Reply To: OpenVPN GUI 2.0 client keeps disconnecting right after conne

Home Page Forums Network Management VPN OpenVPN GUI 2.0 client keeps disconnecting right after conne Reply To: OpenVPN GUI 2.0 client keeps disconnecting right after conne

#54076
redfive
Participant

It’s funny, personally I’ve found the configuration of the VPNs in ZS much more easier than in most other appliances … anyway, this is one of my (client side) config

remote xxxx.dyndns.org 1198
proto tcp
auth-user-pass
ca my.ca.file.pem
cert admin.cert.pem
key admin.-key.pem
remote-cert-eku 'TLS Web Server Authentication'
verify-x509-name 'C=it, ST=xx, L=xx, O=xxxx, OU=server01, CN=server01.xxxx, emailAddress=xxxxxxx@libero.it'
cipher AES-128-CBC
auth RSA-SHA224
comp-lzo
verb 3
mute 20
resolv-retry infinite
nobind
client
dev tap
persist-key
persist-tun
auth-nocache
route-method exe
route-delay 2
script-security 3

You may try something like

remote your.fqdn|ip 1194
proto tcp
auth-user-pass
ca your.ca.file.pem
cert user.cert.pem
key user.-key.pem
remote-cert-eku 'TLS Web Server Authentication'
verify-x509-name 'C=xx, ST=xx, L=xx, O=xxxx, OU=xxxxxx, CN=xxxxx.xxxx, emailAddress=xxxxxxx@xxxxxx'
comp-lzo
verb 3
mute 20
resolv-retry infinite
nobind
client
dev tap
persist-key
persist-tun
auth-nocache
route-method exe
route-delay 2
script-security 3

Firstly, I’d advise to install openvpn 2.3.10, then, about the above config, for the
verify-x509-name
you have to replace the voices with those that appear in your host-cert, that one which you are using for the vpn-server, and only those which are present, eg. if your host cert is for the host router.earthlovesme.ca, and you have only the CN and the OU in the cert, use only
verify-x509-name ‘OU=Hosts, CN=router.earthlovesme.ca’
Once you’ll have the vpn running, I’ll post how to give static ip addresses based on username/common-name, so you can use firwall rules user-based …..
cheers,
jonatha