I'm running an OpenVPN server with username/password authentification, which is working just fine. For several reasons, however, I want to switch to an authentification using client certificates - without username/password.
I generate all CA, server and client certificates and placed them properly on the server; their validation during the connection process also seems to work. However, I fail to disable the username/password requirement. Without inserting username/password, I still can't connect to the server.
My general idea would be to simply remove the "auth-user-pass" statement from the client configuration file with the certificates working properly. If I do that, however, I end up with a client connection log with something like this:
Mrz 01 13:45:58: OpenVPN 2.3.10 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Feb 11 2016
Mrz 01 13:45:58: library versions: OpenSSL 1.0.2f 28 Jan 2016, LZO 2.09
Mrz 01 13:45:59: Control Channel Authentication: using 'C:\...\ta.key' as a OpenVPN static key file
Mrz 01 13:45:59: Attempting to establish TCP connection with [AF_INET]XXX.XXX.XXX.XXX:443 [nonblock]
Mrz 01 13:46:00: TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:443
Mrz 01 13:46:00: TCPv4_CLIENT link local: [undef]
Mrz 01 13:46:00: TCPv4_CLIENT link remote: [AF_INET]XXX.XXX.XXX.XXX:443
Mrz 01 13:46:01: Connection reset, restarting 
Mrz 01 13:46:01: SIGUSR1[soft,connection-reset] received, process restarting
I would appreciate any advice, what I would need to modify or change. Please find attached my server and my client configuration file.
management 127.0.0.1 1195
server 10.8.0.0 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
keepalive 10 60
status /tmp/ovpn_status_2_result 30
tls-auth ta.key 1
remote XXX.XXX.XXX.XXX XXX