No problem Tularis,

I'm not aware of a way to suppress this warning client side. Draytek should really support the usage of tls-auth and make it part of the default setup. This is a warning though and not an error so it won't affect the connection. If you're failing to get a connection, it's probably not due to this warning. I've also noticed the guide makes you setup 256bit keys then tells you to set up the router to use 128bit keys. This causes an SSL mismatch and the connection craps out. Like I said IMHO it's not production ready atm or even fit for purpose and should be offered as an experimental feature.

Hope this helps.

Hi drgr33n.Thanks for your informative post. Yeah, I get signing the both the server AND client cert with the root ca ticket if the server isn't a sub-ca to the root ca with the client cert at the bottom of the chain. Which is presumably why tagging the client cert as an endpoint also doesn't help (as the server hasn't signed the client cert) ?

I'm no expert (obviously) but am spotting all sorts of QA\verification issues the further I delve into the 'feature' set. I do wonder if DV actually undertake any sort of UAT with the more knowledgeable people (like yourself) whose day to day jobs involve utilising their kit.

Might have to go back to looking at Sophos UTM in the interim.

Hi,

Vigor 2762 ac
3.9.0 BT

Just to add my voice to this thread.

Just wasted best part of a day trying to get the openVPN connection running, and get the same error. Confirm nothing shows in the logs.

After reading this, I think the best thing, unfortunately, is to go back to my original configuration. More than a little annoying. Features need to be fully functional, or, at least marked as experimental, before being released.