RUT950 OpenVPN Server full tunnel

Hello. I have a RUT950 and I’m trying to setup OpenVPN server and a full tunnel for the clients.

The Clients are Linux (mostly Ubuntu and CentOS) and they use standard OpenVPN Client.

I am olso trying to have them authenticate automatically via certificates so this is done on client startup and invisible and automatic for the user.

I’ve created a the Server with the limited UI on RUT950. I’ve put (push “redirect-gateway def1”) in the RUT950 push option as there is no specific configuration for full tunnel in the UI.

I’ve put the CA, CERT (client) and KEY (client) in the .ovpn file but the client is still unable to connect:

2023-08-07 10:12:45 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add ‘–data-ciphers-fallback BF-CBC’ to your configuration and/or add BF-CBC to --data-ciphers.
2023-08-07 10:12:45 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-08-07 10:12:45 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-08-07 10:12:45 WARNING: No server certificate verification method has been enabled. See How To Guide: Set Up & Configure OpenVPN Client/server VPN | OpenVPN for more info.
2023-08-07 10:12:45 OpenSSL: error:068000A8:asn1 encoding routines::wrong tag
2023-08-07 10:12:45 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error
2023-08-07 10:12:45 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error
2023-08-07 10:12:45 OpenSSL: error:0488000D:PEM routines::ASN1 lib
2023-08-07 10:12:45 Cannot load CA certificate file [[INLINE]] (no entries were read)
2023-08-07 10:12:45 Exiting due to fatal error

Please help.


It seems like the issue is caused by malformed certificates within the .ovpn file. Make sure you follow this format when embedding certificates within the file:

***Paste CA Cert Text Here***
***Paste Your Cert Text Here***
***Paste Your Cert Private Key Here***

Alternatively, you can configure the extra options in the WebUI, when configuring OpenVPN server.
Another alternative could be to upload the .ovpn file without certificates, and upload them to the WebUI separately after enabling the Upload OpenVPN authentication files option.

Best regards,

This topic was automatically closed after 15 days. New replies are no longer allowed.