[SOLVED] OpenVPN issues with 2.3.1



  • Hello Everyone,

    I am new to PFSense and am working to setup OpenVPN.

    I did the wizard and am having issues i am pasting my system log

    Jun 1 22:01:06 openvpn 97346 TUN/TAP device /dev/tun1 opened
    Jun 1 22:01:06 openvpn 97346 TUN/TAP device ovpns1 exists previously, keep at program end
    Jun 1 22:01:06 openvpn 97346 UDPv4 link local (bound): [AF_INET]70.124.152.5:1194
    Jun 1 22:01:06 openvpn 97346 UDPv4 link remote: [undef]
    Jun 1 22:01:06 openvpn 97346 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Jun 1 22:01:06 openvpn 97081 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Texas, L=Austin, O=Guinn Home, emailAddress=r******@ations.com, CN=OPENVPNUSER
    Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
    Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS handshake failed
    Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS object -> incoming plaintext read error
    Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS_ERROR: BIO read tls_read_plaintext error
    Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Texas, L=Austin, O=Guinn Home, emailAddress=r
    ***@****ns.com, CN=OPENVPNUSER
    Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
    Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS handshake failed
    Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS object -> incoming plaintext read error
    Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS_ERROR: BIO read tls_read_plaintext error

    here what the client is giving me

    Jun 01 22:01:31: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.xvOUZm/ta.key' as a OpenVPN static key file
    Jun 01 22:01:31: UDPv4 link local (bound): [undef]
    Jun 01 22:01:32: UDPv4 link remote: [AF_INET]70.124.152.5:1194
    Jun 01 22:01:32: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
    Jun 01 22:02:31: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Jun 01 22:02:31: TLS Error: TLS handshake failed
    Jun 01 22:02:31: SIGUSR1[soft,tls-error] received, process restarting
    Jun 01 22:02:32: UDPv4 link local (bound): [undef]
    Jun 01 22:02:32: UDPv4 link remote: [AF_INET]70.124.152.5:1194
    Jun 01 22:03:13: SIGTERM[hard,] received, process exiting

    Please Help



  • Issue is:
    @rguinn829:

    Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose:

    which means your user cert isn't actually a user cert, maybe a server or CA cert.



  • Take a look at my setting

    ![Screen Shot 2016-06-01 at 10.35.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.35.12 PM.png)
    ![Screen Shot 2016-06-01 at 10.35.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.35.12 PM.png_thumb)



  • Also Tried

    ![Screen Shot 2016-06-01 at 10.21.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.21.12 PM.png)
    ![Screen Shot 2016-06-01 at 10.21.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.21.12 PM.png_thumb)



  • The user cert is the issue, not the server one.



  • Thank You. Some how i changed my user cert to the server cert.

    Now Working