Community discussions

Member Candidate
Member Candidate
Topic Author
Posts: 198
Joined: Wed Sep 16, 2009 2:55 pm

Ovpn from ubuntu failing

Fri Mar 01, 2019 12:47 pm

I have a rb3011 running ovpn server.
This works for mikrotik - mikrotik tunneling, gentoo - mikrotik, mac - mikrotik and windows - mikrotik.
However, ubuntu - mikrotik returns "error=unsupported certificate purpose"

On gentoo I've tested client versions 2.4.2, 2.4.4 and 2.4.6. All works.
On ubuntu tested version is 2.4.4.

Both the mac and ubuntu got their config file copied from the gentoo client.
I suspect there is some default config on ubuntu that makes this client differ from the others. Does anyone have an idea of what needs to be done differently in ubuntu?

Client config
dev tun
proto tcp-client

remote server.example.local 1194


#user nobody
#group nogroup

ca /configs/etc/openvpn/cert_export_ovpn-ca.crt

#comp-lzo # Do not use compression.

# More reliable detection when a system loses its connection.
ping 15
ping-restart 45


verb 3

cipher BF-CBC
auth SHA1

auth-user-pass /configs/etc/openvpn/auth.cfg
Client log
 TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:1194
 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=f39e6cb9 1d26383b
 VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=ovpn-ca
 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
 TLS_ERROR: BIO read tls_read_plaintext error
 TLS Error: TLS object -> incoming plaintext read error
 TLS Error: TLS handshake failed
 Fatal TLS error (check_tls_errors_co), restarting
 SIGUSR1[soft,tls-error] received, process restarting
 Restart pause, 300 second(s)
mikrotik server config
/interface ovpn-server server
set certificate=ovpn-ca cipher=blowfish128,aes128,aes192,aes256 default-profile=vpn-impact enabled=yes netmask=19
Member Candidate
Member Candidate
Posts: 113
Joined: Sat Jan 10, 2015 6:45 pm

Re: Ovpn from ubuntu failing

Fri Mar 01, 2019 1:05 pm

Please check whether the following link may help you since the error isnt that common:

Who is online

Users browsing this forum: No registered users and 35 guests