Verify your configuration
-
Re: OpenVPN server certificate verify failed on pfSense 2.6.0
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 SIGUSR1[soft,tls-error] received, client-instance restarting
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 TLS Error: TLS handshake failed
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 TLS Error: TLS object -> incoming plaintext read error
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 TLS_ERROR: BIO read tls_read_plaintext error
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 VERIFY SCRIPT ERROR: depth=1, CN=pfSense-CA, C=GB, ST=UK, L=London, O=Test Ltd.
Apr 22 13:55:24 openvpn 40410 192.168.0.59:53529 WARNING: Failed running command (--tls-verify script): external program exited with error status: 1
Apr 22 13:55:23 openvpn 40410 192.168.0.59:53529 VERIFY WARNING: depth=1, unable to get certificate CRL: CN=pfSense-CA, C=GB, ST=UK, L=London, O=Test Ltd.
Apr 22 13:55:23 openvpn 40410 192.168.0.59:53529 VERIFY WARNING: depth=0, unable to get certificate CRL: CN=spike, C=GB, ST=UK, L=London, O=Test Ltd.
Apr 22 13:55:23 openvpn 40410 192.168.0.59:53529 TLS: Initial packet from [AF_INET]192.168.0.59:53529, sid=65d042ea 93aca844<<< -- For this case you're using wrong names, you need use "OpenVPNServer" because "OpenVPNServer" is your CN=
Your config should be:
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA512
tls-client
client
resolv-retry infinite
remote 84.9.xxx.xxx 1194 udp4
nobind
verify-x509-name "OpenVPNServer" name
auth-user-pass
remote-cert-tls server
explicit-exit-notify