Please help with OpenVPN and TLS

vfomkin · October 9, 2013, 2:29pm

I am has generated self-signed CA and certificates on MikroTik ROS and setup a openvpn server.
Client device based on android 4.3. I copy CA cert, client cert and key into device and try to connect, but i have a error:

Log cleared.
P:MANAGEMENT: CMD 'password [...]'
P:MANAGEMENT: CMD 'proxy NONE'
P:MANAGEMENT: CMD 'password [...]'
P:MANAGEMENT: CMD 'proxy NONE'
P:MANAGEMENT: CMD 'password [...]'
P:WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
P:Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
P:MANAGEMENT: >STATE:1381325948,RESOLVE,,,
P:Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:0 ]
P:Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
P:Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
P:Local Options hash (VER=V4): 'db02a8f8'
P:Expected Remote Options hash (VER=V4): '7e068940'
P:Socket Buffers: R=[87380->131072] S=[16384->131072]
P:Attempting to establish TCP connection with [AF_INET]178.66.x.x:443 [nonblock]
P:MANAGEMENT: >STATE:1381325952,TCP_CONNECT,,,
P:Protecting socket fd 4
P:MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
P:TCP connection established with [AF_INET]178.66.x.x:443
P:TCPv4_CLIENT link local: (not bound)
P:TCPv4_CLIENT link remote: [AF_INET]178.66.x.x:443
P:MANAGEMENT: >STATE:1381325953,WAIT,,,
P:WRMANAGEMENT: >STATE:1381325953,AUTH,,,
P:TLS: Initial packet from [AF_INET]178.66.x.x:443, sid=ee2c76db 98740383
P:WRWWWRRRRWRVERIFY OK: depth=1, C=RU, O=xnetwork, CN=xca
P:Validating certificate key usage
P:++ Certificate has key usage  00b0, expects 00a0
P:++ Certificate has key usage  00b0, expects 0088
P:VERIFY KU ERROR
P:TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
P:TLS Error: TLS object -> incoming plaintext read error
P:TLS Error: TLS handshake failed
P:Fatal TLS error (check_tls_errors_co), restarting
P:TCP/UDP: Closing socket
P:SIGUSR1[soft,tls-error] received, process restarting
P:MANAGEMENT: >STATE:1381325955,RECONNECTING,tls-error,,
P:MANAGEMENT: CMD 'hold release'
P:MANAGEMENT: CMD 'bytecount 2'
P:MANAGEMENT: CMD 'state on'
P:MANAGEMENT: CMD 'proxy NONE'
MGMT:Got unrecognized command>FATAL:All connections have been connect-retry-max (1) times unsuccessful, exiting
P:MANAGEMENT: Client disconnected
P:All connections have been connect-retry-max (1) times unsuccessful, exiting
P:Exiting due to fatal error
Process exited with exit value 1