Here are redacted configs and logs for both the ipad and FreeBSD server:
IPAD.crt
Code: Select all
Certificate:
Data:
Version: 3 (0x2)
Serial Number: SERIAL
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Illinois, L=CITY, O=ISSUER, OU=IT, CN=ISSUER CA/emailAddress=webmaster@DOMAIN
Validity
Not Before: Sep 6 21:24:05 2019 GMT
Not After : Sep 5 21:24:05 2021 GMT
Subject: C=US, ST=Illinois, O=DOMAIN, CN=IPAD
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
<REDACTED>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
SUBJECTKEYID#2
X509v3 Authority Key Identifier:
keyid:SUBJECTKEYID#1
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
<REDACTED>
-----BEGIN CERTIFICATE-----
<REDACTED>
-----END CERTIFICATE-----
IPAD.key
Code: Select all
-----BEGIN RSA PRIVATE KEY-----
<REDACTED>
-----END RSA PRIVATE KEY-----
IPAD.log
Code: Select all
19-08-13 00:08:49 Creds: UsernameEmpty/PasswordEmpty
2019-08-13 00:08:49 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.3-2104
IV_VER=3.git::728733ae
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_AUTO_SESS=1
IV_BS64DL=1
2019-08-13 00:08:49 VERIFY OK : depth=1
cert. version : 3
serial number : A3:D7:3C:93:57:B0:06:2A
issuer name : C=US, ST=Illinois, L=CITY, O=ISSUER, OU=IT, CN=ISSUER CA, emailAddress=webmaster@DOMAIN
subject name : C=US, ST=Illinois, L=CITY, O=ISSUER, OU=IT, CN=ISSUER CA, emailAddress=webmaster@DOMAIN
issued on : 2015-04-08 22:49:12
expires on : 2025-04-05 22:49:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2019-08-13 00:08:49 VERIFY OK : depth=0
cert. version : 3
serial number : 10:31
issuer name : C=US, ST=Illinois, L=CITY, O=ISSUER, OU=IT, CN=ISSUER CA, emailAddress=webmaster@DOMAIN
subject name : C=US, ST=Illinois, O=DOMAIN, CN=VPNSERVER
issued on : 2019-09-06 01:35:01
expires on : 2021-09-05 01:35:01
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : VPNSERVER, DOMAIN, ALTERNATENAME
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
2019-08-13 00:08:49 Client exception in transport_recv_excode: mbed TLS: SSL read error : SSL - The requested feature is not available
2019-08-13 00:08:49 Client terminated, restarting in 2000 ms...
2019-08-13 00:08:52 EVENT: RECONNECTING
2019-08-13 00:08:52 EVENT: RESOLVE
2019-08-13 00:08:52 Contacting [IPv6]:1194/TCP via TCPv4
2019-08-13 00:08:52 EVENT: WAIT
2019-08-13 00:08:52 Connecting to [VPNSERVER]:1194 (IPv6) via TCPv4
2019-08-13 00:08:52 EVENT: CONNECTING
2019-08-13 00:08:52 Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
IPAD.opvn
Code: Select all
client
dev tun
proto tcp
remote VPNSERVER 1194
nobind
ca $ISSUER.pem
cert IPAD.crt
key IPAD.key
tls-auth ta.key 1
ISSUER.pem
Code: Select all
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
SERIAL#1
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = Illinois, L = CITY, O = ISSUER, OU = IT, CN = ISSUER CA, emailAddress = webmaster@DOMAIN
Validity
Not Before: Apr 8 22:49:12 2015 GMT
Not After : Apr 5 22:49:12 2025 GMT
Subject: C = US, ST = Illinois, L = CITY, O = ISSUER, OU = IT, CN = ISSUER CA, emailAddress = webmaster@DOMAIN
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
<REDACTED>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
SUBJECTKEYID#1
X509v3 Authority Key Identifier:
keyid:SUBJECTKEYID#1
DirName:/C=US/ST=Illinois/L=CITY/O=ISSUER/OU=IT/CN=ISSUER CA/emailAddress=webmaster@DOMAIN
serial:SERIAL#1
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
<REDACTED>
-----BEGIN CERTIFICATE-----
<REDACTED>
-----END CERTIFICATE-----
VPNSERVER.conf
Code: Select all
port 1194
proto tcp
dev tun
ca /usr/local/etc/ssl/cert.pem
cert /usr/local/etc/ssl/VPNSERVER.crt
key /usr/local/etc/ssl/VPNSERVER.key
dh /usr/local/etc/ssl/dhparams.pem
topology subnet
server VPN-NET 255.255.255.240
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "remote-gateway VPNSERVERIP"
client-config-dir ccd
route VPN-NET 255.255.255.240
push "dhcp-option DNS 208.67.222.2"
push "dhcp-option DNS 208.67.220.2"
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-GCM
compress lz4-v2
push "compress lz4-v2"
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
verb 3
VPNSERVER.crt
Code: Select all
Certificate:
Data:
Version: 3 (0x2)
Serial Number: SERIAL
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Illinois, L=CITY, O=ISSUER, OU=IT, CN=ISSUER CA/emailAddress=webmaster@DOMAIN
Validity
Not Before: Sep 6 01:35:01 2019 GMT
Not After : Sep 5 01:35:01 2021 GMT
Subject: C=US, ST=Illinois, O=DOMAIN, CN=VPNSERVER
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
<REDACTED>
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
SUBJECTKEYID#2
X509v3 Authority Key Identifier:
keyid:SUBJECTKEYID#1
X509v3 Subject Alternative Name:
DNS:VPNSERVER, DNS:DOMAIN, DNS:ALTERNATENAME
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: sha1WithRSAEncryption
<REDACTED>
-----BEGIN CERTIFICATE-----
<REDACTED>
-----END CERTIFICATE-----
VPNSERVER.key
Code: Select all
-----BEGIN RSA PRIVATE KEY-----
<REDACTED>
-----END RSA PRIVATE KEY-----
VPNSERVER.log
Code: Select all
Sep 13 00:20:46 <daemon.notice> VPNSERVER openvpn[1687]: TCP connection established with [AF_INET6]::ffff:IPv4:57748
Sep 13 00:20:46 <daemon.notice> VPNSERVER openvpn[1687]: IPv4:57748 TLS: Initial packet from [AF_INET6]::ffff:IPv4:57748, sid=937e2ec6 42d8d230
Sep 13 00:20:47 <daemon.err> VPNSERVER openvpn[1687]: IPv4:57748 Connection reset, restarting [0]
Sep 13 00:20:47 <daemon.notice> VPNSERVER openvpn[1687]: IPv4:57748 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sep 13 00:20:49 <daemon.notice> VPNSERVER openvpn[1687]: TCP connection established with [AF_INET6]::ffff:IPv4:44547
Sep 13 00:20:49 <daemon.notice> VPNSERVER openvpn[1687]: IPv4:44547 TLS: Initial packet from [AF_INET6]::ffff:IPv4:44547, sid=77e7f555 894fb55f
Sep 13 00:20:49 <daemon.err> VPNSERVER openvpn[1687]: IPv4:44547 Connection reset, restarting [0]
Sep 13 00:20:49 <daemon.notice> VPNSERVER openvpn[1687]: IPv4:44547 SIGUSR1[soft,connection-reset] received, client-instance restarting
ta.key
Code: Select all
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
<REDACTED>
-----END OpenVPN Static key V1-----