[Skunkworks] OPENVPN Error

11 Dec 2009

      Now, this very OPENVPN is giving me a hard time here with.

SERVER SIDE cENTOS 5.2:

V=OpenVPN 2.0.9

============================================================================

port 1194 # (1194 is the default but on some APN networks this is blocked)
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 172.16.0.0 255.255.255.0
push "dhcp-option DNS 192.168.168.1"
push "dhcp-option DNS 168.210.2.2"
#push "dhcp-option WINS 192.168.1.2"
push "route 192.168.168.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
duplicate-cn # (this means several users can use the same key)

CLIENT SIDE - Win XP:

dev tun
client
ns-cert-type server
port 1194
proto tcp
remote server-ip-address
ca ca.crt
cert server.crt
key server.key

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

dev-node OVPN

cipher AES-256-CBC

comp-lzo
verb 4
mute 10

============================================================================

nobody   12196  0.0  0.2   5820  1996 ?        Ss   13:30   0:00
/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config
openvpn.conf --cd /etc/openvpn

Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link local: [undef]
Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link remote: 1.2.3.4:1616
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS: Initial packet from
1.2.3.4:1616, sid=60b859ab ccd278c7
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 VERIFY ERROR: depth=0,
error=unsupported certificate purpose:
/C=KE/ST=NBO/L=NAIROBI/O=IAL/OU=n_x08c/CN=WILSON/emailAddress=
lixton@gmail.com
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS_ERROR: BIO read
tls_read_plaintext error: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS object ->
incoming plaintext read error
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS handshake
failed
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 Fatal TLS error
(check_tls_errors_co), restarting
Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 SIGUSR1[soft,tls-error]
received, client-instance restarting
Dec 11 13:31:46 kkk openvpn[12196]: TCP/UDP: Closing socket

SERVER SIDE cENTOS 5.2:

port 1194 # (1194 is the default but on some APN networks this is blocked)
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 172.16.0.0 255.255.255.0
push "dhcp-option DNS 192.168.168.1"
push "dhcp-option DNS 168.210.2.2"
#push "dhcp-option WINS 192.168.1.2"
push "route 192.168.168.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group users
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
duplicate-cn # (this means several users can use the same key)

CLIENT SIDE - Win XP:

Vercion= 2.1

dev tun
client
ns-cert-type server
port 1194
proto tcp
remote server-ip-address
ca ca.crt
cert server.crt
key server.key

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

dev-node OVPN

cipher AES-256-CBC

comp-lzo
verb 4
mute 10

--
Wilson

[Skunkworks] OPENVPN Error

Thuo Wilson