Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL S2S .apc file export Certificates failure | Openwrt TP-Link

Hello,

actual I'm trying to setup a TP-Link AC1750 with OpenWrt and connect a SSL S2S Tunnel. 

may anybody got a running configuration with an XG and could help. 

If anybody uses an IPSec Site-2-Site tunnel i would appreciate all kind of help.

 

XG with puplic IP and all self signed certificates from the Sophos CA which i`ve modified.

 

I created a SSL VPN Profile and exported the .apc file. 

Then i tryed to get the certificates and keys out of this file like in the picture below.

But i ran into a issue when i want to make a crt file out of it.

It means it's not usable as certificate

 

 

 

my OpenVPN configuration looks like:

remote x.y.z.a 8443
proto tcp
client
#verb3
dev tun
auth SHA256
cipher AES-128-CBC
remote-cert-tls server
--verify-x509-name "C=DE, ST=Hessen, L=Frankfurt, O=Home, OU=OU, CN=x.y.z.a, emailAddress=dsgfaga@fdaghdf.gfdsg
ca /etc/openvpn/ca.crt
cert /etc/openvpn/cert.crt
key /etc/openvpn/rsaho2.key
auth-user-pass /etc/openvpn/login.txt
resolv-retry infinite
nobind
persist-key
persist-tun

 

Regards

 



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi n33dfull,

    Could you please explain the use case of this setup? Are you trying to configure SSL site to site VPN? If yes, it can only be configured with two Sophos firewalls. 

    Thanks,

  • Hey H_Patel,

    yes i try to setup Site-2-Site VPN with a OpenWrt.

    I didn't know that it's only possible to connect with another Sophos Firewall because when i use the Information out of the apc, convert it to an .opvn  an then I'm able to use it in my Windows 10 OpenVPN Client and it connects...

     

    May somebody can give an explanaition to setup IPSec with OpenWrt, strongswan?

     

     

    Regards to all

    n33dfull