VPN Server

[valerio]

Hello to everybody,
I have an issue about the creation of a VPN server.
I followed the official guide and other guides, but i didn't find a solution.
My network schema is so easy:

       INTERNET
             |
          (WAN)
       OPNSENSE
          (LAN)

I get an "import error" when i try to import the configuration on OpenVPN Client (windows)
I even tried on openvpn CLI (linux),
and using Viscosity (with the right conf file) on windows...
I tried and tried in many ways..
What could i do?
Thanks for the answer

[lfirewall1243]

What kind of error do you get?

[valerio]

The most relevant error in my VPN client is:
"EVENT: mbed TLS: ca certificate is undefined"

[lfirewall1243]

Please show us your VPN config.

But with that error i think you haven't create a "CA" and the Server- and Client-Certificate for it :)

[valerio]

I did. i've created the CA and the Certificate for my user.

file.ovpn

Code Select Expand

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA512
client
resolv-retry infinite
remote [IP] 1194 udp
lport 0
verify-x509-name "C=IT, ST=Italy, L=Rome, O=Lab, emailAddress=spam@lab.local, CN=SSLVPN Server Certificate" subject
remote-cert-tls server
comp-lzo adaptive
pkcs12 My_OPENVPN_Server_admin.p12
tls-auth My_OPENVPN_Server_admin-tls.key 1

[lfirewall1243]

Try to export the VPN config just as one file, not an archiv.
Maybe then its working :)

And are the .p12 and .key files in the same folder as the .ovpn file?

[valerio]

Yes they are in the same folder,
i've just tried with all in one file (no archive).

this is the log

Code Select Expand

⏎15/11/2019, 14:03:40 EVENT:  mbed TLS: ca certificate is undefined⏎15/11/2019, 14:03:40 Frame=512/2048/512 mssfix-ctrl=1250
⏎18/11/2019, 15:09:19 OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Oct 31 2019 11:32:43
⏎18/11/2019, 15:09:19 Frame=512/2048/512 mssfix-ctrl=1250
⏎18/11/2019, 15:09:19 UNUSED OPTIONS
1 [persist-tun]
2 [persist-key]
6 [resolv-retry] [infinite]
8 [lport] [0]
9 [verify-x509-name] [C=IT, ST=Italy, L=Rome, O=Lab, emailAddress=spam@lab.local, CN=S...] [subject]
⏎18/11/2019, 15:09:19 EVENT: RESOLVE ⏎18/11/2019, 15:09:19 EVENT: WAIT ⏎18/11/2019, 15:09:19 Contacting [IP]:1194 via UDP
⏎18/11/2019, 15:09:19 Connecting to [IP]:1194 ([IP]) via UDPv4
⏎18/11/2019, 15:09:29 Server poll timeout, trying next remote entry...
⏎18/11/2019, 15:09:29 EVENT: RECONNECTING ⏎18/11/2019, 15:09:29 EVENT: RESOLVE ⏎18/11/2019, 15:09:29 EVENT: WAIT ⏎18/11/2019, 15:09:29 Contacting [IP]:1194 via UDP
⏎18/11/2019, 15:09:29 Connecting to [[IP]]:1194 ([IP]) via UDPv4
⏎18/11/2019, 15:09:39 Server poll timeout, trying next remote entry...
⏎18/11/2019, 15:09:39 EVENT: RECONNECTING ⏎18/11/2019, 15:09:39 EVENT: RESOLVE ⏎18/11/2019, 15:09:39 Contacting [IP]:1194 via UDP
⏎18/11/2019, 15:09:39 Connecting to [[IP]]:1194 ([IP]) via UDPv4
⏎18/11/2019, 15:09:39 EVENT: WAIT ⏎18/11/2019, 15:09:49 Server poll timeout, trying next remote entry...
⏎18/11/2019, 15:09:49 EVENT: RECONNECTING ⏎18/11/2019, 15:09:49 EVENT: RESOLVE ⏎18/11/2019, 15:09:49 Contacting [IP]:1194 via UDP
⏎18/11/2019, 15:09:49 EVENT: WAIT ⏎18/11/2019, 15:09:49 Connecting to [[IP]]:1194 ([IP]) via UDPv4
⏎18/11/2019, 15:09:59 Server poll timeout, trying next remote entry...
⏎18/11/2019, 15:09:59 EVENT: RECONNECTING ⏎18/11/2019, 15:09:59 EVENT: RESOLVE ⏎18/11/2019, 15:09:59 EVENT: WAIT ⏎18/11/2019, 15:09:59 Contacting [IP]:1194 via UDP
⏎18/11/2019, 15:09:59 Connecting to [[IP]]:1194 ([IP]) via UDPv4
⏎18/11/2019, 15:10:04 EVENT: DISCONNECTED ⏎18/11/2019, 15:11:50 OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Oct 31 2019 11:32:43
⏎18/11/2019, 15:11:50 Frame=512/2048/512 mssfix-ctrl=1250
⏎18/11/2019, 15:11:50 UNUSED OPTIONS

[mow4cash]

Do you have the correct [IP] address?

[valerio]

Yes obviously.
i have obfuscated it here for security reasons only.