Hello forum :),
I followed the SSL roadwarrior official guide for OPNvpn; https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
however, after several tries (Configuring new CAs and certs) I'm unable to stablish the TLS tunnel.
The error log is as follows:
2024-03-05T18:52:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS handshake failed
2024-03-05T18:52:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS handshake failed
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS object -> incoming plaintext read error
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS_ERROR: BIO read tls_read_plaintext error
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: ..... , emailAddress=v......, CN=SSLVPN ServerCert2, serial=3
However, the certificate I'm using has:
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
X509v3 Key Usage:
Digital Signature, Key Encipherment
This is getting me quite frustrated since I'm unable to understand the cause of it, if the certificate EKU and KU is correct. :( :(
Thanks for all your help! ;)