Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

General Description

After importing OpenVPN configuration file to the phone, the phone can’t connect to OpenVPN server, and the OpenVPN error log in the syslog needs to be checked.

...

2. tls-crypt unwrap error: packet too short

Phone versions that are before than 2.42.6.x.x should use tls-auth; phone versions after it, support tls-crypt.

While using tls-auth, there needs to be differentiation between configuration in server and client;

on the server side, configuration should be written as tls-auth ta.key 0;

on the client side, it should be written as tls-auth ta.key 1; as

As for tls-crypt, it directly uses tls-crypt ta.key in server and client’s client's configuration.

3. Verify nsCertType ERROR: xxxx, require nsCertType=SERVER

Check if there’s ns-cert-type server in client.confovpn; if there is, replace it with remote-cert-tls server.

...