Exporting an OpenVPN client config for a server which is using an Elliptic curve chip
-
I have a uniquely problematic situation with an OpenVPN server named Device VPN. Device VPN allows my embedded systems IoT product to maintain secure SSH sessions with engineers during remote debugging and maintenance processes. The IoT devices connect to the server perfectly fine but I am unable to generate an OpenVPN configuration file such that a computer can connect to the same vpn.
Attached is a screenshot of the PFsense page for the server that the embedded system clients [they are called load controllers] connect to (the clients all have elliptic curve chips on them). Although the load controllers can connect to this server, I am unable to generate an OpenVPN configuration file such that a computer can also connect to the vpn. This is my main issue.
I’ve tried another approach as well which should work but is not working. I exported the vpn configuration from one of the embedded system devices and retrieved the plain text versions of the CA certificate, client certificate, client private key (this is an elliptic curve private key) from the device. I then save this newly minted .ovpn file (the scrubbed version of the .ovpn is attached) and I then load it into OpenVPN connect. OpenVPN Connect then times out with the error shown in the OpenVPN connect screenshot below.
I am struggling to understand what I am doing wrong here but I am almost certain that it is an issue related to the use of elliptic curve methods that are not compatible with PFsense. But that doesn’t explain why I was unable to use the raw plain text .ovpb I created.
[scrubbed.ovpn](Invalid file type. Allowed types are: .png, .jpg, .bmp, .txt, .gif, .xls, .gz, .zip, .pcap, .pcapng, .7z, .xml, .jpeg, .diff, .patch, .tgz, .tar, .0, .cap) scrubbed.txt