Table of Contents | ||||
---|---|---|---|---|
|
General Description
After importing OpenVPN configuration file to the phone, the phone can’t connect to OpenVPN server, and the OpenVPN error log in the syslog needs to be checked.
...
2. tls-crypt unwrap error: packet too short
Phone versions that are before than 2.42.6.x.x should use tls-auth
; phone versions after it, support tls-crypt
.
While using tls-auth
, there needs to be differentiation between configuration in server and client;
on the server side, configuration should be written as tls-auth ta.key 0
;
on the client side, it should be written as tls-auth ta.key 1
; as
As for tls-crypt
, it directly uses tls-crypt ta.key
in server and client’s client's configuration.
3. Verify nsCertType ERROR: xxxx, require nsCertType=SERVER
Check if there’s ns-cert-type server in client.confovpn; if there is, replace it with remote-cert-tls server.
...