MikroTik

Community discussions
https://forum.mikrotik.com/

OpenVPN and SSTP same Certificate

https://forum.mikrotik.com/viewtopic.php?t=136784

Page 1 of 1

OpenVPN and SSTP same Certificate

Posted: Fri Jul 13, 2018 10:12 pm
by fremaint
Hi,

I'm trying to run an Open VPN Server alongside my already running SSTP Server in the Mikrotik 450G.

I tried this tutorial:
https://systemzone.net/mikrotik-openvpn ... ws-client/

I'm getting an error on OpenVPN about Certificate verification error, like a mismatch.

I tried creating new ones and using the ones I already have for the SSTP connectons to no success.

Always the same error.

Fri Jul 13 14:41:32 2018 us=585836 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Fri Jul 13 14:41:32 2018 us=585836 TCP_CLIENT link local: (not bound)
Fri Jul 13 14:41:32 2018 us=585836 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Fri Jul 13 14:41:32 2018 us=585836 MANAGEMENT: >STATE:1531507292,WAIT,,,,,,
Fri Jul 13 14:41:32 2018 us=586337 MANAGEMENT: >STATE:1531507292,AUTH,,,,,,
Fri Jul 13 14:41:32 2018 us=586838 TLS: Initial packet from [AF_INET]196.28.53.2:1194, sid=8247c79a 425084d9
Fri Jul 13 14:41:33 2018 us=683715 VERIFY ERROR: depth=0, error=self signed certificate: C=PR, ST=PR, L=NA, O=NA, OU=NA, CN=xxx.xxx.xxx.xxx
Fri Jul 13 14:41:33 2018 us=683715 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Fri Jul 13 14:41:33 2018 us=683715 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jul 13 14:41:33 2018 us=683715 TLS Error: TLS object -> incoming plaintext read error
Fri Jul 13 14:41:33 2018 us=683715 TLS Error: TLS handshake failed
Fri Jul 13 14:41:33 2018 us=684216 Fatal TLS error (check_tls_errors_co), restarting
Fri Jul 13 14:41:33 2018 us=684216 TCP/UDP: Closing socket
Fri Jul 13 14:41:33 2018 us=684716 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 13 14:41:33 2018 us=684716 MANAGEMENT: >STATE:1531507293,RECONNECTING,tls-error,,,,,
Fri Jul 13 14:41:33 2018 us=684716 Restart pause, 5 second(s)

Re: OpenVPN and SSTP same Certificate

Posted: Sat Jul 14, 2018 2:19 am
by radenli
It is better to post your ovpn configuration file here and also make sure you don't use the server certificate in the client configuration, use the certificate of the CA that signed the server cert which in your case is the same ca.crt that you used on the server.
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/