Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 6567 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN site to site to OpenVPN client

innovatum
I'm trying to establish an SSL VPN connection between UTM9 (server) and OpenVPN on ASUS RT-AC56U router (client), but I can't seem to get it to work. 
I've created a host cert using the UTM CA. Exported CA-cert public and private keys to the  ASUS router. As I havn't found any .apc to .ovpn conversion utility I've had to add settings manually. 

The UTM log says:

VERIFY OK: depth=1  
VERIFY OK: depth=0 ... CN=
TLS Error: Auth Username/Password was not provided by peer
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
...

On the ASUS router:
VERIFY OK: depth=1  
VERIFY OK: depth=0 .... CN=
Connection reset, restarting [0]
...

Is username/password required for site to site VPN's? The OpenVPN settings on the ASUS router is set to not use "Username/Password authentication".
I've also tried multiple ASUS firmwares (Merlin, Tomato) but I get the same error.

Any guides available for setting up SSL VPN site to site with anything besides another UTM?


This thread was automatically locked due to age.
Parents
  • 0
    Hi, and welcome to the User BB!

    Try a Google on site:astaro.com openvpn apc ovpn

    You will find info about the converter that some have tried and that some have reported success.  You won't find a definitive guide.  I would have thought that the username/password you needed would have been in the apc file.

    Hopefully, you'll find the trick that others have missed.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Here is a link to a feature request about this capability. It's currently 9th on the top requested features list. Please vote for it. Maybe Sophos will listen for the next release. Please post about your success or otherwise.
Reply Children
No Data
Unfiltered HTML