Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- From: "joky" <erwin@xxxxxxxxxx>
- Date: 21 Mar 2006 07:24:24 -0800
Hi Leute,
hab folgende Konfiguration:
Server: Debian Linux 2.6.15.1 mit OpenVPN 2.0.5
Client: WindowsXP SP2 mit OpenVPN 2.0.5 (und GUI)
Die Zertifiktate sind alle am selben Server enstanden, das
CA-Zertifikat trägt den CN xxxx, der Server-Key als CN die Hostnamen
des Servers (xxxx.dyndns.org) und der Client den Namen des Nutzers (zb
Erwin Preuner)
das Root-Zertifikat hab ich in den Config-Ordner der XP Maschine sowie
der Debian maschine kopiert und unter XP sogar als CA hinzugefügt.
Dennoch
server.conf:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 6
client.conf:
client
dev tun
proto udp
remote REMOTE-HOST.dyndns.org 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 6
persist-key
persist-tun
Server-Log:
Mar 21 16:06:08 localhost ovpn-server[3682]: MULTI:
multi_create_instance called
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Re-using
SSL/TLS context
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 LZO
compression initialized
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Control
Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Data
Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Local
Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto
UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-server'
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Expected
Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu
1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize
128,key-method 2,tls-client'
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Local
Options hash (VER=V4): '530fdded'
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 Expected
Remote Options hash (VER=V4): '41690919'
Mar 21 16:06:08 localhost ovpn-server[3682]: 83.xxxx.71:1263 UDPv4 READ
[14] from 83.142.213.71:1263: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ]
pid=0 DATA len=0
Client-Log:
Tue Mar 21 16:22:44 2006 us=845625 IMPORTANT: OpenVPN's default port
number is now 1194,
based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used
5000 as the default port.
Tue Mar 21 16:22:44 2006 us=845677 Re-using SSL/TLS context
Tue Mar 21 16:22:44 2006 us=845727 LZO compression initialized
Tue Mar 21 16:22:44 2006 us=845823 Control Channel MTU parms [ L:1542
D:138 EF:38 EB:0 ET:0
EL:0 ]
Tue Mar 21 16:22:44 2006 us=897045 Data Channel MTU parms [ L:1542
D:1450 EF:42 EB:135 ET:0
EL:0 AF:3/1 ]
Tue Mar 21 16:22:44 2006 us=897104 Local Options String: 'V4,dev-type
tun,link-mtu
1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize
128,key-method
2,tls-client'
Tue Mar 21 16:22:44 2006 us=897119 Expected Remote Options String:
'V4,dev-type tun,link-mtu
1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize
128,key-method
2,tls-server'
Tue Mar 21 16:22:44 2006 us=897148 Local Options hash (VER=V4):
'41690919'
Tue Mar 21 16:22:44 2006 us=897170 Expected Remote Options hash
(VER=V4): '530fdded'
Tue Mar 21 16:22:44 2006 us=897213 Socket Buffers: R=[8192->8192]
S=[8192->8192]
Tue Mar 21 16:22:44 2006 us=900791 UDPv4 link local: [undef]
Tue Mar 21 16:22:44 2006 us=900817 UDPv4 link remote: 81.xxxx.230:1194
Tue Mar 21 16:22:44 2006 us=916877 UDPv4 WRITE [14] to
81.xxxx.230:1194:
P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Mar 21 16:22:44 2006 us=936916 UDPv4 READ [-1] from [undef]: DATA
UNDEF len=-1
Tue Mar 21 16:22:44 2006 us=957386 UDPv4 READ [26] from
81.xxxx.230:1194:
P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Tue Mar 21 16:22:44 2006 us=957424 TLS: Initial packet from
81.xxxx.230:1194, sid=c38486e9
69f2c1aa
[......]
Tue Mar 21 15:55:25 2006 us=972589 VERIFY ERROR: depth=1, error=self
signed certificate in certificate chain:
/C=AT/ST=Austria/L=Laakirchen/O=xxxxx/CN=xxxxx_Root_Certificate/emailAddress=root@xxxxxxxxxxx
Tue Mar 21 15:55:25 2006 us=972717 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Mar 21 15:55:25 2006 us=972737 TLS Error: TLS object -> incoming
plaintext read error
Tue Mar 21 15:55:25 2006 us=972748 TLS Error: TLS handshake failed
Tue Mar 21 15:55:25 2006 us=972922 TCP/UDP: Closing socket
.
- Follow-Ups:
- Re: Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- From: Rainer Sokoll
- Re: Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- From: Oliver Schad
- Re: Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- From: joky
- Re: Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- Prev by Date: Re: sicher mit Skype telefonieren
- Next by Date: Re: Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- Previous by thread: Re: Passwortschutz und Qualität
- Next by thread: Re: Linux/Windows: OpenVPN 2: self-signed certificate verify failed
- Index(es):
Relevant Pages
|
