[General Issue]: FORTINET does SSL inspection - Self-Signed Certs Issue
himuura opened this issue · 1 comments
In raising this issue I confirm that
- I have read the documentation
- I have read and understood the PiVPN General Guidelines
- I have read and understood the PiVPN Troubleshooting Guidelines
- The issue I am reporting isn't a duplicate, see closed issues and open issues.
- I have searched for similar issues and solutions
- I can replicate the issue even after a clean OS installation
Describe the issue
Simple enough, Fortinet Firewall is doing certificate inspection whenever i connect to my pivpn server...SO bye bye self-sign certificates because it keeps retrying to connect (yes, the server is working without issues on other networks without Fortinet)
So, i guess the only way to circumvent this is by using LetsEncrypt certificates but i've read around the github that it's not feasible.
I've already got a certificate from certbot (standalone) my question is, what options can/should i change around server.conf?
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/
key /etc/openvpn/easy-rsa/pki/private/
Im guessing this ones...am i wrong?
Thanks in advance!
Expected behavior
Using another cert rather than a self-signed.
Please describe the steps to replicate the issue
Normal Pivpn Install.
Have you taken any steps towards solving your issue?
Yes, using certbot to get a certificate (http challange, standalone).
Screenshots
No response
Where did you run pivpn?
Intel NUC with Debian 12.
Please provide your output from uname -a
Linux nuc 6.1.0-7-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.20-1 (2023-03-19) x86_64 GNU/Linux
Details about Operative System
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
Installation
No response
Profile / Client creation
No response
Debug output
N/A