vpndvrerror

1.  
2. C:\Program Files\OpenVPN\config\dvr>openvpn --config dvr.ovpn
3. Fri Apr 03 23:01:53 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014
4. Fri Apr 03 23:01:53 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
5. Enter Auth Username:owner
6. Enter Auth Password:
7. Fri Apr 03 23:01:59 2015 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
8. Fri Apr 03 23:01:59 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
9. Fri Apr 03 23:01:59 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
10. Fri Apr 03 23:01:59 2015 UDPv4 link local: [undef]
11. Fri Apr 03 23:01:59 2015 UDPv4 link remote: [AF_INET]23.122.x.x:1194
12. Fri Apr 03 23:02:00 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: (removed)
13. Fri Apr 03 23:02:00 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
14. Fri Apr 03 23:02:00 2015 TLS Error: TLS object -> incoming plaintext read error
15. Fri Apr 03 23:02:00 2015 TLS Error: TLS handshake failed
16. Fri Apr 03 23:02:00 2015 SIGUSR1[soft,tls-error] received, process restarting
17. Fri Apr 03 23:02:02 2015 UDPv4 link local: [undef]
18. Fri Apr 03 23:02:02 2015 UDPv4 link remote: [AF_INET]23.x.x.x:1194
19.  
20.  
21. =======================================
22. cert permissions
23.  
24. root@linux-a51:/etc# ls -l openvpn/certs/
25. total 28
26. -rw-r--r-- 1 root root 1708 Apr 3 22:21 ca.crt
27. -rw------- 1 root root 1704 Apr 3 22:21 ca.key
28. -rw-r--r-- 1 root root 424 Apr 3 22:22 dh2048.pem
29. -rw-r--r-- 1 root root 5438 Apr 3 22:23 dvr.crt
30. -rw------- 1 root root 1704 Apr 3 22:23 dvr.key
31. -rw------- 1 root root 636 Apr 3 22:30 ta.key
32.  
33.  
34. All keys look correct:
35. cat /etc/openvpn/certs/ca.crt
36. cat /etc/openvpn/certs/ca.key
37. cat /etc/openvpn/certs/dvr.crt
38. cat /etc/openvpn/certs/dvr.key
39. cat /etc/openvpn/certs/dh2048.pem
40.  
41. =======================================
42. server.conf file
43. nano /etc/openvpn/server.conf
44. port 1194
45. proto udp
46. dev tun
47. ca /etc/openvpn/certs/ca.crt
48. cert /etc/openvpn/certs/dvr.crt
49. key /etc/openvpn/certs/dvr.key
50. dh /etc/openvpn/certs/dh2048.pem
51. tls-auth /etc/openvpn/certs/ta.key 0
52. server 192.168.88.0 255.255.255.0
53. ifconfig-pool-persist ipp.txt
54. push "redirect-gateway def1 bypass-dhcp"
55. push "dhcp-option DNS 8.8.8.8"
56. push "dhcp-option DNS 8.8.4.4"
57. client-to-client
58. keepalive 1800 4000
59. cipher DES-EDE3-CBC # Triple-DES
60. comp-lzo
61. max-clients 10
62. user nobody
63. group nogroup
64. persist-key
65. persist-tun
66. #log openvpn.log
67. #status openvpn-status.log
68. verb 5
69. mute 20
70. #
71. #
72.  
73. =======================================
74. client.conf on windows box
75. client
76. dev tun
77. proto udp
78. auth-user-pass
79. ns-cert-type server
80. remote dvr.owner.com 1194
81. ca ca.crt
82. cert dvr.crt
83. key dvr.key
84. tls-auth ta.key 1
85. ca c:\\PROGRA~1\\OpenVPN\\config\\dvr\\ca.crt
86. cert c:\\PROGRA~1\\OpenVPN\\config\\dvr\\dvr.crt
87. key c:\\PROGRA~1\\OpenVPN\\config\\dvr\\dvr.key
88. tls-auth c:\\PROGRA~1\\OpenVPN\\config\\dvr\\ta.key 1
89. cipher DES-EDE3-CBC
90. comp-lzo
91. resolv-retry infinite
92. nobind
93. auth-nocache
94. script-security 2
95. persist-key
96. persist-tun
97. verb 2
98.  
99. =======================================