OpenVPN + Opnsense Unable to connect. Options error: You must define CA file

Question

I am new to Opnsense , but I have most things configured Ok.

What I am having trouble with is setting up OpenVPN and connecting to it over the internet.

While I am not setting this up on a mac ( I am trying to connect from windows 10 ) , I figured that the instructions here would be sufficient to get me most of the way and then I just export the client file instead of the Viscoscity configuration.

I have set up the server and ( I believe ) added correct firewall rules as part of the process.

When I go to connect , I figure that the .ovpn file generated should be enough as it contains certificates embedded. But the long file says:

Options error: You must define CA file (--ca) or CA path (--capath)
Use --help for more information.

My .ovpn file looks like this ( generated from VPN > client Export )

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
client
resolv-retry infinite
remote my.server.static.ip 1194 udp
lport 0
verify-x509-name "C=NL, ST=Zuid-Holland, L=Middelharnis, O=OPNsense" subject
auth-user-pass
<cert>
-----BEGIN CERTIFICATE-----

[server cert stuff , about 25 lines long]

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----

[private key stuff, about 25 lines long]

-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----

[static key stuff , about 15 lines long]

-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1

Why is it asking for CA files if the certificate info is embedded - and how can I connect to the server?

Answer 1

You can add the ca to the .ovpn file like so:

<ca>
content
</ca>

The certificate you provide is the client side certificate, and the ca is the ca used for generating both the client side certificates and the server certificate. Explanation