Problem z konfiguracją OpenVPN proszę o pomoc

Marek Miklewicz · Październik 22, 2013

Witam

Potrzebuję zestawić openVPN dla znajomego na swoim serwerze centos 6, wszystko robiłem wg opisu na http://osworld.pl/konfiguracja-openvpn/ ale gdy znajomy próbuje się łączyć z moim VPNem przez OpenVPN-GUI dostaje takie komunikaty:

Tue Oct 22 13:18:21 2013 OpenVPN 2.0.9 Win32-MinGW [sSL] [LZO] built on Oct 1 2006
Tue Oct 22 13:18:21 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 13:18:21 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 22 13:18:21 2013 UDPv4 link local (bound): [undef]:1194
Tue Oct 22 13:18:21 2013 UDPv4 link remote: xxx.xxx.xx.xx:1194
Tue Oct 22 13:18:22 2013 VERIFY ERROR: depth=1, error=certificate signature failure: /C=PL/ST=xxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx_CA/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 13:18:22 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Oct 22 13:18:22 2013 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 22 13:18:22 2013 TLS Error: TLS handshake failed
Tue Oct 22 13:18:22 2013 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 22 13:18:24 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 13:18:24 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 22 13:18:24 2013 UDPv4 link local (bound): [undef]:1194
Tue Oct 22 13:18:24 2013 UDPv4 link remote: xxx.xxx.xx.xx:1194
Tue Oct 22 13:18:24 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:24 2013 VERIFY ERROR: depth=1, error=certificate signature failure: /C=PL/ST=xxxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx_CA/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 13:18:24 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Oct 22 13:18:24 2013 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 22 13:18:24 2013 TLS Error: TLS handshake failed
Tue Oct 22 13:18:24 2013 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 22 13:18:26 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 13:18:26 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 22 13:18:26 2013 UDPv4 link local (bound): [undef]:1194
Tue Oct 22 13:18:26 2013 UDPv4 link remote: xxx.xxx.xx.xx:1194
Tue Oct 22 13:18:26 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:26 2013 TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:27 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:27 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:29 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:29 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:31 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:31 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:32 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_ACK_V1)
Tue Oct 22 13:18:33 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)

a poniżej moje pliki konfiguracyjne:

serwer.conf

local xx.xx.xx.xx
dev tun
port 1194
proto udp
server 10.8.0.0 255.255.255.0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
user nobody
group nobody

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

client1,ovpn

client
dev tun
proto udp
remote xx.xx.xx.xx 1194
ca ca.crt
cert client1.crt
key client1.key

Próbowałem wyłączyć całkowcie firewalla ale nic ro nie zmieniło wydałem też polecenie:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE

(pod eth1 mam przypisane właściwe IP) eth0 w mam int

Czy mogłby ktoś podpowiedzieć gdzie robię błąd

kafi · Październik 22, 2013

Twój problem jest w tym:

Tue Oct 22 13:18:22 2013 VERIFY ERROR: depth=1, error=certificate signature failure: /C=PL/ST=xxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx_CA/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 13:18:22 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Jesteś pewien, że klucze wygenerowałeś zgodnie z instrukcją

./build-key-server server
./build-key client1

A nie np. pomyliłeś się i zrobiłeś ./build-key-server client1?

Marek Miklewicz · Październik 22, 2013

wygeneruję je jeszcze raz ale powiem szczerze, że nie podejżewam bo robiłem kopiuj/wklej

raz jeszcze wygenerowalem certufkaty i jest to samo

Edytowano Październik 22, 2013 przez Marek Miklewicz (zobacz historię edycji)

Październik 22, 2013

Coś może z howto, bo wygląda na problem z certyfikatem

Zweryfikuj ten certyfikat z CA czy jest poprawny i włącz jakiś wyższy poziom debug.

