Moved Server. Now get Error when client connecting.

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
monkeymonk
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 30, 2018 3:05 pm

Moved Server. Now get Error when client connecting.

Post by monkeymonk » Mon Jul 30, 2018 3:11 pm

Hi All,

I've had a server running on a Windows 7 PC for about 6 years now (no hiccups or anything!).
Last week the hdd on the pc failed and windows won't boot. I've managed to rescue all my OpenVPN files etc.

I have moved them all onto a new PC (Windows 10) and the server runs ok.
When a client is trying to connect I keep getting the following:
OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

I'm a bit stumped on what to do..

Any ideas?

Ta,

PingPong
OpenVPN User
Posts: 14
Joined: Sun Jul 29, 2018 2:01 pm

Re: Moved Server. Now get Error when client connecting.

Post by PingPong » Tue Jul 31, 2018 6:13 am

Hi Ta,

not "any" idea, but a bunch of, when it comes to Win10.

I would start with making best conditions on the server side:
Check the IP address of Win10, make the network private, firewall off, uninstall (not only disable) internet security, check port forwarding on the router and maybe put Win10 in DMZ.

If that helps, step back with the mentioned above until you find the reason why that problem occurs. If not, check the paths on your config files.

Greetz
Martin

monkeymonk
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 30, 2018 3:05 pm

Re: Moved Server. Now get Error when client connecting.

Post by monkeymonk » Tue Jul 31, 2018 8:43 am

Hi Martin,

I have done all of that, but still no joy :(


Reading more of the log, it has this..

Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
VERIFY EKU ERROR
OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

PingPong
OpenVPN User
Posts: 14
Joined: Sun Jul 29, 2018 2:01 pm

Re: Moved Server. Now get Error when client connecting.

Post by PingPong » Tue Jul 31, 2018 2:56 pm

Maybe at this point it's no bad idea to post the configs of the server and one client.

monkeymonk
OpenVpn Newbie
Posts: 3
Joined: Mon Jul 30, 2018 3:05 pm

Re: Moved Server. Now get Error when client connecting.

Post by monkeymonk » Wed Aug 01, 2018 10:07 am

server

port 800
proto udp
dev tap
server 10.10.10.0 255.255.255.0

ca "C:\\VPN\\ca.crt"
cert "C:\\VPN\\server.crt"
key "C:\\VPN\\server.key"
dh "C:\\VPN\\dh1024.pem"

keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 5
cipher AES-256-CBC
client-to-client
status "C:\\VPN\\log\\openvpn-status.log"
duplicate-cn
tls-cipher "DEFAULT:@SECLEVEL=0"


and

client

client

dev tap

proto udp
remote ***.***.***.*** 800

resolv-retry infinite

nobind

persist-key
persist-tun

ca ca.crt
cert mr14340002n.crt
key mr14340002n.key

ns-cert-type server

cipher AES-256-CBC

comp-lzo

verb 3



It's a pretty basic config which I do need to update due to the OpenSSL changes.
I've bypassed the security as I haven't sorted out the new keys yet.
But i've never had any issues with it!

PingPong
OpenVPN User
Posts: 14
Joined: Sun Jul 29, 2018 2:01 pm

Re: Moved Server. Now get Error when client connecting.

Post by PingPong » Sun Aug 12, 2018 8:16 pm

Configs don't look bad.

Did you try the same when Windows firewall is disables?

Post Reply