[SOLVED] OpenVPN issues with 2.3.1

rguinn829 · Jun 2, 2016, 4:09 AM

Hello Everyone,

I am new to PFSense and am working to setup OpenVPN.

I did the wizard and am having issues i am pasting my system log

Jun 1 22:01:06 openvpn 97346 TUN/TAP device /dev/tun1 opened
Jun 1 22:01:06 openvpn 97346 TUN/TAP device ovpns1 exists previously, keep at program end
Jun 1 22:01:06 openvpn 97346 UDPv4 link local (bound): [AF_INET]70.124.152.5:1194
Jun 1 22:01:06 openvpn 97346 UDPv4 link remote: [undef]
Jun 1 22:01:06 openvpn 97346 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jun 1 22:01:06 openvpn 97081 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Texas, L=Austin, O=Guinn Home, emailAddress=r******@ations.com, CN=OPENVPNUSER
Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS handshake failed
Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS object -> incoming plaintext read error
Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS_ERROR: BIO read tls_read_plaintext error
Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Texas, L=Austin, O=Guinn Home, emailAddress=r***@****ns.com, CN=OPENVPNUSER
Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS handshake failed
Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS object -> incoming plaintext read error
Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS_ERROR: BIO read tls_read_plaintext error

here what the client is giving me

Jun 01 22:01:31: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.xvOUZm/ta.key' as a OpenVPN static key file
Jun 01 22:01:31: UDPv4 link local (bound): [undef]
Jun 01 22:01:32: UDPv4 link remote: [AF_INET]70.124.152.5:1194
Jun 01 22:01:32: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Jun 01 22:02:31: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jun 01 22:02:31: TLS Error: TLS handshake failed
Jun 01 22:02:31: SIGUSR1[soft,tls-error] received, process restarting
Jun 01 22:02:32: UDPv4 link local (bound): [undef]
Jun 01 22:02:32: UDPv4 link remote: [AF_INET]70.124.152.5:1194
Jun 01 22:03:13: SIGTERM[hard,] received, process exiting

Please Help

cmb · Jun 2, 2016, 3:16 AM

Issue is:
@rguinn829:

Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose:

which means your user cert isn't actually a user cert, maybe a server or CA cert.

rguinn829 · Jun 2, 2016, 3:36 AM

Take a look at my setting

![Screen Shot 2016-06-01 at 10.35.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.35.12 PM.png)
![Screen Shot 2016-06-01 at 10.35.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.35.12 PM.png_thumb)

rguinn829 · Jun 2, 2016, 3:38 AM

Also Tried

![Screen Shot 2016-06-01 at 10.21.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.21.12 PM.png)
![Screen Shot 2016-06-01 at 10.21.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.21.12 PM.png_thumb)

cmb · Jun 2, 2016, 3:46 AM

The user cert is the issue, not the server one.

rguinn829 · Jun 2, 2016, 3:51 AM

Thank You. Some how i changed my user cert to the server cert.

Now Working