I have a openvpn server instance on a ubuntu 18 server. I already have clients on linux that are able to connect to it.
I try to connect an Android phone (Huawei P30 lite). I generated a .ovpn file with certificates included, like my other computers.
Edit: I just tested with a Samsung S7 and it works... seems that something is wrong with huawei phones.
My server settings:
Code: Select all
port 443
proto tcp
dev tun
<certificate files...>
server 10.1.0.0 255.255.0.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
explicit-exit-notify 0
Client settings example (excluding certificates):
Code: Select all
client
dev tun
proto tcp
remote X.X.X.X 443
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
verb 3
Sometimes this is the error:
Code: Select all
Fri Nov 1 15:18:29 2019 TCP connection established with [AF_INET]67.218.223.210:43586
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 TLS: Initial packet from [AF_INET]67.218.223.210:43586, sid=0c6e2d1c e1fa28b9
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 VERIFY OK: depth=1, CN=Easy-RSA CA
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 VERIFY OK: depth=0, CN=mobile_marc
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 OpenSSL: error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 OpenSSL: error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 OpenSSL: error:1417B07B:SSL routines:tls_process_cert_verify:bad signature
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 TLS_ERROR: BIO read tls_read_plaintext error
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 TLS Error: TLS handshake failed
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 Fatal TLS error (check_tls_errors_co), restarting
Fri Nov 1 15:18:29 2019 67.218.223.210:43586 SIGUSR1[soft,tls-error] received, client-instance restarting
Code: Select all
Fri Nov 1 15:16:42 2019 TCP connection established with [AF_INET]67.218.223.210:43584
Fri Nov 1 15:16:42 2019 67.218.223.210:43584 TLS: Initial packet from [AF_INET]67.218.223.210:43584, sid=cd755526 5999b01c
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 VERIFY OK: depth=1, CN=Easy-RSA CA
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 VERIFY OK: depth=0, CN=mobile_marc
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 OpenSSL: error:04067084:rsa routines:rsa_ossl_public_decrypt:data too large for modulus
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 OpenSSL: error:1417B07B:SSL routines:tls_process_cert_verify:bad signature
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 TLS_ERROR: BIO read tls_read_plaintext error
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 TLS Error: TLS object -> incoming plaintext read error
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 TLS Error: TLS handshake failed
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 Fatal TLS error (check_tls_errors_co), restarting
Fri Nov 1 15:16:43 2019 67.218.223.210:43584 SIGUSR1[soft,tls-error] received, client-instance restarting
Thanks