push_ifconfig_remote_netmask = 0.0.0.0
2022-10-15 00:13:32 us=718000 push_ifconfig_ipv6_defined = DISABLED
2022-10-15 00:13:32 us=718000 push_ifconfig_ipv6_local = ::/0
2022-10-15 00:13:32 us=718000 push_ifconfig_ipv6_remote = ::
2022-10-15 00:13:32 us=718000 enable_c2c = DISABLED
2022-10-15 00:13:32 us=718000 duplicate_cn = DISABLED
2022-10-15 00:13:32 us=718000 cf_max = 0
2022-10-15 00:13:32 us=718000 cf_per = 0
2022-10-15 00:13:32 us=718000 max_clients = 1024
2022-10-15 00:13:32 us=718000 max_routes_per_client = 256
2022-10-15 00:13:32 us=718000 auth_user_pass_verify_script = '[UNDEF]'
2022-10-15 00:13:32 us=718000 auth_user_pass_verify_script_via_file = DISABLED
2022-10-15 00:13:32 us=718000 auth_token_generate = DISABLED
2022-10-15 00:13:32 us=718000 auth_token_lifetime = 0
2022-10-15 00:13:32 us=718000 auth_token_secret_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 vlan_tagging = DISABLED
2022-10-15 00:13:32 us=718000 vlan_accept = all
2022-10-15 00:13:32 us=718000 vlan_pvid = 1
2022-10-15 00:13:32 us=718000 client = ENABLED
2022-10-15 00:13:32 us=718000 pull = ENABLED
2022-10-15 00:13:32 us=718000 auth_user_pass_file = '[UNDEF]'
2022-10-15 00:13:32 us=718000 show_net_up = DISABLED
2022-10-15 00:13:32 us=718000 route_method = 3
2022-10-15 00:13:32 us=718000 block_outside_dns = DISABLED
2022-10-15 00:13:32 us=718000 ip_win32_defined = DISABLED
2022-10-15 00:13:32 us=718000 ip_win32_type = 3
2022-10-15 00:13:32 us=718000 dhcp_masq_offset = 0
2022-10-15 00:13:32 us=718000 dhcp_lease_time = 31536000
2022-10-15 00:13:32 us=718000 tap_sleep = 0
2022-10-15 00:13:32 us=718000 dhcp_options = DISABLED
2022-10-15 00:13:32 us=718000 dhcp_renew = DISABLED
2022-10-15 00:13:32 us=718000 dhcp_pre_release = DISABLED
2022-10-15 00:13:32 us=718000 domain = '[UNDEF]'
2022-10-15 00:13:32 us=718000 netbios_scope = '[UNDEF]'
2022-10-15 00:13:32 us=718000 netbios_node_type = 0
2022-10-15 00:13:32 us=718000 disable_nbt = DISABLED
2022-10-15 00:13:32 us=718000 OpenVPN 2.5.7 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 27 2022
2022-10-15 00:13:32 us=718000 Windows version 10.0 (Windows 10 or greater) 64bit
2022-10-15 00:13:32 us=718000 library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
2022-10-15 00:13:32 us=718000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-10-15 00:13:32 us=718000 Need hold release from management interface, waiting...
2022-10-15 00:13:33 us=203000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-10-15 00:13:33 us=312000 MANAGEMENT: CMD 'state on'
2022-10-15 00:13:33 us=312000 MANAGEMENT: CMD 'log all on'
2022-10-15 00:13:34 us=546000 MANAGEMENT: CMD 'echo all on'
2022-10-15 00:13:34 us=546000 MANAGEMENT: CMD 'bytecount 5'
2022-10-15 00:13:34 us=562000 MANAGEMENT: CMD 'hold off'
2022-10-15 00:13:34 us=578000 MANAGEMENT: CMD 'hold release'
2022-10-15 00:13:34 us=578000 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2022-10-15 00:13:34 us=578000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2022-10-15 00:13:34 us=578000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
2022-10-15 00:13:34 us=578000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
2022-10-15 00:13:34 us=578000 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:9535
2022-10-15 00:13:34 us=578000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-10-15 00:13:34 us=578000 Attempting to establish TCP connection with [AF_INET]127.0.0.1:9535 [nonblock]
2022-10-15 00:13:34 us=578000 MANAGEMENT: >STATE:1665780214,TCP_CONNECT,,,,,,
2022-10-15 00:13:34 us=578000 TCP connection established with [AF_INET]127.0.0.1:9535
2022-10-15 00:13:34 us=578000 TCPv4_CLIENT link local: (not bound)
2022-10-15 00:13:34 us=578000 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:9535
2022-10-15 00:13:34 us=578000 MANAGEMENT: >STATE:1665780214,WAIT,,,,,,
2022-10-15 00:13:35 us=671000 MANAGEMENT: >STATE:1665780215,AUTH,,,,,,
2022-10-15 00:13:35 us=671000 TLS: Initial packet from [AF_INET]127.0.0.1:9535, sid=6bd2d309 4d44151b
2022-10-15 00:13:36 us=62000 VERIFY ERROR: depth=0, error=self signed certificate: CN=VPN Server, serial=0
2022-10-15 00:13:36 us=62000 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2022-10-15 00:13:36 us=62000 TLS_ERROR: BIO read tls_read_plaintext error
2022-10-15 00:13:36 us=62000 TLS Error: TLS object -> incoming plaintext read error
2022-10-15 00:13:36 us=62000 TLS Error: TLS handshake failed
2022-10-15 00:13:36 us=62000 Fatal TLS error (check_tls_errors_co), restarting
2022-10-15 00:13:36 us=62000 TCP/UDP: Closing socket
2022-10-15 00:13:36 us=62000 SIGUSR1[soft,tls-error] received, process restarting
2022-10-15 00:13:36 us=62000 MANAGEMENT: >STATE:1665780216,RECONNECTING,tls-error,,,,,
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: self signed certificate error

