ubuntuusers.de

OpenVpn auf dem Iphone doesn´t work: PolarSSL error

Status: Ungelöst | Ubuntu-Version: Server 14.10 (Utopic Unicorn)
Antworten |

renpen

Anmeldungsdatum:
17. Mai 2015

Beiträge: Zähle...

Hi, I installed a VPN-Server on my Ubuntu installation. I generated client certificates with easy-rsa and copied the 3 files and the server.opvn to my Iphone. server.ovpn:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
remote rene-penkert.de

port 1194

proto udp

dev tap

dev-node openvpn

ca   "ca.crt"

key  "iphone.key"
cert "iphone.crt"

ns-cert-type server

comp-lzo

pull

Now i can´t connect via my Iphone because there is a error:

1
PolarSSL: error parsing ca certificate : X509 - The CRT/CRL/CSR format is invalid

I googled the problem an there are a problem with the type of the certificate, solution would be:

1
openssl pkcs12 -in Iphone.crt-out output-cert.pem-nocerts

but i got these errors:

1
2
140404825904800:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140404825904800:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS12

i also tried to include the certificates direct in the openvpn file like:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
remote serverAdress

port 1194

proto udp

dev tap

dev-node openvpn

ns-cert-type server

comp-lzo

pull


<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>

But there is the same PolarSSL exception...

Bearbeitet von pepre:

This is a german forum. Please use http://ubuntuforums.org/.

pepre Team-Icon

Supporter
Avatar von pepre

Anmeldungsdatum:
31. Oktober 2005

Beiträge: 6474

Wohnort: Erlangen

Antworten |