SOLVED! OpenVPN certificate verification failure

[yellowshed]

Hi,

I'm struggling to get openvpn working on 3.4 (was previously working on 3.3 but have re-installed to get 3.4 after a failed upgrade...). I have configured the certificate authority, created the necessary vpn server, advertised client networks etc, downloaded the client bundle and installed on a windows machine.

When I try and connect I get the TLS key negotiation error failed to occur after 60 secs error on the client and a certificate verification error in the server openvpn log.

I can't for the life of me figure out what I'm doing wrong.

Please help, and I'm happy to post configs etc.

Thanks,

YellowShed

[yellowshed]

Hi all,

When looking at this again and examining logs, I saw that I was getting unknown certificate usage errors in the logs. So I googled a bit, and eventually tried different client certificates. I managed to get it working with a new certificate.

I haven't exhaustively tested this, but I believe that if I enter text into the optional "Subject alternative Names" field when generating the certificate, I believe I get a server-type certificate and that's not valid as a client certificate. When I created a client certificate using just information in the "Common Name" field, I was able to successfully log in.

I believe a little more clarity in the documentation on the differences between server and client certificates and how they are generated may be helpful. I believe that the creation of a new openvpn server creates the right kind of certificate (server).

Anyway, working for me now.

YellowShed