2

i'm trying to use openvpn client to connect TLS VPN server

here is my .ovpn file

client
tls-client
dev tun
proto tcp
remote example.com 443
resolv-retry infinite
auth-user-pass    
persist-key
persist-tun 
nobind
#remote-cert-tls server   
tls-version-min 1.2 
ca "/path/pem.pem"
cert "/path/cert.cert"
key "/path/key.key"
verify-client-cert require  
verb 7
route 10.77.80.177/32    

problem is when connecting, client uses SSL instead of TLS (see screenshots below) enter image description here

the correct way is below en

is there anyone to force openvpn client to use TLS ??

ikel
  • 129
  • 1
  • 2
  • 1
    What kind of server are you attempting to connect to? OpenVPN doesn't support other VPN protocols. – vidarlo May 05 '19 at 19:27
  • 2
    SSL is the same thing as TLS. It's just the old name. – Gilles 'SO- stop being evil' May 05 '19 at 20:17
  • @vidarlo i was trying to connect palo alto (global protect) vpn, as i understand that openvpn does support SSL vpn, doesn't it? – ikel May 06 '19 at 02:38
  • yes i do know tls is just another name for ssl – ikel May 06 '19 at 02:43
  • 1
    @ikel OpenVPN implements *one* kind of SSL VPN. Palo Alto is a different protocol. They both use SSL/TLS, but they are not compatible. You may want to have a look at [OpenConnect](https://www.infradead.org/openconnect/), which implements Palo Alto's protocol. – vidarlo May 06 '19 at 08:18
  • And for next time, please state what you're doing. Your real question was how to connect to a Palo Alto VPN server, not how to make OpenVPN use TLS. – vidarlo May 06 '19 at 08:19

1 Answers1

0

You have tls-version-min 1.2 in your configuration file, so you are using TLS. It appears that your logging tools is simply referring to SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3 all as simply "SSL". This is technically incorrect, but it's very common. You don't have to worry about SSL-specific vulnreabilities in your application just because the protocol itself has been labeled as SSL.

forest
  • 65,613
  • 20
  • 208
  • 262
  • problem is that by using ssl, i cant connect to server. btw, i used wireshark to monitor – ikel May 06 '19 at 02:39
  • 2
    This seems like an [XY Problem](https://meta.stackexchange.com/a/66378) to me. The question you ask is "How can I configure OpenVPN to use TLS 1.2?" (which is off-topic by the way). The question you actually *want* to ask is "Why can I not connect to *that server* with OpenVPN?". –  May 06 '19 at 14:42
  • @MechMK1 well, i suspect that TLSv1.2 not being used is the reason why i cannot connect to vpn, so im just trying to figure out why it's not connecting by fixing this first – ikel May 30 '19 at 10:04
  • @ikel Again, it's helpful to state what you are trying to do. –  May 30 '19 at 13:14