[solved]TLS error with Open VPN



  • Sorry for my English.
    I'm new to pfsense, now I want to make the VPN Connection with Open VPN (client-site). I followed the instruction from this link https://www.youtube.com/watch?v=VdAHVSTl1ys
    But when I make the connect from client pc to pfsense I've got this error
    On Open Gui:
    Mon Mar 14 19:23:25 2016 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=VN, ST=Ho Chi Minh, L=Ho Chi Minh, O=canhabennhau, emailAddress=yeudoivtn17@yahoo.com, CN=nhan
    Mon Mar 14 19:23:25 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Mon Mar 14 19:23:25 2016 TLS Error: TLS object -> incoming plaintext read error
    Mon Mar 14 19:23:25 2016 TLS Error: TLS handshake failed

    On System log - Open VPN
    Mar 14 19:23:49 pfSense openvpn[11258]: 171.254.30.155:32805 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 14 19:23:49 pfSense openvpn[11258]: 171.254.30.155:32805 TLS Error: TLS handshake failed
    Mar 14 19:23:57 pfSense openvpn[11258]: 171.254.30.155:32772 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 14 19:23:57 pfSense openvpn[11258]: 171.254.30.155:32772 TLS Error: TLS handshake failed
    Mar 14 19:24:08 pfSense openvpn[11258]: 171.254.30.155:32825 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mar 14 19:24:08 pfSense openvpn[11258]: 171.254.30.155:32825 TLS Error: TLS handshake failed

    In Firewall Rules and Open VPN rules I have these rules already (in the attach pictures)

    Can any one help me to fix this. What am I missing here, what I need to do? Thank you so much
    ![OV rules.jpg](/public/imported_attachments/1/OV rules.jpg)
    ![OV rules.jpg_thumb](/public/imported_attachments/1/OV rules.jpg_thumb)



  • Mon Mar 14 19:23:25 2016 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=VN, ST=Ho Chi Minh, L=Ho Chi Minh, O=canhabennhau, emailAddress=yeudoivtn17@yahoo.com, CN=nhan
    Mon Mar 14 19:23:25 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Mon Mar 14 19:23:25 2016 TLS Error: TLS object -> incoming plaintext read error

    This error leads me to think you created the wrong type of Certificate for the OpenVPN Server.
    The OpenVPN Server requires a certificate of the type:Server
    The OpenVPN Client requires a certificate of the type:User
    Both certificates must use the same Certificate of Authority for their creation.

    Check all your certificates.



  • Thank you so much for your reply. I'm not sure that I clearly understang your answer. But after I try again with creating Open VPN and create new Certificate when in wizard of OpenVPN -> it's now OK.
    ;D



  • Glad you got it working.

    If you want an idea of what your certificates look like take a look through the "Certificate Manager" section of your WebGui.

    Welcome to pfSense!


Log in to reply