OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of uaw »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - uaw

Pages: [1]
1
18.7 Legacy Series / OPNsense 18.7.4 - OpenVPN - Intermediate CA
« on: October 07, 2018, 12:20:22 pm »
Hi there,
currently I am running a testenvironment with two OPNsense 18.7.4 machines. Machine A ist connected to the internet and simulates an internet provider for machine B. There is a LAN-A on one machine an a LAN-B on the other (likewise there are DMZs). In general this environment is running fine. I can work tunnels either LAN-LAn or RoadWarrior B to machine A as long as these tunnels are shared-key only.

Problem starts, when I work with certificates having a root-CA and an intermediate CA. The tunnel building will fail and return the error ...VERIFY ERROR: depth=2, error=self signed certificate in certificate chain... .

However, if I change the involved certificates to not using an intermediate-CA (sole other change ist certificate depth set to 1) the tunnel works fine.

Conclusion: The combination of OPNsense and OpenVPN has a problem using certificates with intermediate-CAs.

Remark: I am aware, that there have been similar problems with pfSense in the past, so this ist probably not new. I found only very few related posts with google and nothing related within the forum.

Any experiences / comments? Is ist old stuff an me being blind? Am I reporting in the wrong place?

Any comment welcome.

Cheers, UAW.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2