On Wed, Aug 30, 2023 at 5:36 PM, Gert Doering <g...@greenie.muc.de> wrote: >Hi,
>On Wed, Aug 30, 2023 at 01:53:40PM +0000, >Jason Long via Openvpn-users wrote: > Thank you so much for your reply. > As I understand, The "ca.crt" and "ta.crt" keys >are mandatory. I disabled > the "ta.crt" in >Client.ovpn file and I got the following error: >ta.crt is outside the "basic" TLS handshake, so >a different thing - and >if used, must be used on both sides. > Wed Aug 30 17:36:57 2023 TLS Error: TLS key >negotiation failed to occur > within 60 seconds >>(check your network connectivity) > Wed Aug 30 17:36:57 2023 TLS Error: TLS >handshake failed > > Why the following files must exist in the >server.conf file, when the client > using the >username and password authentication >method? > > cert server.crt > key server.key > dh dh.pem >For the same reason you have them in your >apache config if your web server >offers TLS (https). Because TLS needs a >server certificate, and Diffie- >Hellman needs a file with DH groups. >Maybe you really want to follow David's >suggestion and buy one of the >OpenVPN books *and actually read it, from >beginning to end*? >gert >-- >"If was one thing all people took for granted, >was conviction that if you >feed honest figures into a computer, honest >figures come out. Never doubted >it myself till I met a computer with a sense of >humor." > Robert A. Heinlein, The Moon >is a Harsh Mistress >Gert Doering - Munich, Germany >g...@greenie.muc.de Hello,Thanks again.I will.In the end, I want to know if it is possible to connect the server and the client without any key?
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
