Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Road Warrior won't work without client certificates
« previous
next »
Print
Pages: [
1
]
Author
Topic: OpenVPN Road Warrior won't work without client certificates (Read 1231 times)
J-Psy
Newbie
Posts: 4
Karma: 0
OpenVPN Road Warrior won't work without client certificates
«
on:
April 27, 2022, 02:26:02 pm »
Hello,
I'm struggling with the openVPN road warrior configuration. I've been following the following how to :
https://docs.opnsense.org/manual/how-tos/sslvpn_client.html
I want to make it work using LDAP accounts with TOTP but no client certificates.
The LDAP users have been imported fine and I configured the OTP Seed on them. When I add client certificates as described in the how to, it works fine. I can connect to the OpenVPN server, and traffic is working as expected.
But as I don't want to use client certificate, I don't create them, and in this case it does not work. Obviously I updated the openVPN client with an update export for it to embed the right settings.
I tried to add the client-cert-not-required option but still have the same problem.
On the OPNSense FW I have the following logs :
2022-04-27T14:16:25 Error openvpn CLIENTIP:51767 TLS Error: TLS handshake failed
2022-04-27T14:16:25 Error openvpn CLIENTIP:51767 TLS Error: TLS object -> incoming plaintext read error
2022-04-27T14:16:25 Error openvpn CLIENTIP:51767 TLS_ERROR: BIO read tls_read_plaintext error
2022-04-27T14:16:25 Error openvpn CLIENTIP:51767 OpenSSL: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate
And on the client side :
⏎[Apr 27, 2022, 14:16:25] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Apr 27, 2022, 14:16:25] UNUSED OPTIONS
1 [persist-tun]
2 [persist-key]
6 [resolv-retry] [infinite]
8 [lport]
⏎[Apr 27, 2022, 14:16:25] EVENT: RESOLVE ⏎[Apr 27, 2022, 14:16:25] Contacting REMOTEIP:1194 via UDP
⏎[Apr 27, 2022, 14:16:25] EVENT: WAIT ⏎[Apr 27, 2022, 14:16:25] WinCommandAgent: transmitting bypass route to REMOTEIP
{
"host" : "REMOTEIP",
"ipv6" : false
}
⏎[Apr 27, 2022, 14:16:25] Connecting to [REMOTEIP]:1194 (REMOTEIP) via UDPv4
⏎[Apr 27, 2022, 14:16:25] EVENT: CONNECTING ⏎[Apr 27, 2022, 14:16:25] Tunnel Options:V4,dev-type tun,link-mtu 1603,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client
⏎[Apr 27, 2022, 14:16:25] Creds: Username/Password
⏎[Apr 27, 2022, 14:16:25] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
IV_LZ4v2=1
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
⏎[Apr 27, 2022, 14:17:05] Session invalidated: KEEPALIVE_TIMEOUT
⏎[Apr 27, 2022, 14:17:05] Client terminated, restarting in 2000 ms...
If anyone has an idea about this... Thank you for your help !
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
OpenVPN Road Warrior won't work without client certificates