OpenVPN configuration for android client

[BlackDragon381]

I configur Authoriti server, create Certificate and user with this certificate.
I create OpenVPN server with this authiriti server and this certificate.
Then I export client install package for Android or OpenVPN connect, but I can't connect!
What could be the problem?

[bartjsmit]

What error messages and log entries do you see?

Bart...

[BlackDragon381]

What error messages and log entries do you see?

No errors, only certiicate verification or connection timeout.

[bartjsmit]

Sorry, I was a bit cryptic. Check out VPN -> OpenVPN -> Log File and see if you can spot any errors there.

Bart...

[BlackDragon381]

Sorry, I was a bit cryptic. Check out VPN -> OpenVPN -> Log File and see if you can spot any errors there.

I have this strings in logs:

Code: [Select]

Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 TLS Error: TLS handshake failed
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 TLS Error: TLS object -> incoming plaintext read error
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 TLS_ERROR: BIO read tls_read_plaintext error
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 OpenSSL: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
Apr 11 03:17:24 openvpn[64982]: 192.168.3.36:55542 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=RU, ST=SPb, L=SPb, O=InfinityNet, emailAddress=admin@infinitynet, CN=Server Certificate for my OpenVPN


[BlackDragon381]

I solved the problem, I used server ca before instead client ca.

For what used parametr "Use a password to protect the pkcs12 file contents or key in Viscosity bundle", when I configured vpn on android I used user password?

[BlackDragon381]

The connection is normal, but I can not connect to internal network resources and the Internet.
What could be the reason?

[fabian]

a missing pass rule in the firewall?

[BlackDragon381]

a missing pass rule in the firewall?

I see rule for OpenVPN with destination value "*".

[bartjsmit]

Make sure the source is set to your tunnel subnet or * as well.

Bart...

[BlackDragon381]

Make sure the source is set to your tunnel subnet or * as well.

I don't understand you(

[Space]

Hi,

if you go to VPN -> OpenVPN -> Servers you see a network listed in column "Tunnel Network". Remember this network.

Then go to Firewall -> Rules - OPENVPN. There should be a rule to let the traffic pass from the OpenVPN network to the destinations  you desire. Make sure that in the column "Source" the network from above is listed.

Best regards,

    Jochen

[BlackDragon381]

if you go to VPN -> OpenVPN -> Servers you see a network listed in column "Tunnel Network". Remember this network.
Then go to Firewall -> Rules - OPENVPN. There should be a rule to let the traffic pass from the OpenVPN network to the destinations  you desire. Make sure that in the column "Source" the network from above is listed.

Source and target sets as "*", I set source to "OpenVPN net" but nothing changed.

[BlackDragon381]

I set Source on OPENVPN tab equal my Tunnel Network, but I still can't connect to LAN resorse and the Internet.