Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 33420 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN not connecting

gcraenen
Hello,

I've setup a user and a SSL VPN server. Through the user portal I downloaded the ovpn file and loaded that in Tunnelblick (working on OS X). When I try ti connect it keeps on trying, but no connection is made.

In tunnelblick I can see the following error: 


9 VERIFY ERROR: could not extract CN from X509 subject string ('C=XX, L=yy, O=zz') -- note that the username length is limited to 64 characters

2015-11-02 20:20:39 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

2015-11-02 20:20:39 TLS Error: TLS object -> incoming plaintext read error

2015-11-02 20:20:39 TLS Error: TLS handshake failed

2015-11-02 20:20:39 Fatal TLS error (check_tls_errors_co), restarting

2015-11-02 20:20:39 SIGUSR1[soft,tls-error] received, process restarting


And in the log files of the UTM I can see: 


2015:11:02-20:20:38 utm openvpn[9066]: TCP connection established with [AF_INET]192.168.88.198:53020 (via [AF_INET]192.168.88.1:443)

2015:11:02-20:20:39 utm openvpn[9066]: 192.168.88.198:53020 TLS: Initial packet from [AF_INET]192.168.88.198:53020 (via [AF_INET]192.168.88.1:443), sid=794b7437 fad4f1d7

2015:11:02-20:20:39 utm openvpn[9066]: 192.168.88.198:53020 Connection reset, restarting [0]

2015:11:02-20:20:39 utm openvpn[9066]: 192.168.88.198:53020 SIGUSR1[soft,connection-reset] received, client-instance restarting

2015:11:02-20:20:39 utm openvpn[9066]: TCP connection established with [AF_INET]192.168.88.198:53022 (via [AF_INET]192.168.88.1:443)

2015:11:02-20:20:40 utm openvpn[9066]: 192.168.88.198:53022 TLS: Initial packet from [AF_INET]192.168.88.198:53022 (via [AF_INET]192.168.88.1:443), sid=2f1c0009 48c48bd2

2015:11:02-20:20:40 utm openvpn[9066]: 192.168.88.198:53022 Connection reset, restarting [0]

2015:11:02-20:20:40 utm openvpn[9066]: 192.168.88.198:53022 SIGUSR1[soft,connection-reset] received, client-instance restarting

2015:11:02-20:20:40 utm openvpn[9066]: TCP connection established with [AF_INET]192.168.88.198:53024 (via [AF_INET]192.168.88.1:443)

2015:11:02-20:20:41 utm openvpn[9066]: 192.168.88.198:53024 Connection reset, restarting [0]

2015:11:02-20:20:41 utm openvpn[9066]: 192.168.88.198:53024 SIGUSR1[soft,connection-reset] received, client-instance restarting


Any idea what is going wrong? It looks like errors in the certificate of the UTM. Do I have to delete all certificates and create new ones?


This thread was automatically locked due to age.
Parents
  • 0

    To bring back an old thread. I tried many different things to get this to work and nothing worked. I gave up, loaded the config on my iPhone and connected through OpenVPN app. So I knew everything was working, but the mac would refuse to connect with tunnelblick. I decided to try different OpenVPN versions and one of them worked!

    I used 2.4.4 - OpenSSL v1.0.2l

    Hopefully this can help someone that is searching for this issue!

Reply
  • 0

    To bring back an old thread. I tried many different things to get this to work and nothing worked. I gave up, loaded the config on my iPhone and connected through OpenVPN app. So I knew everything was working, but the mac would refuse to connect with tunnelblick. I decided to try different OpenVPN versions and one of them worked!

    I used 2.4.4 - OpenSSL v1.0.2l

    Hopefully this can help someone that is searching for this issue!

Children
No Data
Unfiltered HTML