Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] OpenVPN issues with 2.3.1

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 6.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rguinn829
      last edited by

      Hello Everyone,

      I am new to PFSense and am working to setup OpenVPN.

      I did the wizard and am having issues i am pasting my system log

      Jun 1 22:01:06 openvpn 97346 TUN/TAP device /dev/tun1 opened
      Jun 1 22:01:06 openvpn 97346 TUN/TAP device ovpns1 exists previously, keep at program end
      Jun 1 22:01:06 openvpn 97346 UDPv4 link local (bound): [AF_INET]70.124.152.5:1194
      Jun 1 22:01:06 openvpn 97346 UDPv4 link remote: [undef]
      Jun 1 22:01:06 openvpn 97346 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Jun 1 22:01:06 openvpn 97081 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
      Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Texas, L=Austin, O=Guinn Home, emailAddress=r******@ations.com, CN=OPENVPNUSER
      Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
      Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS handshake failed
      Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS object -> incoming plaintext read error
      Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 TLS_ERROR: BIO read tls_read_plaintext error
      Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=Texas, L=Austin, O=Guinn Home, emailAddress=r
      ***@****ns.com, CN=OPENVPNUSER
      Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
      Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS handshake failed
      Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS Error: TLS object -> incoming plaintext read error
      Jun 1 22:02:33 openvpn 97346 172.16.5.53:1194 TLS_ERROR: BIO read tls_read_plaintext error

      here what the client is giving me

      Jun 01 22:01:31: Control Channel Authentication: using '/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/connection.xvOUZm/ta.key' as a OpenVPN static key file
      Jun 01 22:01:31: UDPv4 link local (bound): [undef]
      Jun 01 22:01:32: UDPv4 link remote: [AF_INET]70.124.152.5:1194
      Jun 01 22:01:32: WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
      Jun 01 22:02:31: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
      Jun 01 22:02:31: TLS Error: TLS handshake failed
      Jun 01 22:02:31: SIGUSR1[soft,tls-error] received, process restarting
      Jun 01 22:02:32: UDPv4 link local (bound): [undef]
      Jun 01 22:02:32: UDPv4 link remote: [AF_INET]70.124.152.5:1194
      Jun 01 22:03:13: SIGTERM[hard,] received, process exiting

      Please Help

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Issue is:
        @rguinn829:

        Jun 1 22:01:33 openvpn 97346 172.16.5.53:1194 VERIFY ERROR: depth=0, error=unsupported certificate purpose:

        which means your user cert isn't actually a user cert, maybe a server or CA cert.

        1 Reply Last reply Reply Quote 0
        • R
          rguinn829
          last edited by

          Take a look at my setting

          ![Screen Shot 2016-06-01 at 10.35.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.35.12 PM.png)
          ![Screen Shot 2016-06-01 at 10.35.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.35.12 PM.png_thumb)

          1 Reply Last reply Reply Quote 0
          • R
            rguinn829
            last edited by

            Also Tried

            ![Screen Shot 2016-06-01 at 10.21.12 PM.png](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.21.12 PM.png)
            ![Screen Shot 2016-06-01 at 10.21.12 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2016-06-01 at 10.21.12 PM.png_thumb)

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              The user cert is the issue, not the server one.

              1 Reply Last reply Reply Quote 0
              • R
                rguinn829
                last edited by

                Thank You. Some how i changed my user cert to the server cert.

                Now Working

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.