Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 6910 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN site to site to OpenVPN client

innovatum
I'm trying to establish an SSL VPN connection between UTM9 (server) and OpenVPN on ASUS RT-AC56U router (client), but I can't seem to get it to work. 
I've created a host cert using the UTM CA. Exported CA-cert public and private keys to the  ASUS router. As I havn't found any .apc to .ovpn conversion utility I've had to add settings manually. 

The UTM log says:

VERIFY OK: depth=1  
VERIFY OK: depth=0 ... CN=
TLS Error: Auth Username/Password was not provided by peer
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
...

On the ASUS router:
VERIFY OK: depth=1  
VERIFY OK: depth=0 .... CN=
Connection reset, restarting [0]
...

Is username/password required for site to site VPN's? The OpenVPN settings on the ASUS router is set to not use "Username/Password authentication".
I've also tried multiple ASUS firmwares (Merlin, Tomato) but I get the same error.

Any guides available for setting up SSL VPN site to site with anything besides another UTM?


This thread was automatically locked due to age.
  • 0
    Hi, and welcome to the User BB!

    Try a Google on site:astaro.com openvpn apc ovpn

    You will find info about the converter that some have tried and that some have reported success.  You won't find a definitive guide.  I would have thought that the username/password you needed would have been in the apc file.

    Hopefully, you'll find the trick that others have missed.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Here is a link to a feature request about this capability. It's currently 9th on the top requested features list. Please vote for it. Maybe Sophos will listen for the next release. Please post about your success or otherwise.
  • 0

    Hi Innovatum,

    I've recently worked on this issue using UTM 9.601-5 with an Asus RT-66U_B1 using Asuswrt-Merlin 384.9 firmware. This is what worked for me.

    1. Setup SSL Remote Access on the UTM using the Remote Access via SSL and VPN Configuration Guide. community.sophos.com/.../116038

    2. Verify your SSL remote connection is working using the Sophos SSL VPN client software.

    3. Login into the UTM User Portal using your SSL username > Remote Access > "download the configuration file to set up SSL VPN on Linux, MacOS X, BSD or Solaris" save the .ovpn file.

    4. Login into the Asus Router > VPN > VPN Client > Import .ovpn file > Upload.

    5. Enable "Automatic start at boot time".

    6. Under "Authentication Settings" input your UTM SSL username / password and Apply.

    7. Turn "Service state" to on and verify VPN connection status.

     

    Good luck!

Unfiltered HTML