can't connect to VPN Server

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Locked
xlepws
OpenVpn Newbie
Posts: 12
Joined: Sun Oct 25, 2015 2:53 pm

can't connect to VPN Server

Post by xlepws » Tue Mar 15, 2016 12:04 am

VPN server starts good (it's another machine in my LAN). I exported all due client certificates (ca.crt ta.key client.crt and client.key)
When trying to connect this is what I get from the client:
Tue Mar 15 00:40:27 2016 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Tue Mar 15 00:40:27 2016 Windows version 6.1 (Windows 7)
Tue Mar 15 00:40:27 2016 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Enter Management Password:
Tue Mar 15 00:40:33 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 15 00:40:33 2016 SIGUSR1[soft,private-key-password-failure] received, process restarting
Tue Mar 15 00:40:44 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Mar 15 00:40:44 2016 UDPv4 link local: [undef]
Tue Mar 15 00:40:44 2016 UDPv4 link remote: [AF_INET]myremoteip:1196
Tue Mar 15 00:40:44 2016 VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=GW2-Server
Tue Mar 15 00:40:44 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Mar 15 00:40:44 2016 TLS Error: TLS object -> incoming plaintext read error
Tue Mar 15 00:40:44 2016 TLS Error: TLS handshake failed
Tue Mar 15 00:40:44 2016 SIGUSR1[soft,tls-error] received, process restarting
I don't think I made mistake in the client certificate generation..and my client.ovpn is just fine
client
proto udp
remote myremoteip
port 1196
dev tun
nobind
remote-cert-tls server
tls-auth ta.key 1
ca ca.crt
cert client.crt
key client.key
What could I try?
Thank you!
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: can't connect to VPN Server

Post by Traffic » Tue Mar 15, 2016 12:31 am

xlepws wrote:VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=GW2-Server
This suggests you have not created an ssl server certificate.
xlepws wrote:What could I try?
Go to the PKI folder and type this:

Code: Select all

> openssl verify -CAfile ca.crt -purpose sslserver server.crt
make sure you use the correct file names for ca.crt and server.crt ..
Top
xlepws
OpenVpn Newbie
Posts: 12
Joined: Sun Oct 25, 2015 2:53 pm

Re: can't connect to VPN Server

Post by xlepws » Tue Mar 15, 2016 1:20 am

I am an idiot :mrgreen:

Luckily I left the easyrsa3 shell opened, so I noticed that to create the server certificate, I fired the "./easyrsa build-client-full" command, instead of "./easyrsa build-server-full"
To avoid other mistakes, I started the process all over again..and eventually it worked like a charm ;)

Thank you!
Top
Locked

Return to “Server Administration”