Hi, On Wed, Aug 30, 2023 at 01:53:40PM +0000, Jason Long via Openvpn-users wrote: > Thank you so much for your reply. > As I understand, The "ca.crt" and "ta.crt" keys are mandatory. I disabled the > "ta.crt" in Client.ovpn file and I got the following error:
ta.crt is outside the "basic" TLS handshake, so a different thing - and
if used, must be used on both sides.
> Wed Aug 30 17:36:57 2023 TLS Error: TLS key negotiation failed to occur
> within 60 seconds (check your network connectivity)
> Wed Aug 30 17:36:57 2023 TLS Error: TLS handshake failed
>
> Why the following files must exist in the server.conf file, when the client
> using the username and password authentication method?
>
> cert server.crt
> key server.key
> dh dh.pem
For the same reason you have them in your apache config if your web server
offers TLS (https). Because TLS needs a server certificate, and Diffie-
Hellman needs a file with DH groups.
Maybe you really want to follow David's suggestion and buy one of the
OpenVPN books *and actually read it, from beginning to end*?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
