OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • OpenVPN configuration for android client
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVPN configuration for android client  (Read 7297 times)

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
OpenVPN configuration for android client
« on: April 09, 2017, 12:08:36 pm »
I configur Authoriti server, create Certificate and user with this certificate.
I create OpenVPN server with this authiriti server and this certificate.
Then I export client install package for Android or OpenVPN connect, but I can't connect!
What could be the problem?
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1543
  • Karma: 166
    • View Profile
Re: OpenVPN configuration for android client
« Reply #1 on: April 09, 2017, 12:42:46 pm »
What error messages and log entries do you see?

Bart...
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #2 on: April 09, 2017, 12:48:43 pm »
Quote from: bartjsmit on April 09, 2017, 12:42:46 pm
What error messages and log entries do you see?
No errors, only certiicate verification or connection timeout.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1543
  • Karma: 166
    • View Profile
Re: OpenVPN configuration for android client
« Reply #3 on: April 09, 2017, 06:56:24 pm »
Sorry, I was a bit cryptic. Check out VPN -> OpenVPN -> Log File and see if you can spot any errors there.

Bart...
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #4 on: April 11, 2017, 02:19:38 am »
Quote from: bartjsmit on April 09, 2017, 06:56:24 pm
Sorry, I was a bit cryptic. Check out VPN -> OpenVPN -> Log File and see if you can spot any errors there.
I have this strings in logs:
Code: [Select]
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 TLS Error: TLS handshake failed
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 TLS Error: TLS object -> incoming plaintext read error
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 TLS_ERROR: BIO read tls_read_plaintext error
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=SPb, L=SPb, O=InfinityNet, emailAddress=admin@infinitynet, CN=Server Certificate for my OpenVPN
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #5 on: April 11, 2017, 02:39:24 am »
I solved the problem, I used server ca before instead client ca.

For what used parametr "Use a password to protect the pkcs12 file contents or key in Viscosity bundle", when I configured vpn on android I used user password?
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #6 on: April 12, 2017, 06:32:01 pm »
The connection is normal, but I can not connect to internal network resources and the Internet.
What could be the reason?
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: OpenVPN configuration for android client
« Reply #7 on: April 12, 2017, 06:50:59 pm »
a missing pass rule in the firewall?
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #8 on: April 13, 2017, 01:08:22 am »
Quote from: fabian on April 12, 2017, 06:50:59 pm
a missing pass rule in the firewall?
I see rule for OpenVPN with destination value "*".
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1543
  • Karma: 166
    • View Profile
Re: OpenVPN configuration for android client
« Reply #9 on: April 13, 2017, 12:57:34 pm »
Make sure the source is set to your tunnel subnet or * as well.

Bart...
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #10 on: April 13, 2017, 11:58:38 pm »
Quote from: bartjsmit on April 13, 2017, 12:57:34 pm
Make sure the source is set to your tunnel subnet or * as well.

I don't understand you(
Logged

Space

  • Full Member
  • ***
  • Posts: 105
  • Karma: 6
    • View Profile
Re: OpenVPN configuration for android client
« Reply #11 on: April 14, 2017, 01:22:05 am »
Hi,

if you go to VPN -> OpenVPN -> Servers you see a network listed in column "Tunnel Network". Remember this network.

Then go to Firewall -> Rules - OPENVPN. There should be a rule to let the traffic pass from the OpenVPN network to the destinations  you desire. Make sure that in the column "Source" the network from above is listed.

Best regards,

    Jochen
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #12 on: April 17, 2017, 02:46:37 am »
Quote from: Space on April 14, 2017, 01:22:05 am
if you go to VPN -> OpenVPN -> Servers you see a network listed in column "Tunnel Network". Remember this network.
Then go to Firewall -> Rules - OPENVPN. There should be a rule to let the traffic pass from the OpenVPN network to the destinations  you desire. Make sure that in the column "Source" the network from above is listed.
Source and target sets as "*", I set source to "OpenVPN net" but nothing changed.
Logged

BlackDragon381

  • Newbie
  • *
  • Posts: 21
  • Karma: 0
    • View Profile
Re: OpenVPN configuration for android client
« Reply #13 on: April 19, 2017, 01:18:05 am »
I set Source on OPENVPN tab equal my Tunnel Network, but I still can't connect to LAN resorse and the Internet.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • OpenVPN configuration for android client
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2