为Azure VPN生成证书时无法通过OpenVPN连接

时间:2020-01-02 09:11:51

标签: azure openssl vpn openvpn

我正在尝试在Azure中创建VPN并使用Mac上的OpenVPN Connect,但无法这样做。

我按照几条说明创建证书:

https://medium.com/@arisplakias/azure-point-to-site-vpn-certificates-with-openssl-406838731a7c 

openssl genrsa -aes256 -out MyAzureVPN1.key 2048
openssl req -x509 -sha256 -new -key MyAzureVPN1.key -out MyAzureVPN1.cer -days 3650 -subj /CN=”MyAzureVPN1”

openssl genrsa -out client1Cert.key 2048
openssl req -new -out client1Cert.req -key client1Cert.key -subj /CN="MyAzureVPN1"

openssl x509 -req -sha256 -in client1Cert.req -out client1Cert.cer -CAkey MyAzureVPN1.key -CA MyAzureVPN1.cer -days 1800 -CAcreateserial -CAserial serial
openssl pkcs12 -export -out client1Cert.pfx -inkey client1Cert.key -in client1Cert.cer -certfile MyAzureVPN1.cer

这里:

https://openvpn.net/vpn-server-resources/installing-a-valid-ssl-web-certificate-in-access-server/ 

openssl req -out MyAzureVPN2.csr -new -newkey rsa:4096 -sha256 -nodes -keyout MyAzureVPN1.key

最后在这里:

https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.cmc.doc/task_apionprem_gernerate_self_signed_openSSL.html 

openssl req -newkey rsa:2048 -nodes -keyout MyAzureVPN3.pem -x509 -days 365 -out MyAzureVPN3cert.pem
openssl x509 -text -noout -in MyAzureVPN3cert.pem
openssl pkcs12 -inkey MyAzureVPN3.pem -in MyAzureVPN3cert.pem -export -out MyAzureVPN3cert.p12
openssl pkcs12 -in MyAzureVPN3cert.p12 -noout -info

也许我不知道自己在做什么或犯了一些根本性的错误。但是,当我下载VPN软件包并导入到OpenVPN时,出现此错误:

2020-01-02 01:05:13-0800 [-] ProfileSignatureVerify.verify: RSASig: cannot parse RSA signature: client/profsig:15,pki/sign:210,pki/sign:95,application/app:423,scripts/_twistd_unix:202,application/app:445,application/app:348,internet/base:1166,internet/base:1178,internet/selectreactor:140,python/log:85,python/log:70,python/context:59,python/context:37,internet/selectreactor:156,internet/posixbase:188,internet/abstract:169,internet/process:260,internet/process:762,internet/process:775,internet/_baseprocess:60,svc/pp:117,svc/svcnotify:32,internet/defer:238,internet/defer:307,internet/defer:323,internet/defer:766,internet/defer:746,client/profman:587,client/profman:609,client/profsig:15,pki/sign:210,pki/sign:95,util/error:61,util/error:44 (RSASIG_PARSE_ERROR)
2020-01-02 01:05:13-0800 [-] Profile sanitize warning: line 3: verify-x509-name 'blah-blah-blah-blah-blah.vpn.azure.com' name: line filtered from untrusted profile
2020-01-02 01:05:13-0800 [-] Profile sanitize warning: line 16: tls-timeout 30: line filtered from untrusted profile
2020-01-02 01:05:13-0800 [-] Profile sanitize warning: line 20: log openvpn.log: line filtered from untrusted profile
2020-01-02 01:05:13-0800 [-] ImportProfile: profile sanitized
2020-01-02 01:05:13-0800 [-] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_5M1WA21uquXzzDWv_3', 10] kw={} ret=[{'timestamp': 1577955913, 'state': 'add_profile', 'profile_id': u'azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594', 'type': 'PROFILE'}]
2020-01-02 01:05:13-0800 [-] *** API CALL f=xmlrpc_ImportProfileFromFile args=['/Users/hophan/Downloads/hophan-vpn2/OpenVPN\\vpnconfig.ovpn', {}] kw={} ret=u'azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594'
2020-01-02 01:05:13-0800 [HTTPChannel,1575,] *** API CALL f=xmlrpc_ProfileProperties args=['azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594'] kw={} ret={'hash': '28712cf47614fe4cdf0f19572f9d144349ad8919a0e42596e7efc91ae3e0b7cb', 'name': u'azuregateway-blah-blah-blah-blah-blah-97e3688a6cfc.vpn.azure.com', 'global': False, 'host': u'azuregateway-blah-blah-blah-blah-blah-97e3688a6cfc.vpn.azure.com', 'owner': u'hophan', 'remote_hosts': [u'azuregateway-blah-blah-blah-blah-blah-97e3688a6cfc.vpn.azure.com'], 'type': ['static'], 'id': 'azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594', 'access_allowed': True}

