TLS handshake failed OPNvpn

Started by IagoNetti, March 05, 2024, 07:58:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 05, 2024, 07:58:46 PM
Hello forum  :),

I followed the SSL roadwarrior official guide for OPNvpn; https://docs.opnsense.org/manual/how-tos/sslvpn_client.html

however, after several tries (Configuring new CAs and certs) I'm unable to stablish the TLS tunnel.

The error log is as follows:
2024-03-05T18:52:02   Error   openvpn_server1   PUB_IP client:4143 TLS Error: TLS handshake failed   
2024-03-05T18:52:02   Error   openvpn_server1   PUB_IP client:4143 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)   
2024-03-05T18:51:02   Error   openvpn_server1   PUB_IP client:4143 TLS Error: TLS handshake failed   
2024-03-05T18:51:02   Error   openvpn_server1   PUB_IP client:4143 TLS Error: TLS object -> incoming plaintext read error   
2024-03-05T18:51:02   Error   openvpn_server1   PUB_IP client:4143 TLS_ERROR: BIO read tls_read_plaintext error   
2024-03-05T18:51:02   Error   openvpn_server1   PUB_IP client:4143 OpenSSL: error:0A000086:SSL routines::certificate verify failed:   
2024-03-05T18:51:02   Error   openvpn_server1   PUB_IP client:4143 VERIFY ERROR: depth=0, error=unsuitable certificate purpose: ..... , emailAddress=v......, CN=SSLVPN ServerCert2, serial=3

However, the certificate I'm using has:
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
            X509v3 Key Usage:
                Digital Signature, Key Encipherment

This is getting me quite frustrated since I'm unable to understand the cause of it, if the certificate EKU and KU is correct. :( :(
Thanks for all your help!  ;)
Print
Go Up Pages1
User actions