New Digital Ocean VPN causes client to give error message saying my server TLS is outdated and too low to connect.

Posted June 2, 2017 2.5k views

trying to connect from an android phone using OpenVPN Connect client
Aptitude says I’m running the latest version in my server.
Debian stretch/testing shows same version, as well

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

Hi @davewittenborn

How did you install OpenVPN - did you follow one of the tutorials here on DO, which?
Which version of Debian and OpenVPN server?
When you generated the certificate for the client, did you use TLS1.2 or only TLS1.0?
Can you supply your OpenVPN log, so it’s easier to debug?

  • Thanks for the quick and detailed reply. First, I’m a bit of a noob to linux, though I’m fairly tech savvy and learn quickly. I’m running Debian 8.8-64 and installed using a DO tutorial. OpenVPN version is 2.4. I have to admit, when I generated the certs, I just blindly followed the tutorial. Here is info from my server.crt :
    X509v3 Extended Key Usage:
    TLS Web Server Authentication
    and when I check my /etc/openvpn/easy-rsa directory, the most recent ssl-related file there is openssl-1.0.0.cnf.

    That’s about all I have at the moment.

    Thanks again

Well, neither of those two .log files exist in my tree, or anything that looks related.

I can connect from 3 other machines: One running debian stretch, and another running debian stretch in a vm, as well as another running WIndows 7-64 in a vm.
The only problem is with my android phone.

The tutorial you linked was the one I used.