I'm trying to use OpenVPN to connect two TrueNAS servers together and configure one as the offsite backup. So, I was able to create the necessary CAs and certificates and configure the OpenVPN Server service parameters on my main server (truenas.local). Then, I was able to download the .ovpn file, load it into OpenVPN Connect on my PC and remotely access my main TrueNAS server. So, I think the server configuration should be correct.
.ovpn File:
Now, I want to enable the OpenVPN Client service on my offsite TrueNAS server (truenas-backup.local). So, I followed these directions [https://www.truenas.com/community/resources/truenas-and-openvpn-client-configuration.158/] which were helpful in setting up the CAs, certificates, and other parameters. However, I still can't get it to work. I keep getting these TLS errors and that the CN could not be verified.
truenas-backup.local Console report:
I have yet to find a straightforward answer on why you can't just import the .ovpn file especially when it was generated on another TrueNAS server.
Anyways, how do it fix these TLS and CN errors?
Thanks
.ovpn File:
client
dev tun
proto udp4
port 1194
remote "openvpn.mydomain.com"
user nobody
group nobody
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
verb 3
remote-cert-tls server
auth SHA1
cipher AES-256-CBC
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
3991c23449a0b7da8c09499038b46075
-----END OpenVPN Static key V1-----
</tls-crypt>
Now, I want to enable the OpenVPN Client service on my offsite TrueNAS server (truenas-backup.local). So, I followed these directions [https://www.truenas.com/community/resources/truenas-and-openvpn-client-configuration.158/] which were helpful in setting up the CAs, certificates, and other parameters. However, I still can't get it to work. I keep getting these TLS errors and that the CN could not be verified.
truenas-backup.local Console report:
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000380-07:00 truenas-backup.local openvpn_client 2161 - - VERIFY ERROR: could not extract CN from X509 subject string ('C=US, ST=NC, L=WS, O=myname, emailAddress=myemail@email.com') -- note that the username length is limited to 64 characters
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000404-07:00 truenas-backup.local openvpn_client 2161 - - OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000408-07:00 truenas-backup.local openvpn_client 2161 - - TLS_ERROR: BIO read tls_read_plaintext error
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000412-07:00 truenas-backup.local openvpn_client 2161 - - TLS Error: TLS object -> incoming plaintext read error
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000415-07:00 truenas-backup.local openvpn_client 2161 - - TLS Error: TLS handshake failed
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000461-07:00 truenas-backup.local openvpn_client 2161 - - SIGUSR1[soft,tls-error] received, process restarting
Jul 2 15:49:42 truenas-backup 1 2022-07-02T15:49:42.000476-07:00 truenas-backup.local openvpn_client 2161 - - Restart pause, 160 second(s)
I have yet to find a straightforward answer on why you can't just import the .ovpn file especially when it was generated on another TrueNAS server.
Anyways, how do it fix these TLS and CN errors?
Thanks