151
18.1 Legacy Series / Re: TLS Error: TLS handshake failed
« on: March 21, 2018, 05:03:49 pm »
I have Remote Access (SSL/TLS + User Auth).
This is my server conf:
For the client, on Windows, I use Viscosity and i exported the client config from the OPNsense GUI. Works fine for me.
For Android, I use OpenVPN connect. Also works fine.
Just saw some minor things i could probably optimize here, but nothing related to authentication.
This is my server conf:
Code: [Select]
dev ovpns1
verb 0
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
client-connect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
client-disconnect /usr/local/etc/inc/plugins.inc.d/openvpn/attributes.sh
tls-server
server [edited] [edited]
client-config-dir /var/etc/openvpn-csc/1
username-as-common-name
auth-user-pass-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify user 'Local Database' 'false' 'server1'" via-env
tls-verify "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_auth_verify tls 'SSLVPN+Server+Certificate' 1"
lport 443
management /var/etc/openvpn/server1.sock unix
push "dhcp-option DOMAIN [edited]"
push "dhcp-option DNS [edited]"
push "register-dns"
push "dhcp-option NTP [edited]"
push "redirect-gateway def1"
client-to-client
duplicate-cn
route [edited] [edited]
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /usr/local/etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo adaptive
topology subnet
reneg-sec 0
auth-nocache
For the client, on Windows, I use Viscosity and i exported the client config from the OPNsense GUI. Works fine for me.
For Android, I use OpenVPN connect. Also works fine.
Just saw some minor things i could probably optimize here, but nothing related to authentication.