I have read in other places softether does not support certificate authentication but I am using OpenVPN GUI v11.14.0.0 and recently updated Softether server 4.32, and using the below .ovpn it does connect to my server; of course I have a user created and selected certificate authentication, created and add the corresponding certificates in my .ovpn file, below the log successfully connecting (top to bottom)
Wed Mar 18 17:47:41 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Wed Mar 18 17:47:41 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Mar 18 17:47:41 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Wed Mar 18 17:47:41 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Mar 18 17:47:41 2020 Need hold release from management interface, waiting...
Wed Mar 18 17:47:41 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Mar 18 17:47:41 2020 MANAGEMENT: CMD 'state on'
Wed Mar 18 17:47:41 2020 MANAGEMENT: CMD 'log all on'
Wed Mar 18 17:47:41 2020 MANAGEMENT: CMD 'echo all on'
Wed Mar 18 17:47:41 2020 MANAGEMENT: CMD 'bytecount 5'
Wed Mar 18 17:47:41 2020 MANAGEMENT: CMD 'hold off'
Wed Mar 18 17:47:41 2020 MANAGEMENT: CMD 'hold release'
Wed Mar 18 17:47:41 2020 TCP/UDP: Preserving recently used remote address: [AF_INET][myserverip]:443
Wed Mar 18 17:47:41 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Mar 18 17:47:41 2020 Attempting to establish TCP connection with [AF_INET][myserverip]:443 [nonblock]
Wed Mar 18 17:47:41 2020 MANAGEMENT: >STATE:1584553661,TCP_CONNECT,,,,,,
Wed Mar 18 17:47:42 2020 TCP connection established with [AF_INET][myserverip]:443
Wed Mar 18 17:47:42 2020 TCP_CLIENT link local: (not bound)
Wed Mar 18 17:47:42 2020 TCP_CLIENT link remote: [AF_INET][myserverip]:443
Wed Mar 18 17:47:42 2020 MANAGEMENT: >STATE:1584553662,WAIT,,,,,,
Wed Mar 18 17:47:42 2020 MANAGEMENT: >STATE:1584553662,AUTH,,,,,,
Wed Mar 18 17:47:42 2020 TLS: Initial packet from [AF_INET][myserverip]:443, sid=504f73ba 0867b040
Wed Mar 18 17:47:43 2020 VERIFY KU OK
Wed Mar 18 17:47:43 2020 Validating certificate extended key usage
Wed Mar 18 17:47:43 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Mar 18 17:47:43 2020 VERIFY EKU OK
Wed Mar 18 17:47:43 2020 VERIFY OK: depth=0, CN=[vpnNumber].softether.net, O=[vpnNumber].softether.net, OU=[vpnNumber].softether.net, C=US
Wed Mar 18 17:47:43 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Mar 18 17:47:43 2020 [[vpnNumber].softether.net] Peer Connection Initiated with [AF_INET][myserverip]:443
Wed Mar 18 17:47:44 2020 MANAGEMENT: >STATE:1584553664,GET_CONFIG,,,,,,
Wed Mar 18 17:47:44 2020 SENT CONTROL [[vpnNumber].softether.net]: 'PUSH_REQUEST' (status=1)
Wed Mar 18 17:47:44 2020 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 192.168.30.21 192.168.30.22,route 192.168.30.0 255.255.255.0 vpn_gateway'
Wed Mar 18 17:47:44 2020 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 18 17:47:44 2020 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 18 17:47:44 2020 OPTIONS IMPORT: route options modified
Wed Mar 18 17:47:44 2020 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar 18 17:47:44 2020 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 18 17:47:44 2020 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Mar 18 17:47:44 2020 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 18 17:47:44 2020 interactive service msg_channel=620
