OpenVPN CA from OPNsense -> "Root CA must have KeyUsage extension set."

tsaG

Dabbler
Joined
Jun 20, 2022
Messages
14
Hey!I switched from WireGuard to OpenVPN. All my other devices are working with the given Certificates. However Truenas Scale doesn't want to eat it. When I input the OpenVPN connection Details to use Truenas as a OpenVPN Client, I get the message "Root CA must have KeyUsage extension set."As already said, with the CA Certificate all other clients (Synology, iPhones..) are working.I exported the Client certificates (including CA, CERT and Private Key) from OPNSense. Any Ideas?

Its seems to be a limitation from the GUI but I don't know how to circumvent it.

In this Thread, someone recommended to use Tunable Parameters, however this only works in Core.
Is there something im Missing in OPNSense? There are no other options I can tick when creating the Certificate.

As I understand the absence of KeyUsages implies that any usage is valid for that particular certificate. So all should be good (?).
 

Attachments

  • OpenVPN_client_config.png
    OpenVPN_client_config.png
    146.3 KB · Views: 261
  • Certificates.png
    Certificates.png
    98.7 KB · Views: 215

indivision

Guru
Joined
Jan 4, 2013
Messages
806
It sounds like something is missing from OPNSense.

Have you tried a different service to verify?
 

tsaG

Dabbler
Joined
Jun 20, 2022
Messages
14
It sounds like something is missing from OPNSense.

Have you tried a different service to verify?
Not yet, but I can try. Can you recommend a different service (I assume to create the certificates?) ?

In the meantime, I also integrated all my Applications into the VPN as well. Worked like a charm. Only problem is now the actual Truenas which I need for Rsync.
 
Top