Question

OpenSSL error when client connect to server

Hai,

i already setup everything with the following tutorial at here… https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04

But, i have a problem when a client want to connect with ovpn config. I try with android and Windows platform and got same error. Below this is my error and how to fix the SSL problem?

Thu Apr 27 01:33:16 2017 OpenVPN 2.3.14 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 7 2016 Thu Apr 27 01:33:16 2017 Windows version 6.2 (Windows 8 or greater) 64bit Thu Apr 27 01:33:16 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09 Enter Management Password: Thu Apr 27 01:33:16 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25342 Thu Apr 27 01:33:16 2017 Need hold release from management interface, waiting… Thu Apr 27 01:33:17 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25342 Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD ‘state on’ Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD ‘log all on’ Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD ‘hold off’ Thu Apr 27 01:33:17 2017 MANAGEMENT: CMD ‘hold release’ Thu Apr 27 01:33:17 2017 OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line Thu Apr 27 01:33:17 2017 OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib Thu Apr 27 01:33:17 2017 MANAGEMENT: Client disconnected Thu Apr 27 01:33:17 2017 Cannot load inline certificate file Thu Apr 27 01:33:17 2017 Exiting due to fatal error


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi @asraf5285 It says Cannot load inline certificate file so could it be that you’re not including the certificate or line ending might be messed up? http://stackoverflow.com/questions/20837161/openssl-pem-routinespem-read-biono-start-linepem-lib-c703expecting-truste

Hi,

FYI, Step 11 of the tutorial didn’t work for me. I get “No such file or directory” on ca.crt, ta.key…etc. in folder home/me/client-configs/keys/ when I run

./make_config.sh client1

So what I did is I copied these files into the folder above manually and then I ran the script.

However, the script didn’t merge these files with the OVPN file properly.

If you face the same problem than me, you have at the end of OVPN file this:

<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>

I assume all you have to do, is insert the hash of files ca.crt, client1.crt, client1.key and ta.key inside these tags and try again.

That solved that issue of mine, although I have another one now:

TLS Error: cannot locate HMAC in incoming packet from

I’ll keep on looking.

@asraf5285 I’m not sure why you’re getting RESOLVE: Cannot resolve host address: my-server-1: The requested name is valid, but no data of the requested type was found. I would recommend starting over and following the tutorial step by step. Or you could try asking in forums on openvpn.net