OpenVPN issue OC200 Controller
I am fairly new to the OC200 and am trying to set up OpenVPN. I have set up the server-side of things fine and loaded up the resulting .ovpn file on my iOS client - which I know works as I have a number of other working VPN profiles set up, including one that points at my old router (a Linksys WRT3200ACM device).
There is one slight complication in my network in that I am double NATTED, but I have port forwarding on the external router for UDP 1194. This is how I was set up before with the LinkSys running the OpenVPN server. I see the following in the log file on the client device (iPhone 12, IoS 14.4.2). I had to edit the .ovpn file to put the correct external IP address in. The stuff in bold seems to be the error .. what on earth is linksys doing in there?
Any ideas, anyone? I am WAAAY out of my depth!
2021-04-26 16:15:20 1
2021-04-26 16:15:20 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit
2021-04-26 16:15:20 OpenVPN core 3.git::58b92569 ios arm64 64-bit
2021-04-26 16:15:20 Frame=512/2048/512 mssfix-ctrl=1250
2021-04-26 16:15:20 UNUSED OPTIONS
4 [nobind]
7 [resolv-retry] [infinite]
9 [persist-key]
10 [persist-tun]
2021-04-26 16:15:20 EVENT: RESOLVE
2021-04-26 16:15:20 Contacting [88.98.225.243]:1194/UDP via UDP
2021-04-26 16:15:20 EVENT: WAIT
2021-04-26 16:15:20 Connecting to [X.X.X.X]:1194 (X.X.X.X) via UDPv4 <-- MY CORRECT EXTERNAL IP ADDRESS
2021-04-26 16:15:20 EVENT: CONNECTING
2021-04-26 16:15:20 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2021-04-26 16:15:20 Creds: UsernameEmpty/PasswordEmpty
2021-04-26 16:15:20 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl
2021-04-26 16:15:20 VERIFY FAIL: depth=1, /C=US/ST=CA/L=Irvine/O=Linksys/OU=Belkin/CN=Mamba/name=BlackMamba/emailAddress=support@linksys.com [self signed certificate in certificate chain]
2021-04-26 16:15:20 Transport Error: OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2021-04-26 16:15:20 EVENT: CERT_VERIFY_FAIL OpenSSLContext::SSL::read_cleartext: BIO_read failed, cap=2576 status=-1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [ERR]
2021-04-26 16:15:20 Raw stats on disconnect:
BYTES_IN : 2365
BYTES_OUT : 339
PACKETS_IN : 4
PACKETS_OUT : 3
SSL_ERROR : 1
2021-04-26 16:15:20 Performance stats on disconnect:
CPU usage (microseconds): 25268
Network bytes per CPU second: 107012
Tunnel bytes per CPU second: 0
2021-04-26 16:15:20 EVENT: DISCONNECTED
2021-04-26 16:15:20 Raw stats on disconnect:
BYTES_IN : 2365
BYTES_OUT : 339
PACKETS_IN : 4
PACKETS_OUT : 3
SSL_ERROR : 1
CERT_VERIFY_FAIL : 1
2021-04-26 16:15:20 Performance stats on disconnect:
CPU usage (microseconds): 29524
Network bytes per CPU second: 91586
Tunnel bytes per CPU second: 0