Hi, On Wed, Aug 30, 2023 at 01:53:40PM +0000, Jason Long via Openvpn-users wrote: > Thank you so much for your reply. > As I understand, The "ca.crt" and "ta.crt" keys are mandatory. I disabled the > "ta.crt" in Client.ovpn file and I got the following error:
ta.crt is outside the "basic" TLS handshake, so a different thing - and if used, must be used on both sides. > Wed Aug 30 17:36:57 2023 TLS Error: TLS key negotiation failed to occur > within 60 seconds (check your network connectivity) > Wed Aug 30 17:36:57 2023 TLS Error: TLS handshake failed > > Why the following files must exist in the server.conf file, when the client > using the username and password authentication method? > > cert server.crt > key server.key > dh dh.pem For the same reason you have them in your apache config if your web server offers TLS (https). Because TLS needs a server certificate, and Diffie- Hellman needs a file with DH groups. Maybe you really want to follow David's suggestion and buy one of the OpenVPN books *and actually read it, from beginning to end*? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users