Wed Mar 18 17:47:44 2020 ROUTE_GATEWAY 192.168.13.1/255.255.255.0 I=11 HWADDR=48:2a:e3:3f:5f:99
Wed Mar 18 17:47:44 2020 open_tun
Wed Mar 18 17:47:44 2020 TAP-WIN32 device [Talk2m-eCatcher] opened: \\.\Global\{418A9F47-1307-4650-9C3C-28893C93D82E}.tap
Wed Mar 18 17:47:44 2020 TAP-Windows Driver Version 9.24
Wed Mar 18 17:47:44 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.30.21/255.255.255.252 on interface {418A9F47-1307-4650-9C3C-28893C93D82E} [DHCP-serv: 192.168.30.22, lease-time: 31536000]
Wed Mar 18 17:47:44 2020 Successful ARP Flush on interface [18] {418A9F47-1307-4650-9C3C-28893C93D82E}
Wed Mar 18 17:47:44 2020 MANAGEMENT: >STATE:1584553664,ASSIGN_IP,,192.168.30.21,,,,
Wed Mar 18 17:47:49 2020 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Wed Mar 18 17:47:49 2020 MANAGEMENT: >STATE:1584553669,ADD_ROUTES,,,,,,
Wed Mar 18 17:47:49 2020 C:\WINDOWS\system32\route.exe ADD 192.168.30.0 MASK 255.255.255.0 192.168.30.22
Wed Mar 18 17:47:49 2020 Route addition via service succeeded
Wed Mar 18 17:47:49 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar 18 17:47:49 2020 Initialization Sequence Completed
Wed Mar 18 17:47:49 2020 MANAGEMENT: >STATE:1584553669,CONNECTED,SUCCESS,192.168.30.21,[myserverip],443,192.168.13.49,62877
But when I tried the same config file in ewon router (flexy 205) I get this error (read bottom to top)
19/03/2020 16:21:10 VPN SIGTERM[soft,tls-error] received, process exiting 161585 53
19/03/2020 16:21:10 VPN TCP/UDP: Closing socket 161585 52
19/03/2020 16:21:10 VPN Fatal TLS error (check_tls_errors_co), restarting 161585 51
19/03/2020 16:21:10 VPN TLS Error: TLS handshake failed 161585 50
19/03/2020 16:21:10 VPN TLS Error: TLS object -> incoming plaintext read error 161585 49
19/03/2020 16:21:10 VPN TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 161585 48
19/03/2020 16:21:10 VPN VERIFY nsCertType ERROR: /CN=[serverNumber].softether.net/O=[serverNumber].softether.net/OU=[serverNumber].softether.net/C=US, require nsCertType=SERVER 161585 47
19/03/2020 16:21:10 VPN TLS: Initial packet from [myserverIP]:443, sid=f842da4b 13db23f0 161492 46
19/03/2020 16:21:10 VPN TCPv4_CLIENT link remote: [myserverIP]:443 161482 45
19/03/2020 16:21:10 VPN TCPv4_CLIENT link local: [undef] 161482 44
19/03/2020 16:21:10 VPN TCP connection established with [myserverIP]:443 161482 43
19/03/2020 16:21:10 VPN Attempting to establish TCP connection with [myserverIP]:443 161470 42
19/03/2020 16:21:10 VPN Expected Remote Options hash (VER=V4): '79ef4284' 161470 41
19/03/2020 16:21:10 VPN Local Options hash (VER=V4): '958c5492' 161470 40
19/03/2020 16:21:10 VPN Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ] 161470 39
19/03/2020 16:21:10 VPN Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ] 161470 38
19/03/2020 16:21:10 VPN LZO compression initialized 161470 37
19/03/2020 16:21:10 VPN OpenVPN 2.0.9 arm-ewon-linux-gnueabi [SSL] [LZO] [EPOLL] build date removed 161470 36
any ideas?
Code: Select all
client
dev tun
proto tcp
remote [my server ip]
port 443
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
cipher AES-256-CBC
auth SHA1
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END PRIVATE KEY-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
</key>