@derelict said in Windows OpenVPN Clients:
One thing I would try - sort of a shot in the dark - would be changing the CN for Gil_Mobile to Mobile_Gil.
I thought I'd give it a try, but has pobably added to the confusion a bit.
CN: "Gil" fails always (as per previous)
CN: "Gil_Mobile" works; but
it fails on the
first attempt if "Mobile_Gil" has just previously connected
CN: Mobile_Gil works; but
it fails on the
first attempt if "Gil_Mobile" has just previously connected
The error message from the first attempt on the OpenVPN Server:
Feb 5 21:29:23 openvpn 43450
Gil_Mobile/101.191.59.43:31448 SIGTERM[soft,delayed-exit] received, client-instance exiting
Feb 5 21:29:17 openvpn 43450
Gil_Mobile/101.191.59.43:31448 SENT CONTROL [Mobile_Gil]: 'AUTH_FAILED' (status=1)
Feb 5 21:29:17 openvpn 43450
Gil_Mobile/101.191.59.43:31448 Delayed exit in 5 seconds
Feb 5 21:29:17 openvpn 43450
Gil_Mobile/101.191.59.43:31448 PUSH: Received control message: 'PUSH_REQUEST'
Feb 5 21:29:16 openvpn user 'Mobile_Gil' authenticated
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 TLS: tls_multi_process: untrusted session promoted to semi-trusted
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 TLS: move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1569'
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 TLS Auth Error: Auth Username/Password verification failed for peer
Feb 5 21:29:16 openvpn 43450
Gil_Mobile/101.191.59.43:31448 TLS Auth Error: username attempted to change from 'Gil_Mobile' to 'Mobile_Gil' -- tunnel disabled
I think I'm chasing my tail without some better tools and more understanding of the Microsoft Certificate Storage.
I am using the openVPN GUI v11.10.0.0 from OpenVPN Technologies Inc. Not sure if there is an alternate app to test with.
@derelict said in Windows OpenVPN Clients:
Also there might be some logging that can be turned up on the client that will display what it is doing in that cryptoapicert cal
I don't see any additional logging options available.