Only connecting in User Auth, not SSL/TLS + User Auth......



  • We just moved, and I've been getting all of my network equipment setup. I have gigabit uverse, and while that's been a challenge to work around, I've got it setup how I want.
    I recently setup my pfsense box and OpenVPN again, but something strange is occuring. For clarity, I'm connecting to my OpenVPN server (pfsense box) from my iPhone via the OpenVPN iOS app.

    If I setup the server as "Remote Access (User Auth)" it works just fine. If I set it up as "Remote Access (SSL/TLS + User Auth)" it won't connect and will just time out. This was working fine before we moved, abeit, I DID have Suddenlink back then and ran my own modem.

    I have a Uverse Gateway to deal with now, but I have it setup in IP Passthrough mode and all seems to be going well.

    So...any ideas? Perhaps I have a setting incorrect for SSL/TLS? I've created a user (in addition to admin), Created a CA, created a cert, associated the cert with the user as well as the server.

    So, I'm stumped. It appears that SSL/TLS + User Auth is much safer than User Auth alone. When using User Auth alone....it doesn't even include a TLS key, correct?

    Anything I can try? Perhaps I don't create a new user, but instead associate the CA and Cert with Admin?

    Perhaps the Uverse Gateway doesn't like SSL/TLS/Certs? That'd be strange as it's just passing traffic at this point since I have it in IP Passthrough Mode.

    Here's a log in OpenVPN:

    VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=XX, L=XXXX, O=XXXXX, emailAddress=XXXXX@gmail.com, CN=Admin User Certificate, subjectAltName=
    OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
    TLS_ERROR: BIO read tls_read_plaintext error
    TLS Error: TLS object -> incoming plaintext read error
    TLS Error: TLS handshake failed

    Any ideas? I used "Xs" to blur out some data.



  • Figured it out. You have to have a separate "user" cert and a separate "server" cert. Doh!