Now, this very OPENVPN is giving me a hard time here with. SERVER SIDE cENTOS 5.2: V=OpenVPN 2.0.9 ============================================================================ port 1194 # (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push "dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client duplicate-cn # (this means several users can use the same key) CLIENT SIDE - Win XP: dev tun client ns-cert-type server port 1194 proto tcp remote server-ip-address ca ca.crt cert server.crt key server.key tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 dev-node OVPN cipher AES-256-CBC comp-lzo verb 4 mute 10 ============================================================================ nobody 12196 0.0 0.2 5820 1996 ? Ss 13:30 0:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config openvpn.conf --cd /etc/openvpn Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link local: [undef] Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link remote: 1.2.3.4:1616 Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS: Initial packet from 1.2.3.4:1616, sid=60b859ab ccd278c7 Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 VERIFY ERROR: depth=0, error=unsupported certificate purpose: /C=KE/ST=NBO/L=NAIROBI/O=IAL/OU=n_x08c/CN=WILSON/emailAddress= lixton@gmail.com Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS object -> incoming plaintext read error Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS handshake failed Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 Fatal TLS error (check_tls_errors_co), restarting Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 SIGUSR1[soft,tls-error] received, client-instance restarting Dec 11 13:31:46 kkk openvpn[12196]: TCP/UDP: Closing socket SERVER SIDE cENTOS 5.2: port 1194 # (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push "dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client duplicate-cn # (this means several users can use the same key) CLIENT SIDE - Win XP: Vercion= 2.1 dev tun client ns-cert-type server port 1194 proto tcp remote server-ip-address ca ca.crt cert server.crt key server.key tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 dev-node OVPN cipher AES-256-CBC comp-lzo verb 4 mute 10 -- Wilson
What did you use to generate the SSL certs? Easy-RSA doesn't work, generate them on a recent linux box and you should be ok. On Fri, Dec 11, 2009 at 10:31 AM, Thuo Wilson <lixton@gmail.com> wrote:
Now, this very OPENVPN is giving me a hard time here with.
SERVER SIDE cENTOS 5.2:
V=OpenVPN 2.0.9
============================================================================
port 1194 # (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push "dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client duplicate-cn # (this means several users can use the same key)
CLIENT SIDE - Win XP:
dev tun client ns-cert-type server port 1194 proto tcp remote server-ip-address ca ca.crt cert server.crt key server.key
tun-mtu 1500 tun-mtu-extra 32 mssfix 1450
dev-node OVPN
cipher AES-256-CBC
comp-lzo verb 4 mute 10
============================================================================
nobody 12196 0.0 0.2 5820 1996 ? Ss 13:30 0:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config openvpn.conf --cd /etc/openvpn
Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link local: [undef] Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link remote: 1.2.3.4:1616 Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS: Initial packet from 1.2.3.4:1616, sid=60b859ab ccd278c7 Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 VERIFY ERROR: depth=0, error=unsupported certificate purpose: /C=KE/ST=NBO/L=NAIROBI/O=IAL/OU=n_x08c/CN=WILSON/emailAddress= lixton@gmail.com Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS object -> incoming plaintext read error Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS handshake failed Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 Fatal TLS error (check_tls_errors_co), restarting Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 SIGUSR1[soft,tls-error] received, client-instance restarting Dec 11 13:31:46 kkk openvpn[12196]: TCP/UDP: Closing socket
SERVER SIDE cENTOS 5.2:
port 1194 # (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push "dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client duplicate-cn # (this means several users can use the same key)
CLIENT SIDE - Win XP:
Vercion= 2.1
dev tun client ns-cert-type server port 1194 proto tcp remote server-ip-address ca ca.crt cert server.crt key server.key
tun-mtu 1500 tun-mtu-extra 32 mssfix 1450
dev-node OVPN
cipher AES-256-CBC
comp-lzo verb 4 mute 10
-- Wilson
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Hey, Thanks for response, However, i realised problem was the way i was transfering them - clear text! Its up and running. Thanks again. Best Regards, Wilson. 2009/12/11 rsohan@gmail.com <rsohan@gmail.com>
What did you use to generate the SSL certs? Easy-RSA doesn't work, generate them on a recent linux box and you should be ok.
On Fri, Dec 11, 2009 at 10:31 AM, Thuo Wilson <lixton@gmail.com> wrote:
Now, this very OPENVPN is giving me a hard time here with.
SERVER SIDE cENTOS 5.2:
V=OpenVPN 2.0.9
============================================================================
port 1194 # (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push "dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client duplicate-cn # (this means several users can use the same key)
CLIENT SIDE - Win XP:
dev tun client ns-cert-type server port 1194 proto tcp remote server-ip-address ca ca.crt cert server.crt key server.key
tun-mtu 1500 tun-mtu-extra 32 mssfix 1450
dev-node OVPN
cipher AES-256-CBC
comp-lzo verb 4 mute 10
============================================================================
nobody 12196 0.0 0.2 5820 1996 ? Ss 13:30 0:00 /usr/sbin/openvpn --daemon --writepid /var/run/openvpn/openvpn.pid --config openvpn.conf --cd /etc/openvpn
Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link local: [undef] Dec 11 13:31:46 kkk openvpn[12196]: TCPv4_SERVER link remote: 1.2.3.4:1616 Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS: Initial packet from 1.2.3.4:1616, sid=60b859ab ccd278c7 Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 VERIFY ERROR: depth=0, error=unsupported certificate purpose: /C=KE/ST=NBO/L=NAIROBI/O=IAL/OU=n_x08c/CN=WILSON/emailAddress= lixton@gmail.com Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS object -> incoming plaintext read error Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 TLS Error: TLS handshake failed Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 Fatal TLS error (check_tls_errors_co), restarting Dec 11 13:31:46 kkk openvpn[12196]: 1.2.3.4:1616 SIGUSR1[soft,tls-error] received, client-instance restarting Dec 11 13:31:46 kkk openvpn[12196]: TCP/UDP: Closing socket
SERVER SIDE cENTOS 5.2:
port 1194 # (1194 is the default but on some APN networks this is blocked) proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 172.16.0.0 255.255.255.0 push "dhcp-option DNS 192.168.168.1" push "dhcp-option DNS 168.210.2.2" #push "dhcp-option WINS 192.168.1.2" push "route 192.168.168.0 255.255.255.0" ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo user nobody group users persist-key persist-tun status openvpn-status.log verb 3 client-to-client duplicate-cn # (this means several users can use the same key)
CLIENT SIDE - Win XP:
Vercion= 2.1
dev tun client ns-cert-type server port 1194 proto tcp remote server-ip-address ca ca.crt cert server.crt key server.key
tun-mtu 1500 tun-mtu-extra 32 mssfix 1450
dev-node OVPN
cipher AES-256-CBC
comp-lzo verb 4 mute 10
-- Wilson
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
participants (2)
-
rsohan@gmail.com -
Thuo Wilson