Another PolarSSL error
Posted: Sat Feb 18, 2017 5:06 am
Hi,
First of all, I would like to congratulate to OpenVPN and its volunteers for making this great service possible.
I would like to connect my iPhone to a home-made OpenVPN network but when I try to connect I receive the following error message:
My client configuration is:
My server.conf file is
Using this configuration I can connect to the server from Windows 10 Home x64 using SecurePoint 2.0.18. I also can browse Internet.
The version of the OpenVPN server is
The OS version is
The iOS version is 10.2.1 (14D27).
Can you give me some ideas why does this happen? What error may have this configuration?
Thanks in advance
First of all, I would like to congratulate to OpenVPN and its volunteers for making this great service possible.
I would like to connect my iPhone to a home-made OpenVPN network but when I try to connect I receive the following error message:
Code: Select all
Client exception in transport_recv_excode: PolarSSL: SSL read error : SSL - Processing of the ServerKeyExchange handshake message failedCode: Select all
client
dev tun
proto udp
remote [editedIP] [editedPort]
ns-cert-type server
comp-lzo
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
[edited]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[edited]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[edited]
-----END PRIVATE KEY-----
</key>
Code: Select all
#using UDP
proto udp
port 1194
#create IP tunnel
dev tun
#root SSL/TLS certificate
ca ca.crt
#server private certificate
cert server.crt
#server private key
key server.key
#Diffie-Hellman file
dh dh8192.pem
#IP and mask of the network
server 10.89.0.0 255.255.255.0
#configuring openDNS DNS servers
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
#making the new default gateway the openVPN servers one
#bypass-dhcp to dont remove the clients original gateway configuration
push "redirect-gateway def1 bypass-dhcp"
#do not assign user to the service
user nobody
group nobody
persist-key
persist-tun
#log file
status openvpn-status.log
#verbosity level
verb 4
#enable cipher
cipher AES-256-CBC
The version of the OpenVPN server is
Code: Select all
srv:/etc/openvpn # openvpn --version
OpenVPN 2.3.8 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Aug 4 2015
library versions: OpenSSL 1.0.2j-fips 26 Sep 2016, LZO 2.08
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
Code: Select all
srv:/etc/openvpn # uname -a
Linux srv 4.4.46-11-default #1 SMP Sat Feb 4 06:07:41 UTC 2017 (f555e41) x86_64 x86_64 x86_64 GNU/Linux
Can you give me some ideas why does this happen? What error may have this configuration?
Thanks in advance