You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HI there. I have an Asus RT-AC68U running Asuswrt-Merlin 384.19
Turning on the VPN client after following the instructions prints "Error - check configuration!". These are the logs:
Nov 14 12:40:08 rc_service: httpd 261:notify_rc start_vpnclient1
Nov 14 12:40:10 ovpn-client1[20212]: OpenVPN 2.4.9 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 14 2020
Nov 14 12:40:10 ovpn-client1[20212]: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.08
Nov 14 12:40:10 ovpn-client1[20213]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 14 12:40:10 ovpn-client1[20213]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Nov 14 12:40:10 ovpn-client1[20213]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Nov 14 12:40:10 ovpn-client1[20213]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Nov 14 12:40:10 ovpn-client1[20213]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Nov 14 12:40:10 ovpn-client1[20213]: TCP/UDP: Preserving recently used remote address: [AF_INET]<redacted external IP>:1194
Nov 14 12:40:10 ovpn-client1[20213]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Nov 14 12:40:10 ovpn-client1[20213]: UDP link local: (not bound)
Nov 14 12:40:10 ovpn-client1[20213]: UDP link remote: [AF_INET]<redacted external IP>:1194
Nov 14 12:40:11 ovpn-client1[20213]: TLS: Initial packet from [AF_INET]<redacted external IP>:1194, sid=9144dd9c 04130c74
Nov 14 12:40:11 ovpn-client1[20213]: VERIFY OK: depth=1, CN=ChangeMe
Nov 14 12:40:11 ovpn-client1[20213]: VERIFY KU OK
Nov 14 12:40:11 ovpn-client1[20213]: Validating certificate extended key usage
Nov 14 12:40:11 ovpn-client1[20213]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Nov 14 12:40:11 ovpn-client1[20213]: VERIFY EKU OK
Nov 14 12:40:11 ovpn-client1[20213]: VERIFY X509NAME ERROR: CN=pihole_e05ebf22-b14c-43ab-9a83-dedeaa0e2d6a, must be pihole_e05ebf22-b14c-43ab-9a83-
Nov 14 12:40:11 ovpn-client1[20213]: OpenSSL: error:1416F086:lib(20):func(367):reason(134)
Nov 14 12:40:11 ovpn-client1[20213]: TLS_ERROR: BIO read tls_read_plaintext error
Nov 14 12:40:11 ovpn-client1[20213]: TLS Error: TLS object -> incoming plaintext read error
Nov 14 12:40:11 ovpn-client1[20213]: TLS Error: TLS handshake failed
Nov 14 12:40:11 ovpn-client1[20213]: SIGUSR1[soft,tls-error] received, process restarting
The certificate authority on the PiHole is set up with a common name (CN) of "ChangeMe". I confirmed this by running this on my PiHole:
Of course, ChangeMe ≠ to the expected pihole_e05ebf22-b14c-43ab-9a83-dedeaa0e2d6a, so this check fails. I can work around it by setting Verify Server Certificate Name to No under Advanced Settings of the VPN client.
Is there a way to configure this system with a real CN?
The text was updated successfully, but these errors were encountered:
HI there. I have an Asus RT-AC68U running Asuswrt-Merlin 384.19
Turning on the VPN client after following the instructions prints "Error - check configuration!". These are the logs:
The certificate authority on the PiHole is set up with a common name (CN) of "ChangeMe". I confirmed this by running this on my PiHole:
Of course,
ChangeMe
≠ to the expectedpihole_e05ebf22-b14c-43ab-9a83-dedeaa0e2d6a
, so this check fails. I can work around it by settingVerify Server Certificate Name
toNo
underAdvanced Settings
of the VPN client.Is there a way to configure this system with a real CN?
The text was updated successfully, but these errors were encountered: