This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 71%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Hello,
I have set up a point2site VPN implementation according to the instructions provided here:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
But when I connect using Ubuntu 20.04.3, the connection is immediately reset, see log below.
Fri Oct 15 08:49:52 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]20.185.243.149:443
Fri Oct 15 08:49:52 2021 Socket Buffers: R=[131072->131072] S=[16384->16384]
Fri Oct 15 08:49:52 2021 Attempting to establish TCP connection with [AF_INET]20.185.243.149:443 [nonblock]
Fri Oct 15 08:49:53 2021 TCP connection established with [AF_INET]20.185.243.149:443
Fri Oct 15 08:49:53 2021 TCP_CLIENT link local: (not bound)
Fri Oct 15 08:49:53 2021 TCP_CLIENT link remote: [AF_INET]20.185.243.149:443
Fri Oct 15 08:49:53 2021 TLS: Initial packet from [AF_INET]20.185.243.149:443, sid=07a9eca1 6916134d
Fri Oct 15 08:49:53 2021 VERIFY OK: depth=2, C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
Fri Oct 15 08:49:53 2021 VERIFY OK: depth=1, C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
Fri Oct 15 08:49:53 2021 VERIFY KU OK
Fri Oct 15 08:49:53 2021 Validating certificate extended key usage
Fri Oct 15 08:49:53 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Oct 15 08:49:53 2021 VERIFY EKU OK
Fri Oct 15 08:49:53 2021 VERIFY X509NAME OK: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=0a700077-acbb-466b-bea1-42abf23c21ac.vpn.azure.com
Fri Oct 15 08:49:53 2021 VERIFY OK: depth=0, C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=0a700077-acbb-466b-bea1-42abf23c21ac.vpn.azure.com
Fri Oct 15 08:49:53 2021 Connection reset, restarting [0]
Here's the version of OpenVPN:
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <******@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
For the record, I generated self-signed certificates on Linux using ipsec per the instructions below:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux
Also, I've now tried using PowerShell to generate the certificates, and got the same result when I moved them to Linux.
I also tried this certificate on a windows client and got the following error:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@KileD951 Thank you! Can you please run the following command and send me the output file so I can further troubleshoot the issue? Thank you!
Run "tail -f /var/log/syslog | grep "charon-nm | log.txt"
Hello. That command didn't return anything since I'm not using network manager. As you might be aware, the MSFT openvpn config file diverts the openvpn log to another file, which is what I've shared above. Performing "tail -f /var/log/syslog | grep vpn" does not return any results, so it seems there aren't any errors occurring.
This issue was resolved by regenerating the keys, and then importing the ovpn file from the Ubuntu VPN manager. Behind the scenes, this uses nm-charon rather than openvpn.