We created a root crtificate, which unfortunately expired today in Azure VPN, I regenerated the certificate, upload it to Azure VPN, regenerated a client certificate and se up the OpenVPN configuration file. (After downloaadin the "VPN Client" from the Azure portal.
However, I keep getting "Peer certification verification failure" and I can’t seem to understand why. Everything I read suggests that it is as there is a mismatch between the server and the client, however, I must be making the same mistakes, as I have followed the instructions below to generate the root certs, and the client certs::
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site#cer
I’ve used the following open-ssl command to generate convert to a PEM file:
"C:Program FilesOpenSSL-Win64binopenssl" pkcs12 -in child.pfx -out child.pem -clcerts
Then followed this for creating the OVPN file for the iOS device. (I have downloaded the OpenVPN Client to my desktop machine to make it easier to test)
https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-mac
I have done this more than once, as well as having "Reset" the VPN gateway, just to try and make sure that it isn’t something weird going on.
Does anyone have any ideas as to where I am going wrong?
2
Answers
In case anyone comes across this, there are two things that I have done to fix this issue:
Hope that helps...
Using the same setup within Azure and the latest OpenVPN Connect client 3.3.7 caused the same issue. For some reason, the hostname validation is failing. I’m not sure of the proper way to resolve, but to workaround this, you can comment out the "verify-x509-name" value in the ovpn file.
I understand that this is not as safe, but I do not see another way around this. I’ve been working on this issue most of the day, hence I thought I’d provide an alternative temporary solution/workaround.