1
Virtual private networks / TLS handshake failed OPNvpn
« on: March 05, 2024, 07:58:46 pm »
Hello forum ,
I followed the SSL roadwarrior official guide for OPNvpn; https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
however, after several tries (Configuring new CAs and certs) I'm unable to stablish the TLS tunnel.
The error log is as follows:
2024-03-05T18:52:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS handshake failed
2024-03-05T18:52:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS handshake failed
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS object -> incoming plaintext read error
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS_ERROR: BIO read tls_read_plaintext error
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: ..... , emailAddress=v......, CN=SSLVPN ServerCert2, serial=3
However, the certificate I'm using has:
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
X509v3 Key Usage:
Digital Signature, Key Encipherment
This is getting me quite frustrated since I'm unable to understand the cause of it, if the certificate EKU and KU is correct.
Thanks for all your help!
I followed the SSL roadwarrior official guide for OPNvpn; https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
however, after several tries (Configuring new CAs and certs) I'm unable to stablish the TLS tunnel.
The error log is as follows:
2024-03-05T18:52:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS handshake failed
2024-03-05T18:52:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS handshake failed
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS Error: TLS object -> incoming plaintext read error
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 TLS_ERROR: BIO read tls_read_plaintext error
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 OpenSSL: error:0A000086:SSL routines::certificate verify failed:
2024-03-05T18:51:02 Error openvpn_server1 PUB_IP client:4143 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: ..... , emailAddress=v......, CN=SSLVPN ServerCert2, serial=3
However, the certificate I'm using has:
X509v3 Extended Key Usage:
TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
X509v3 Key Usage:
Digital Signature, Key Encipherment
This is getting me quite frustrated since I'm unable to understand the cause of it, if the certificate EKU and KU is correct.
Thanks for all your help!