Choć ja bym zrobił od nowa tego OpenVPN

Marek Miklewicz · Październik 22, 2013

to wynik sprawdzenia certyfikatu:

[root@s1 cert]# openssl verify -CAfile ca.crt client1.crt
client1.crt: OK

więc certyfikat wygląda OK, zmieniłem też config clienta wykorzystując te przykładowe z dystrybucji. Oto jego obecna zawartość:

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote xxxx.pl 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client1.crt
key client1.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 4

# Silence repeating messages
;mute 20
auth-user-pass

a oto obecne komunikaty przy połączeniu klienta:

Tue Oct 22 21:57:43 2013 us=309318 Current Parameter Settings:
Tue Oct 22 21:57:43 2013 us=309669 config = 'client1.ovpn'
Tue Oct 22 21:57:43 2013 us=309674 mode = 0
Tue Oct 22 21:57:43 2013 us=309679 show_ciphers = DISABLED
Tue Oct 22 21:57:43 2013 us=309682 show_digests = DISABLED
Tue Oct 22 21:57:43 2013 us=309686 show_engines = DISABLED
Tue Oct 22 21:57:43 2013 us=309690 genkey = DISABLED
Tue Oct 22 21:57:43 2013 us=309694 key_pass_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309698 show_tls_ciphers = DISABLED
Tue Oct 22 21:57:43 2013 us=309702 proto = 0
Tue Oct 22 21:57:43 2013 us=309705 local = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309710 remote_list[0] = {'xxxx.pl', 1194}
Tue Oct 22 21:57:43 2013 us=309713 remote_random = DISABLED
Tue Oct 22 21:57:43 2013 us=309717 local_port = 1194
Tue Oct 22 21:57:43 2013 us=309721 remote_port = 1194
Tue Oct 22 21:57:43 2013 us=309724 remote_float = DISABLED
Tue Oct 22 21:57:43 2013 us=309737 ipchange = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309741 bind_local = DISABLED
Tue Oct 22 21:57:43 2013 us=309745 dev = 'tun'
Tue Oct 22 21:57:43 2013 us=309749 dev_type = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309757 dev_node = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309761 tun_ipv6 = DISABLED
Tue Oct 22 21:57:43 2013 us=309765 ifconfig_local = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309770 ifconfig_remote_netmask = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309774 ifconfig_noexec = DISABLED
Tue Oct 22 21:57:43 2013 us=309787 ifconfig_nowarn = DISABLED
Tue Oct 22 21:57:43 2013 us=309791 shaper = 0
Tue Oct 22 21:57:43 2013 us=309795 tun_mtu = 1500
Tue Oct 22 21:57:43 2013 us=309799 tun_mtu_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=309802 link_mtu = 1500
Tue Oct 22 21:57:43 2013 us=309806 link_mtu_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=309819 tun_mtu_extra = 0
Tue Oct 22 21:57:43 2013 us=309823 tun_mtu_extra_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=309827 fragment = 0
Tue Oct 22 21:57:43 2013 us=309830 mtu_discover_type = -1
Tue Oct 22 21:57:43 2013 us=309834 mtu_test = 0
Tue Oct 22 21:57:43 2013 us=309838 mlock = DISABLED
Tue Oct 22 21:57:43 2013 us=309841 keepalive_ping = 0
Tue Oct 22 21:57:43 2013 us=309846 keepalive_timeout = 0
Tue Oct 22 21:57:43 2013 us=309849 inactivity_timeout = 0
Tue Oct 22 21:57:43 2013 us=309853 ping_send_timeout = 0
Tue Oct 22 21:57:43 2013 us=309859 ping_rec_timeout = 120
Tue Oct 22 21:57:43 2013 us=309863 ping_rec_timeout_action = 2
Tue Oct 22 21:57:43 2013 us=309867 ping_timer_remote = DISABLED
Tue Oct 22 21:57:43 2013 us=309870 remap_sigusr1 = 0
Tue Oct 22 21:57:43 2013 us=309874 explicit_exit_notification = 0
Tue Oct 22 21:57:43 2013 us=309878 persist_tun = ENABLED
Tue Oct 22 21:57:43 2013 us=309882 persist_local_ip = DISABLED
Tue Oct 22 21:57:43 2013 us=309886 persist_remote_ip = DISABLED
Tue Oct 22 21:57:43 2013 us=309889 persist_key = ENABLED
Tue Oct 22 21:57:43 2013 us=309893 mssfix = 1450
