Unable to connect to tje OpenVPN server on my Asus Router RT-AC55UHP via the Mac version of tunnelblick

[cw.woo...@gmail.com]

Log message

2016-06-16 20:20:49 VERIFY ERROR: depth=0, error=self signed certificate: C=CA
2016-06-16 20:20:49 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2016-06-16 20:20:49 TLS Error: TLS object -> incoming plaintext read error
2016-06-16 20:20:49 TLS Error: TLS handshake failed

The shell script for generating the ca.crt, server.crt, server.key

SUBJ="/C=CA"
openssl req -x509 -nodes -sha256 -newkey rsa:1024 -keyout ca.key -out ca.crt -days 365 -outform PEM -subj $SUBJ
openssl x509 -in ca.crt -signkey ca.key -x509toreq -out ca.csr -outform PEM
openssl req -x509 -nodes -sha256 -in ca.csr -newkey rsa:1024 -keyout server.key -out server.crt -days 365 -outform PEM -subj $SUBJ
openssl dhparam 1024 -out dhparam
openssl req -x509 -nodes -sha256 -newkey rsa:1024 -keyout client.key -out client.crt -days 365 -outform PEM -subj $SUBJ

The OpenVPN server on RT-AC55UHP starts up successfully with using ca.crt, server.crt and server.key. So I don't think it is the server issue. Although I am using OS X El Capitan 10.11.5 and I added the ca.crt and server.crt to the Keychain Access, I am still unable to connect to my OpenVPN server.

Any ideas?

Thanks

[Randy Witlicki]

  If you do a web search with the string:

VERIFY ERROR: depth=0, error=self signed certificate

  you will get a number of results.

  The first one is:

http://serverfault.com/questions/348967/openvpn-self-signed-certificate-in-chain

  

  - ARandy

--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-dis...@googlegroups.com.
Visit this group at https://groups.google.com/group/tunnelblick-discuss.
For more options, visit https://groups.google.com/d/optout.

[jkbull...gmail.com]

OpenVPN doesn't work with the Keychain, so you shouldn't add the keys/certs to the Keychain.

There are more details in Creating and Installing a Tunnelblick VPN Configuration, but briefly, OpenVPN configuration files either include the certificate/keys inline, or refer to the names of the files in which the keys/certs are contained.

You may want to consult OpenVPN resources:

• OpenVPN FAQ
• OpenVPN HOWTO
• OpenVPN 2.3 Man Page
• OpenVPN Documentation
• OpenVPN Users Forum
• OpenVPN Users Mailing List

[cw.woo...@gmail.com]

before posting this question, i did read that. That does not help

To unsubscribe from this group and stop receiving emails from it, send an email to tunnelblick-discuss+unsub...@googlegroups.com.

[cw.woo...@gmail.com]

I have already use .tblk file to establish the connect not just the Keychain. Still does not work

[jkbull...gmail.com]

Please follow the instructions at Read Before You Post to get the info and then post that info.