Post by ordex » Sat Oct 15, 2022 1:02 pm

I haven't gone through the full extent of the log, but if you are using a self-signed certificate, I *think* that you could make it work by using the same cert as CA.

This said, you have a separate CA (ca.crt) - why do you think the cert is self signed?
Top
Mahmood.Vafi
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 14, 2022 8:21 pm

Re: self signed certificate error

Post by Mahmood.Vafi » Sat Oct 15, 2022 4:33 pm

I was not completely following what you said. However, I am using the same CA on both the server and client which is generated by "./easyrsa build-ca nopass".


ordex wrote:
Sat Oct 15, 2022 1:02 pm
 I haven't gone through the full extent of the log, but if you are using a self-signed certificate, I *think* that you could make it work by using the same cert as CA.

This said, you have a separate CA (ca.crt) - why do you think the cert is self signed?
Top
User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: self signed certificate error

Post by ordex » Sat Oct 15, 2022 6:50 pm

Ok, then you indeed have a CA and you used it to sign your certificate. Therefore your certificate is not self-signed.
Are you using a recent EasyRSA? That error normally shows up when the certificate was created with older/weaker parameters.
Top
Mahmood.Vafi
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 14, 2022 8:21 pm

Re: self signed certificate error

Post by Mahmood.Vafi » Sat Oct 15, 2022 7:22 pm

I am using EasyRSA 3.0.7+ version which I believe is the most recent version.
ordex wrote:
Sat Oct 15, 2022 6:50 pm
 Ok, then you indeed have a CA and you used it to sign your certificate. Therefore your certificate is not self-signed.
Are you using a recent EasyRSA? That error normally shows up when the certificate was created with older/weaker parameters.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: self signed certificate error

Post by TinCanTech » Sat Oct 15, 2022 11:55 pm

VERIFY ERROR: depth=0, error=self signed certificate: CN=VPN Server, serial=0
Mahmood.Vafi wrote:
Sat Oct 15, 2022 7:22 pm
 I am using EasyRSA 3.0.7
Easy-RSA does not build self-signed certificates....
Top
Mahmood.Vafi
OpenVpn Newbie
Posts: 4
Joined: Fri Oct 14, 2022 8:21 pm

Re: self signed certificate error

Post by Mahmood.Vafi » Sun Oct 16, 2022 5:27 am

So what is the problem then and how can I solve it? The CA is created with Easy-RSA
TinCanTech wrote:
Sat Oct 15, 2022 11:55 pm
VERIFY ERROR: depth=0, error=self signed certificate: CN=VPN Server, serial=0
Mahmood.Vafi wrote:
Sat Oct 15, 2022 7:22 pm
 I am using EasyRSA 3.0.7
Easy-RSA does not build self-signed certificates....
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: self signed certificate error

Post by TinCanTech » Sun Oct 16, 2022 10:43 am

Read your initial link more carefully or read the official documentation.
Top
Post Reply

Return to “Configuration”