Tue Oct 22 21:57:43 2013 us=309897 resolve_retry_seconds = 1000000000
Tue Oct 22 21:57:43 2013 us=309901 connect_retry_seconds = 5
Tue Oct 22 21:57:43 2013 us=309904 username = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309908 groupname = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309911 chroot_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309915 cd_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309919 writepid = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309923 up_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309944 down_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309948 down_pre = DISABLED
Tue Oct 22 21:57:43 2013 us=309951 up_restart = DISABLED
Tue Oct 22 21:57:43 2013 us=309955 up_delay = DISABLED
Tue Oct 22 21:57:43 2013 us=309958 daemon = DISABLED
Tue Oct 22 21:57:43 2013 us=309962 inetd = 0
Tue Oct 22 21:57:43 2013 us=309965 log = DISABLED
Tue Oct 22 21:57:43 2013 us=309969 suppress_timestamps = DISABLED
Tue Oct 22 21:57:43 2013 us=309972 nice = 0
Tue Oct 22 21:57:43 2013 us=309976 verbosity = 4
Tue Oct 22 21:57:43 2013 us=309979 mute = 0
Tue Oct 22 21:57:43 2013 us=310176 gremlin = 0
Tue Oct 22 21:57:43 2013 us=310185 status_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310190 status_file_version = 1
Tue Oct 22 21:57:43 2013 us=310194 status_file_update_freq = 60
Tue Oct 22 21:57:43 2013 us=310198 occ = ENABLED
Tue Oct 22 21:57:43 2013 us=310203 rcvbuf = 0
Tue Oct 22 21:57:43 2013 us=310207 sndbuf = 0
Tue Oct 22 21:57:43 2013 us=310212 socks_proxy_server = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310220 socks_proxy_port = 0
Tue Oct 22 21:57:43 2013 us=310225 socks_proxy_retry = DISABLED
Tue Oct 22 21:57:43 2013 us=310229 fast_io = DISABLED
Tue Oct 22 21:57:43 2013 us=310233 comp_lzo = ENABLED
Tue Oct 22 21:57:43 2013 us=310237 comp_lzo_adaptive = ENABLED
Tue Oct 22 21:57:43 2013 us=310241 route_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310246 route_default_gateway = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310250 route_noexec = DISABLED
Tue Oct 22 21:57:43 2013 us=310254 route_delay = 0
Tue Oct 22 21:57:43 2013 us=316919 route_delay_window = 30
Tue Oct 22 21:57:43 2013 us=316932 route_delay_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=316950 management_addr = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=316954 management_port = 0
Tue Oct 22 21:57:43 2013 us=316959 management_user_pass = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=316965 management_log_history_cache = 250
Tue Oct 22 21:57:43 2013 us=316970 management_echo_buffer_size = 100
Tue Oct 22 21:57:43 2013 us=316975 management_query_passwords = DISABLED
Tue Oct 22 21:57:43 2013 us=316980 management_hold = DISABLED
Tue Oct 22 21:57:43 2013 us=316984 shared_secret_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=316989 key_direction = 0
Tue Oct 22 21:57:43 2013 us=316993 ciphername_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=316998 ciphername = 'BF-CBC'
Tue Oct 22 21:57:43 2013 us=317019 authname_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=317025 authname = 'SHA1'
Tue Oct 22 21:57:43 2013 us=317031 keysize = 0
Tue Oct 22 21:57:43 2013 us=328541 engine = DISABLED
Tue Oct 22 21:57:43 2013 us=328553 replay = ENABLED
Tue Oct 22 21:57:43 2013 us=328562 mute_replay_warnings = DISABLED
Tue Oct 22 21:57:43 2013 us=328568 replay_window = 64
Tue Oct 22 21:57:43 2013 us=328573 replay_time = 15
Tue Oct 22 21:57:43 2013 us=328579 packet_id_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=328583 use_iv = ENABLED
Tue Oct 22 21:57:43 2013 us=328589 test_crypto = DISABLED