然后当我尝试连接时,出现此错误:

2020-01-02 01:05:44-0800 [HTTPChannel,1580,] Profile approve: profile u'azuregateway-blah-blah-blah-blah-blah-97e3688a6cfc.vpn.azure.com' signed_by=None was previously seen, approval=True
2020-01-02 01:05:44-0800 [HTTPChannel,1580,] OpenVPN azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594 instantiated
2020-01-02 01:05:44-0800 [HTTPChannel,1580,] pyovpn.client.vpncli.MyOMIServer starting on "u'/Library/Application Support/OpenVPN/sock/ovpn-2tMjfgazx7Kd.sock'"
2020-01-02 01:05:44-0800 [-] (Port None Closed)
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u">INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info"
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'>HOLD:Waiting for hold release'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] TO OMI: ['state on']
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'SUCCESS: real-time state notification set to ON'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] TO OMI: ['echo on']
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'SUCCESS: real-time echo notification set to ON'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] TO OMI: ['bytecount 1']
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'SUCCESS: bytecount interval changed'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] TO OMI: ['hold off']
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'SUCCESS: hold flag set to OFF'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] TO OMI: ['hold release']
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'SUCCESS: hold release succeeded'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] OpenVPN start: name='azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594' sev='info' msg='process started successfully'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_5M1WA21uquXzzDWv_3', 10] kw={} ret=[{'type': 'PROFILE', 'state': 'connect', 'profile_id': 'azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594', 'cookie': 'TRAY_CLIENT_aG9waGFu_Z0qLmPBP', 'timestamp': 1577955944}]
2020-01-02 01:05:44-0800 [MyOMIClient,0,] *** API CALL f=xmlrpc_Connect args=[{'new_only': True, 'cookie': 'TRAY_CLIENT_aG9waGFu_Z0qLmPBP', 'profile_id': 'azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594', 'type': 'static', 'non_interactive': False}, ['STATE', 'PASSWORD', 'ACTIVE', 'CERT_APPROVAL', 'INFO', 'CONNECTED_USER', 'FATAL', 'SCRIPT', 'CHALLENGE', 'DELETE_PENDING', 'NOTIFY', 'RSA_SIGN', 'CONNECT_TIMEOUT', 'BYTECOUNT'], {}] kw={} ret='sess_azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594_zatxBUfrkSR5sAtf_1'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'>REMOTE:azuregateway-blah-blah-blah-blah-blah-97e3688a6cfc.vpn.azure.com,443,tcp-client'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] TO OMI: ['remote ACCEPT']
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'SUCCESS: remote command succeeded'
2020-01-02 01:05:44-0800 [-] OVPN azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594 ERR: '>FATAL:CLIENT_EXCEPTION: connect error: mbed TLS: error parsing cert certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected'
2020-01-02 01:05:44-0800 [MyOMIClient,0,] FROM OMI: u'>FATAL:CLIENT_EXCEPTION: connect error: mbed TLS: error parsing cert certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected'
2020-01-02 01:05:44-0800 [HTTPChannel,1582,] *** API CALL f=xmlrpc_Poll args=['sess_azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594_zatxBUfrkSR5sAtf_1', 10] kw={} ret=[{'active': True, 'timestamp': 1577955944, 'type': 'ACTIVE', 'last': None}, {'timestamp': 1577955944, 'type': 'FATAL', 'error': u'CLIENT_EXCEPTION: connect error: mbed TLS: error parsing cert certificate : X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected'}]
2020-01-02 01:05:44-0800 [-] *** API CALL f=xmlrpc_Poll args=['sess_azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594_zatxBUfrkSR5sAtf_1', 10] kw={} ret=[{'active': False, 'timestamp': 1577955944, 'type': 'ACTIVE', 'last': True}]
2020-01-02 01:05:44-0800 [-] *** API CALL f=xmlrpc_Poll args=['sess_TrackActiveProfiles_5M1WA21uquXzzDWv_3', 10] kw={} ret=[{'timestamp': 1577955944, 'state': 'disconnect', 'profile_id': 'azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594', 'type': 'PROFILE'}]
2020-01-02 01:05:44-0800 [-] OpenVPN azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594 stop: daemon exited with status 0
2020-01-02 01:05:44-0800 [HTTPChannel,1584,] *** API CALL f=xmlrpc_Poll args=['sess_azuregateway_blah_blah_blah_blah_blah_blah__vpn_azure_com_p4594_zatxBUfrkSR5sAtf_1', 10] kw={} ret=[{'timestamp': 1577955944, 'type': 'DELETE_PENDING'}]

有什么主意吗?

0 个答案:

没有答案
相关问题
最新问题