Re: TLS Error: TLS key negotiation failed to occur within 60 seconds
-
Hi All,
I'm having same issue. Clean install of pfsense 2.2.5 and I used wizard to create open vpn server and cert.
open vpn client side error:
Sat Nov 28 18:23:03 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Missouri, L=Saint Louis, O=AEM Business Solutions, emailAddress=myemail@mydomain.com, CN=almirm
Sat Nov 28 18:23:03 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Nov 28 18:23:03 2015 TLS Error: TLS object -> incoming plaintext read error
Sat Nov 28 18:23:03 2015 TLS Error: TLS handshake failed
Sat Nov 28 18:23:03 2015 SIGUSR1[soft,tls-error] received, process restarting
Sat Nov 28 18:23:05 2015 UDPv4 link local (bound): [undef]
Sat Nov 28 18:23:05 2015 UDPv4 link remote: [AF_INET]my.public.wan.ip.addr:1194
Sat Nov 28 18:23:05 2015 SIGTERM[hard,] received, process exitingOpenVpn client side config file:
dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote public.ip.addr 1194 udp
lport 0
verify-x509-name "almirm" name
auth-user-pass
pkcs12 pfs-fw2-udp-1194-almirm.p12
tls-auth pfs-fw2-udp-1194-almirm-tls.key 1I see here i don't have user and server .cert but that should come included in client export openvpn client software ?
see attached screenshots of my openvpn server and certs.
Please let me know if you require more info.
Thanks in advance.
![openvpn certs.PNG](/public/imported_attachments/1/openvpn certs.PNG)
![openvpn certs.PNG_thumb](/public/imported_attachments/1/openvpn certs.PNG_thumb)
![openvpn conf files.PNG](/public/imported_attachments/1/openvpn conf files.PNG)
![openvpn conf files.PNG_thumb](/public/imported_attachments/1/openvpn conf files.PNG_thumb)
![openvpn user settings.PNG](/public/imported_attachments/1/openvpn user settings.PNG)
![openvpn user settings.PNG_thumb](/public/imported_attachments/1/openvpn user settings.PNG_thumb)
![pfsence opnevpn capture.png](/public/imported_attachments/1/pfsence opnevpn capture.png)
![pfsence opnevpn capture.png_thumb](/public/imported_attachments/1/pfsence opnevpn capture.png_thumb) -
Not the same error at all, and how did you mess up the wizard that ASKS you to create a server cert.. Yet your trying to use a USER cert for the server..
"ead tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
-
try to remove checkbox from Block Private Networks in WAN inerface and see if it works
-
try to remove checkbox from Block Private Networks in WAN inerface and see if it works
What?
-
Quote from: pajo99 on 2015-12-02, 01:47:48
try to remove checkbox from Block Private Networks in WAN inerface and see if it works
What?
Exactly, Block Private Networks has nothing to do with this issue, as johnpoz already pointed out, the OP is incorrectly trying to use a USER Certificate for an OpenVPN SERVER.