Tue Oct 22 21:57:43 2013 us=328594 tls_server = DISABLED
Tue Oct 22 21:57:43 2013 us=328598 tls_client = ENABLED
Tue Oct 22 21:57:43 2013 us=328602 key_method = 2
Tue Oct 22 21:57:43 2013 us=328606 ca_file = 'ca.crt'
Tue Oct 22 21:57:43 2013 us=328610 dh_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=328614 cert_file = 'client1.crt'
Tue Oct 22 21:57:43 2013 us=328625 priv_key_file = 'client1.key'
Tue Oct 22 21:57:43 2013 us=328631 pkcs12_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=328635 cryptoapi_cert = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338961 cipher_list = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338971 tls_verify = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338976 tls_remote = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338981 crl_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338986 ns_cert_type = 64
Tue Oct 22 21:57:43 2013 us=338991 tls_timeout = 2
Tue Oct 22 21:57:43 2013 us=338995 renegotiate_bytes = 0
Tue Oct 22 21:57:43 2013 us=339000 renegotiate_packets = 0
Tue Oct 22 21:57:43 2013 us=339004 renegotiate_seconds = 3600
Tue Oct 22 21:57:43 2013 us=339009 handshake_window = 60
Tue Oct 22 21:57:43 2013 us=339013 transition_window = 3600
Tue Oct 22 21:57:43 2013 us=339017 single_session = DISABLED
Tue Oct 22 21:57:43 2013 us=339021 tls_exit = DISABLED
Tue Oct 22 21:57:43 2013 us=339025 tls_auth_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=339036 server_network = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=339041 server_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349848 server_bridge_ip = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349858 server_bridge_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349864 server_bridge_pool_start = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349870 server_bridge_pool_end = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349876 ifconfig_pool_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=349881 ifconfig_pool_start = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349886 ifconfig_pool_end = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349891 ifconfig_pool_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349896 ifconfig_pool_persist_filename = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=349900 ifconfig_pool_persist_refresh_freq = 600
Tue Oct 22 21:57:43 2013 us=349905 ifconfig_pool_linear = DISABLED
Tue Oct 22 21:57:43 2013 us=349910 n_bcast_buf = 256
Tue Oct 22 21:57:43 2013 us=349914 tcp_queue_limit = 64
Tue Oct 22 21:57:43 2013 us=349918 real_hash_size = 256
Tue Oct 22 21:57:43 2013 us=349922 virtual_hash_size = 256
Tue Oct 22 21:57:43 2013 us=359059 client_connect_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359077 learn_address_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359084 client_disconnect_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359089 client_config_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359094 ccd_exclusive = DISABLED
Tue Oct 22 21:57:43 2013 us=359098 tmp_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359103 push_ifconfig_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=359108 push_ifconfig_local = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=359113 push_ifconfig_remote_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=359117 enable_c2c = DISABLED
Tue Oct 22 21:57:43 2013 us=359121 duplicate_cn = DISABLED
Tue Oct 22 21:57:43 2013 us=359125 cf_max = 0
Tue Oct 22 21:57:43 2013 us=359129 cf_per = 0
Tue Oct 22 21:57:43 2013 us=359133 max_clients = 1024
Tue Oct 22 21:57:43 2013 us=359137 max_routes_per_client = 256
Tue Oct 22 21:57:43 2013 us=368540 client_cert_not_required = DISABLED
