What's new

OpenVPN Server - Client Error Connecting

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dcsang

Regular Contributor
I recently updated my RT-AC88U from 384.19 to 386.1_2 and performed a factory reset. I failed to export the VPN Server configuration and manually reconfigured. Various server settings, including default values, were tried but when the resulting 'client.ovpn' file is imported into Android 'OpenVPN Connect' I am receiving errors. The message states "ssl_connect_error. OpenSSLContext: CA not defined" but the ovpn file includes the <ca>, <cert>, and <key> blocks. The router generated Certificate Authority, Server Certificate, Server Key, and Diffie Hellman entries. Any guidance would be appreciated.

I wasn't sure if this would be the right forum, but posted here since the issue occurred after the update. Thank you.
 
Here are my current settings for reference.

2021-03-02 13_16_12-Window.png
 
Does it report the error at the point the config file is imported, or when the connection attempt is made to the server? The former would suggest to me it isn't present (or is corrupted/truncated), or perhaps just can't read the file for some reason. The latter would suggest it's present but doesn't match the server.
 
I just set the TLS control channel security to "Bi-directional Auth" and the result was the same with a newly exported config file.

The ovpn file imports successfully to the client and the error occurs when connecting. I verified that the Certificate Authority key matched the <ca> block in the config file. The <cert>, <key>, and <tls-auth> sections do not match any of the values generated by the router.
 
Last edited:
One more thing

TLS control channel security to disable

Make sure you click apply button then export new configuration file to clients.
Unfortunately the same result. Everything else, including my VPN clients, appears to be working just fine. Is there any way to obtain a more detailed log on the client side to gain some additional information? I will try a laptop through my mobile provider using the same ovpn file later tonight.
 
Win10 OpenVPN Client also fails to connect with the config file. Thinking of downgrading to the 384.19 firmware but will await additional commentary in hopes of a resolution. Thanks for the suggestions thus far!
 
Just re-export the config file from the server, and use that to connect. Unless you also use self-generated client keys, it's all you will need to connect. I've done quite a few quick "server config + client export" over the past few weeks while testing OpenVPN changes.
 
Just re-export the config file from the server, and use that to connect. Unless you also use self-generated client keys, it's all you will need to connect. I've done quite a few quick "server config + client export" over the past few weeks while testing OpenVPN changes.
Thank you for the guidance. When you say "re-export the config file from the server" do you me exporting a fresh config file from the VPN Server settings? If so, I've done that several times and both the Android and Windows OpenVPN clients continue to fail when connecting. Please let me know if I'm missing any steps.
 
Thank you for the guidance. When you say "re-export the config file from the server" do you me exporting a fresh config file from the VPN Server settings? If so, I've done that several times and both the Android and Windows OpenVPN clients continue to fail when connecting. Please let me know if I'm missing any steps.
If it fails connecting with the exported file, then it could be because you enabled client cert-based authentication, in which case you might need to generate and insert the client key and certificates into the exported config file.

Check your system log for more info as to the cause. Your initial post was reporting a missing CA, which would indicate that the server itself isn't correctly configured, or the exported config was incorrect.
 
Below is the message I consistently receive from the Android OpenVPN client regardless of configuration changes. My VPN Server configuration is also provided for reference. The router is populating Static Key, Certificate Authority (which matches the ovpn <ca> block), Server Certificate, Server Key, and Diffie Hellman values.

Where would I find the setting for cert-based authentication?

Screenshot_20210303-024148_OpenVPN Connect.jpg


2021-03-03 02_45_34-Window.png
 
It's complaining about a missing CA. If you do have the CA both under the "Edit..." button and inside your config file, then I have no idea what's wrong with your client, sorry.
 
Issue resolved!

I was sending the config files through Gmail and apparently something (possibly file encoding) changes by the time it's downloaded to my mobile device. Sending the file through Google Drive did the trick. Yesterday I tested a laptop and used a flash drive to move the config file, so not sure why it failed in that instance.

Thanks for all your help and feedback!
 
I know this is an old thread but I hit this problem today and want to offer a tip.

For around an hour, I had this problem, trying to email the exported config file to myself and get a successful import. Not a problem for Server 1; for the second server, despite several exports and different emails (gmail, icloud), the penny finally dropped thanks to Merlin’s post #13 above.

My tip is: check the size of the exported config file. It should be about 6kB. If it’s only around 300 bytes, then it’s missing vital certificate information and you need persevere and keep trying different methods to export until the config file is ~6kB.

(No idea what the problem was, but eventually, I managed to export a full config file.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top