Comments (14)
Try enabling legacy algorithms:
$ openvpn3 config-manage --config CONFIG_NAME --enable-legacy-algorithms true
You need to have pre-imported the configuration file first, though.
$ openvpn3 config-import --persistent --name CONFIG_NAME --config CONFIG_FILE
Then you can start the config using
$ openvpn3 session-start --config CONFIG_NAME
from openvpn3-linux.
Hi,
I enabled it but isn't working :/
My CA algorithm signature is : ecdsa-with-SHA256
I don't understand why I still have this error on my Openvpn Server :
I thank it was a issue from the module I want to use, but when I disable it on my openvpn server and client, isn't working. So the problem is really from openvpn3 client.
I can try to change all my CA to have a 4096 bits RSA signature or maybe update to the latest version of openssl 3 on my ubuntu.
Regards
from openvpn3-linux.
That sounds more like a messed up a CA than anything else.
from openvpn3-linux.
But when I'm trying to use my conf with Openvpn (2.5.6) it's working well :/
from openvpn3-linux.
OpenVPN 3 Linux and the OpenVPN 3 Core Library 3.8 is by default a lot stricter out-of-the-box than OpenVPN 2.x.
from openvpn3-linux.
Can you post a log with --verb 4
from OpenVPN 2.x in that case?
from openvpn3-linux.
Here is it
openvpn.log
from openvpn3-linux.
Please also run another test:
$ /usr/bin/openvpn2 --config CONFIG_FILE --verb 6
(this cannot use the pre-imported configuration, but will give a similar log output on the connection failure)
from openvpn3-linux.
With the wrapper Openvpn 2.X for OpenVPN isn't working and I have the same problem.
But when I use the package Openvpn package from apt version 2.5.5 it's working well :/
It could be an issue from openvpn3 which is stricter than openvpn 2.5.5 ?
from openvpn3-linux.
@SherZCHR We want to see the full log of openvpn2
until it errors out, to better compare
from openvpn3-linux.
The interesting lines from the OpenVPN 2.x log:
2024-02-01 11:39:42 us=278990 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
secp256r1 is not the best cipher but it is still accepted in normal security levels of openssl
2024-02-01 11:39:38 us=616397 library versions: OpenSSL 3.1.0 14 Mar 2023, LZO 2.10
@SherZCHR do you have the possilbility to create certificates that you can share that would allow us to reproduce the problem?
from openvpn3-linux.
@dsommers for the log with openvpn2 command I don't have any logs on the client side but for the server side :
serv_ovpn.log
@schwabe I can't have the possilbility to create a certificat for you, I use a smallstep ca fyi
from openvpn3-linux.
Hi,
I try to change my CA, and it's working well when I use Easy-RSA,
I don't know why when I'm trying to use smallstep CA, isn't working, have you an idea of what is the problem and if smallstep is managed ?
Regards,
from openvpn3-linux.
For us to be able to understand why the "smallstep CA" isn't working, we need to see a smallstep created certificate to inspect it.
Since it is working with Easy-RSA, I'm closing this issue and converting it to a Q&A discussion. This is more a support case, not an issue in OpenVPN 3 Linux.
from openvpn3-linux.
Related Issues (20)
- Provided script for connector installation failed HOT 1
- OpenVPN3 v21, U 23.10 and CloudConnexa DIVE HOT 1
- Failed to start session with CloudConnexa on Fedora Linux HOT 3
- D-Bus API: requests for improvements HOT 3
- OpenVPN3 doesn't set back previous DNS after disconnect using systemd-resolved in stub mode HOT 4
- Support Synology DSM? HOT 2
- Can't access sites via domain only via ip
- <connection> profiles are non-functional + unkown/unsupported option details are lacking HOT 11
- Error after ArchLinux upgrade HOT 2
- Add support for resolvconf interface HOT 2
- Support for ubuntu 24.04 HOT 12
- How to check the encryption protocol used when connecting to openvpn HOT 1
- openvpn3 config-import --persistent doesn't persist over reboot HOT 21
- Can't install openvpn3 (Fedora 37) HOT 2
- openvpn3 session-start using config file fails to start on first attempt, works on second attempt HOT 7
- Archlinux install fails - ConfigManager inaccesssible for test-suite on first install HOT 3
- Can't connect witt Sophos router with OpenVPN v 21. HOT 14
- Migrate to codeberg.org
- Unknown options: "python.bytecompile" HOT 6
- Support for OpenSuse Tumbleweed HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn3-linux.