Client does not connect using inline keys

[jakama]

Hello!

I connect to the server perfectly with the keys separated in files, but I don't get it by putting them inline.

I need to put them inline because on Android it doesn't work with separate keys.

I have this configuration file that does work:

Code: Select all

client

ca ca.crt
cert jcamacho.crt
key jcamacho.key
tls-auth ta.key 1
ns-cert-type server
persist-key
persist-tun
nobind
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1192
comp-lzo
verb 3
mute 20

But when I change it to this one:

Code: Select all

client

ns-cert-type server
persist-key
persist-tun
nobind
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1192
comp-lzo
verb 3
mute 20

<ca>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END ENCRYPTED PRIVATE KEY-----
</key>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----
</tls-auth>

I get the error:

Code: Select all

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

Any idea why it doesn't work?

Thanks

[jakama]

I just solved it... There's nothing like asking a question to make the answer pop into your head....

I'll leave it here in case it's helpful to anyone:

I've added the line:

Code: Select all

key-direction 1

Best regards!

[TinCanTech]

You can use --tls-crypt instead, which does not require a direction.