tls-remote issue...
Posted: Fri Jun 28, 2013 12:41 am
Hi...
Being aware that using 'tls-remote'(DEPRECATED) for verification should now be replaced with 'verify-x509-name' for 2.2.2+(I have 2.3.2 installed) I am having trouble connecting and receive the following error:-
VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=admin@goldenfrog.com
VERIFY X509NAME ERROR: C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=uk1.vpn.giganews.com, emailAddress=admin@goldenfrog.com, must be uk1.vpn.giganews.com
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I am also aware this may be a 'third-party' issue with 'verify-x509-name'... Of course tls-remote is still functional but with the 'DEPRECATED' warning.
I don't really wish to omit this verification from my configuration.
I would prefer to stay using the Openvpn client as I always have and not use the VyprVPN installer for my giganews VPN connection.
I've setup my config as follows...
client
dev tun
proto udp
remote uk1.vpn.giganews.com 443(doesn't like 1194)
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.vyprvpn.com.crt
verify-x509-name(tls-remote) uk1.vpn.giganews.com
auth-user-pass
auth-nocache
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
How should I go about fixing this?
Thanx...
Btw, should I be using port 1194(I receive warnings when I do)?
Being aware that using 'tls-remote'(DEPRECATED) for verification should now be replaced with 'verify-x509-name' for 2.2.2+(I have 2.3.2 installed) I am having trouble connecting and receive the following error:-
VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=admin@goldenfrog.com
VERIFY X509NAME ERROR: C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=uk1.vpn.giganews.com, emailAddress=admin@goldenfrog.com, must be uk1.vpn.giganews.com
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I am also aware this may be a 'third-party' issue with 'verify-x509-name'... Of course tls-remote is still functional but with the 'DEPRECATED' warning.
I don't really wish to omit this verification from my configuration.
I would prefer to stay using the Openvpn client as I always have and not use the VyprVPN installer for my giganews VPN connection.
I've setup my config as follows...
client
dev tun
proto udp
remote uk1.vpn.giganews.com 443(doesn't like 1194)
resolv-retry infinite
nobind
persist-key
persist-tun
persist-remote-ip
ca ca.vyprvpn.com.crt
verify-x509-name(tls-remote) uk1.vpn.giganews.com
auth-user-pass
auth-nocache
comp-lzo
verb 3
auth SHA256
cipher AES-256-CBC
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
How should I go about fixing this?
Thanx...
Btw, should I be using port 1194(I receive warnings when I do)?