Tue Oct 22 21:57:43 2013 us=368567 username_as_common_name = DISABLED
Tue Oct 22 21:57:43 2013 us=368574 auth_user_pass_verify_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=368580 auth_user_pass_verify_script_via_file = DISABLED
Tue Oct 22 21:57:43 2013 us=368585 client = ENABLED
Tue Oct 22 21:57:43 2013 us=368591 pull = ENABLED
Tue Oct 22 21:57:43 2013 us=368598 auth_user_pass_file = 'stdin'
Tue Oct 22 21:57:43 2013 us=368612 show_net_up = DISABLED
Tue Oct 22 21:57:43 2013 us=368616 route_method = 0
Tue Oct 22 21:57:43 2013 us=368623 ip_win32_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=368628 ip_win32_type = 3
Tue Oct 22 21:57:43 2013 us=368634 dhcp_masq_offset = 0
Tue Oct 22 21:57:43 2013 us=368641 dhcp_lease_time = 31536000
Tue Oct 22 21:57:43 2013 us=368647 tap_sleep = 0
Tue Oct 22 21:57:43 2013 us=368653 dhcp_options = DISABLED
Tue Oct 22 21:57:43 2013 us=368657 dhcp_renew = DISABLED
Tue Oct 22 21:57:43 2013 us=378549 dhcp_pre_release = DISABLED
Tue Oct 22 21:57:43 2013 us=378557 dhcp_release = DISABLED
Tue Oct 22 21:57:43 2013 us=378563 domain = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=378567 netbios_scope = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=378572 netbios_node_type = 0
Tue Oct 22 21:57:43 2013 us=378576 disable_nbt = DISABLED
Tue Oct 22 21:57:43 2013 us=378584 OpenVPN 2.0.9 Win32-MinGW [sSL] [LZO] built on Oct 1 2006
Tue Oct 22 21:58:12 2013 us=523239 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 21:58:12 2013 us=523930 LZO compression initialized
Tue Oct 22 21:58:12 2013 us=523981 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Oct 22 21:58:12 2013 us=530504 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 22 21:58:12 2013 us=530530 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Oct 22 21:58:12 2013 us=530536 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Oct 22 21:58:12 2013 us=530551 Local Options hash (VER=V4): '41690919'
Tue Oct 22 21:58:12 2013 us=530559 Expected Remote Options hash (VER=V4): '530fdded'
Tue Oct 22 21:58:12 2013 us=530574 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Oct 22 21:58:12 2013 us=530582 UDPv4 link local: [undef]
Tue Oct 22 21:58:12 2013 us=530587 UDPv4 link remote: 46.29.18.86:1194
Tue Oct 22 21:58:12 2013 us=574733 TLS: Initial packet from 46.29.18.86:1194, sid=f2f49789 70333015
Tue Oct 22 21:58:12 2013 us=782039 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=PL/ST=xxxxx/L=xxxxx/O=xxxx/OU=biuro/CN=xxxx.pl/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 21:58:12 2013 us=782155 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Oct 22 21:58:12 2013 us=782170 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 22 21:58:12 2013 us=782180 TLS Error: TLS handshake failed
Tue Oct 22 21:58:12 2013 us=782332 TCP/UDP: Closing socket
Tue Oct 22 21:58:12 2013 us=782397 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 22 21:58:12 2013 us=782409 Restart pause, 2 second(s)

Edytowano Październik 22, 2013 przez Marek Miklewicz (zobacz historię edycji)

Zaloguj się

Problem z konfiguracją OpenVPN proszę o pomoc

Polecane posty

Marek Miklewicz 2

Udostępnij ten post

Link to postu

Udostępnij na innych stronach

kafi 2425

Udostępnij ten post

Link to postu

Udostępnij na innych stronach

Marek Miklewicz 2

Udostępnij ten post

Link to postu

Udostępnij na innych stronach

Gość patrys

Udostępnij ten post

Link to postu

Udostępnij na innych stronach

Marek Miklewicz 2

Udostępnij ten post

Link to postu

Udostępnij na innych stronach

Bądź aktywny! Zaloguj się lub utwórz konto

Utwórz konto

Zaloguj się

Przeglądaj

Aktywność