Ao estabelecer a conexão vpn aberta, estou enfrentando o erro "TLS_ERROR: BIO leia o erro tls_read_plaintext: erro: 14090086: rotinas SSL: ssl3_get_server_certificate: verificação de certificado falhou"
A CA raiz do certificado SSL é " CA da web do Fireware "
Tentando descobrir se há alguma opção para desativar a verificação do certificado.
Nota: Estou tentando conectar-me à VPN através do cliente vpn do meu roteador (Asus RT-AC55UHP). Consegui estabelecer a conexão VPN usando a mesma configuração no meu macbook usando tunnelblick
Log do sistema:
openvpn[10205]: OpenVPN 2.3.2 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Dec 1 2016
openvpn[10205]: Socket Buffers: R=[87380->131072] S=[16384->131072]
openvpn[10211]: Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:443 [nonblock]
openvpn[10211]: TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:443
openvpn[10211]: TCPv4_CLIENT link local: [undef]
openvpn[10211]: TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:443
openvpn[10211]: TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:443, sid=84d506xx 088122xx
openvpn[10211]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
openvpn[10211]: VERIFY OK: depth=1, O=WatchGuard_Technologies, OU=Fireware, CN=Fireware SSLVPN (SN 80XX04868XXX3 2015-11-18 09:19:40 GMT) CA
openvpn[10211]: Validating certificate extended key usage
openvpn[10211]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS
openvpn[10211]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.1, expects TLS
openvpn[10211]: VERIFY EKU ERROR
openvpn[10211]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
openvpn[10211]: TLS Error: TLS object -> incoming plaintext read error
openvpn[10211]: TLS Error: TLS handshake failed
openvpn[10211]: Fatal TLS error (check_tls_errors_co), restarting
openvpn[10211]: SIGUSR1[soft,tls-error] received, process restarting
openvpn[10211]: Restart pause, 5 second(s)
client.ovpn:
dev tun
client
proto tcp
<ca>
-----BEGIN CERTIFICATE-----
--Removed--
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
--Removed--
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
--Removed--
-----END PRIVATE KEY-----
</key>
remote-cert-eku "TLS Web Server Authentication"
remote XXX.XXX.XXX.XXX 443
persist-key
persist-tun
verb 3
mute 20
keepalive 10 60
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
auth SHA1
float
reneg-sec 3660
nobind
mute-replay-warnings
auth-user-pass
;remember_connection 0
;auto_reconnect 1