2017-10-30 15:58:37 Client exception in transport_recv_excode: PolarSSL: SSL read error : SSL - Processing of the Certificate handshake message failed2017-10-30 15:58:37 Client terminated, restarting in 2000 ms...
I think this is either a problem with the format of your cert on opnsense or just your ipad client being picky.Any chance you can try a different client on ipad?
2017-10-30 19:05:49: State changed to Connecting2017-10-30 19:05:49: TCP/UDP: Preserving recently used remote address: [AF_INET]11.22.33.44:11942017-10-30 19:05:49: UDP link local (bound): [AF_INET][undef]:02017-10-30 19:05:49: UDP link remote: [AF_INET]11.22.33.44:11942017-10-30 19:05:49: State changed to Authenticating2017-10-30 19:05:49: VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=GB, ST=State, L=City, O=Org, emailAddress=noreply@blah.co.uk, CN=SSLVPN Server Certificate2017-10-30 19:05:49: OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed2017-10-30 19:05:49: TLS_ERROR: BIO read tls_read_plaintext error2017-10-30 19:05:49: TLS Error: TLS object -> incoming plaintext read error2017-10-30 19:05:49: TLS Error: TLS handshake failed2017-10-30 19:05:49: SIGUSR1[soft,tls-error] received, process restarting2017-10-30 19:05:49: Viscosity Mac 1.7.5 (1420)2017-10-30 19:05:49: Viscosity OpenVPN Engine Started2017-10-30 19:05:49: Running on macOS 10.12.6
Yep - Cert errors.Be sure to create a proper CA. I name mine VPN CA to avoid confusion.Then use that CA to create a SERVER cert. Not user cert. I call mine something like VpnServerCert (to avoid confusion)Make sure you fill in all the fields required for the certs. Make crap up if you need to - I do.Then go back to your VPN server and make sure its using your new server Cert and Shiny new CAThen export it, and try again.
Is that new or old cert. Are these new that you just created?
Be careful at the point where you are making the cert and the ca. There is a box that says "type". Be sure to select server.
