Learning OpenVPN with OpnSense today.
I have a Microsoft PKI, setup Opnsense as SubCA, and setup OpenVPN server to use LDAP w/ TLS + User Auth.
I am able to successfully connect on Android OpenVPN connect.
Windows OpenVPN connect giving issues. If I export my config as .p12 and import certs to client I get log errors:
OpenSSLContext: CA not Defined
Or
If I export config with opnsense "Windows Certificate System Store" option (cryptoapicert "SUBJ:CertCN" inserted to config)
Then import chain Microsoft store.
I get error
BIO_read failed: cap-2576 Status=-1 error 0406B07A:rsa
routines:RSA_padding_add_none:data too small for key size / error:141F0006:SSL
If I export out a Viscosity VPN client config from Opnsense using same cert / chain Viscosity connects just fine.
Here's what Opnsense config export is feeding client:
Client Config generated by opnsense
dev tun
persist-tun
persist-key
cipher AES-256-GCM
auth SHA512
client
resolv-retry infinite
remote mydomain.com 16454 udp
lport 0
verify-x509-name "C=US, ST=CA, L=CA, O=CA, emailAddress=admin@mydomain.com, CN=vpn.mydomain.com" subject
remote-cert-tls server
auth-user-pass
auth-nocache
comp-lzo adaptive
pkcs12 VPN_User.p12
tls-auth VPN_User-tls.key 1
Any idea why Windows OpnVPN connect client dislikes my cert? Thanks!