I am doing some tests to doing work the OpenVPN 2.5.1 comunity edition, with some old routers on which OpenVPN 2.1_rc22 is installed.
I generated the keys and certificates with Easyrsa3, installed on Windows 10 together with openvpn 2.5.1, as a test server.
The generated certificates work perfectly if the openVPN version is at least 2.3, but on version 2.1, I get the following errors from openvpn log:
Code: Select all
TLS: Initial packet from [source_IP]:1194, sid=216712af 3baea1bb
VERIFY OK: depth=1, /CN=Easy-RSA_CA
VERIFY ERROR: could not extract Common Name from X509 subject string ('/CN=vpn-server') -- note that the Common Name length is limited to 64 characters
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
But I can't get the router to "digest" the new keys with the old version of OpenVPN (obviously I can't update).
vars file:
Code: Select all
set_var EASYRSA "$ PWD"
set_var EASYRSA_PKI "$ EASYRSA / pki"
set_var EASYRSA_DN "org"
set_var EASYRSA_REQ_COUNTRY "XX"
set_var EASYRSA_REQ_PROVINCE "Rome"
set_var EASYRSA_REQ_CITY "Rome"
set_var EASYRSA_REQ_ORG "Company CA Self"
set_var EASYRSA_REQ_EMAIL "info@info.com"
set_var EASYRSA_REQ_OU "Test_1"
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_ALGO rsa
set_var EASYRSA_CA_EXPIRE 4000
set_var EASYRSA_CERT_EXPIRE 3650
set_var EASYRSA_NS_SUPPORT "yes"
set_var EASYRSA_NS_COMMENT "Comment"
set_var EASYRSA_EXT_DIR "$ EASYRSA / x509-types"
set_var EASYRSA_SSL_CONF "$ EASYRSA / openssl-easyrsa.cnf"
set_var EASYRSA_DIGEST "sha1"
set_var EASYRSA_OPENSSL "c: / Program Files / OpenVPN / bin / openssl.exe"
set_var EASYRSA_TEMP_DIR "c: / temp_key"
Thank you!