UTM SSL VPN

Hallo zusammen,

gibt es bei dem SSL VPN noch was zu beachten, ich habe das auf der UTM 9.7 aktiviert und versuche
mit Mac OS eine Verbindung zur UTM mithilfe von Tunnelblick aufzubauen. Die config per Userinterface gezogen und 
installiert. Es kommt aber keine Verbindung zustande..

Ich habe die gleich conifg im iPhone im OpenVPN Client installiert da läuft alles problemlos !?

Danke schonmal für Hinweiße !!

LOG:

OpenVPN started successfully.
Command used to start OpenVPN (one argument per displayed line):
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.18-openssl-1.0.2t/openvpn
--daemon
--log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sr_XXXXXXX@fXXXXXXXXX.XX.tblk-SContents-SResources-Sconfig.ovpn.769_0_3_0_1098032.61989.openvpn.log
--cd /Library/Application Support/Tunnelblick/Shared/XXXXXXX@fXXXXXXXXXXk/Contents/Resources
--setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5400 3.8.1 (build 5400)"
--verb 3
--config /Library/Application Support/Tunnelblick/Shared/XXXXXXXXXXXX.tblk/Contents/Resources/config.ovpn

          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Shared/XXXXXXXXXXXX.tblk/Contents/Resources

          --verb 3

          --cd /Library/Application Support/Tunnelblick/Shared/XXXXXXXXXXXX.tblk/Contents/Resources

          --management 127.0.0.1 61989 /Library/Application Support/Tunnelblick/nbbnejdeflgaammojindkmpemjahgbnpnbijekac.mip

          --management-query-passwords

          --management-hold

          --script-security 2

          --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2019-12-11 19:32:00.449593 *Tunnelblick: Established communication with OpenVPN

2019-12-11 19:32:00.710869 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

2019-12-11 19:32:00.729190 *Tunnelblick: Obtained VPN username and password from the Keychain

2019-12-11 19:32:11.547189 *Tunnelblick: Disconnecting; VPN Details… window disconnect button pressed

2019-12-11 19:32:11.691522 *Tunnelblick: Disconnecting using 'kill'

2019-12-11 19:32:12.248766 *Tunnelblick: Expected disconnection occurred.

Wed Dec 11 19:31:59 2019 OpenVPN 2.3.18 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Sep 11 2019

Wed Dec 11 19:31:59 2019 library versions: OpenSSL 1.0.2t  10 Sep 2019, LZO 2.10

Wed Dec 11 19:31:59 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:61989

Wed Dec 11 19:31:59 2019 Need hold release from management interface, waiting...

Wed Dec 11 19:32:00 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:61989

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'pid'

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'auth-retry interact'

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'state on'

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'state'

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'bytecount 1'

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'hold release'

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'username "Auth" „X.“‘XXXX.XXX

Wed Dec 11 19:32:00 2019 MANAGEMENT: CMD 'password [...]'

Wed Dec 11 19:32:00 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Wed Dec 11 19:32:00 2019 Socket Buffers: R=[131072->131072] S=[131072->131072]

Wed Dec 11 19:32:00 2019 MANAGEMENT: >STATE:1576089120,RESOLVE,,,

Wed Dec 11 19:32:00 2019 Attempting to establish TCP connection with [AF_INET]XX.XX.XX.XX:443 [nonblock]

Wed Dec 11 19:32:00 2019 MANAGEMENT: >STATE:1576089120,TCP_CONNECT,,,

Wed Dec 11 19:32:01 2019 TCP connection established with [AF_INET]XX.XX.XX.XX:443

Wed Dec 11 19:32:01 2019 TCPv4_CLIENT link local: [undef]

Wed Dec 11 19:32:01 2019 TCPv4_CLIENT link remote: [AF_INET]XX.XX.XX.XX:443

Wed Dec 11 19:32:01 2019 MANAGEMENT: >STATE:1576089121,WAIT,,,

Wed Dec 11 19:32:01 2019 MANAGEMENT: >STATE:1576089121,AUTH,,,

Wed Dec 11 19:32:01 2019 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:443, sid=sfsdsdfs

Wed Dec 11 19:32:01 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Wed Dec 11 19:32:02 2019 VERIFY OK: depth=1, C=de, L=Musterstadt, O=Firma GmbH, CN=Firma GmbH VPN CA, emailAddress=Firma@Firma.de

Wed Dec 11 19:32:02 2019 VERIFY ERROR: could not extract CN from X509 subject string ('C=de, ST=XXXXX, L=XXXXXX, O=XXXX GmbH, OU=IT, emailAddress=XX@XXXX‘.XX)80 -- note that the username length is limited to 64 characters

Wed Dec 11 19:32:02 2019 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Wed Dec 11 19:32:02 2019 TLS_ERROR: BIO read tls_read_plaintext error

Wed Dec 11 19:32:02 2019 TLS Error: TLS object -> incoming plaintext read error

Wed Dec 11 19:32:02 2019 TLS Error: TLS handshake failed

Wed Dec 11 19:32:02 2019 Fatal TLS error (check_tls_errors_co), restarting

This thread was automatically locked due to age.