Skocz do zawartości
Zaloguj się, aby obserwować  
Marek Miklewicz

Problem z konfiguracją OpenVPN proszę o pomoc

Polecane posty

Witam

Potrzebuję zestawić openVPN dla znajomego na swoim serwerze centos 6, wszystko robiłem wg opisu na http://osworld.pl/konfiguracja-openvpn/ ale gdy znajomy próbuje się łączyć z moim VPNem przez OpenVPN-GUI dostaje takie komunikaty:

 

Tue Oct 22 13:18:21 2013 OpenVPN 2.0.9 Win32-MinGW [sSL] [LZO] built on Oct 1 2006
Tue Oct 22 13:18:21 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 13:18:21 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 22 13:18:21 2013 UDPv4 link local (bound): [undef]:1194
Tue Oct 22 13:18:21 2013 UDPv4 link remote: xxx.xxx.xx.xx:1194
Tue Oct 22 13:18:22 2013 VERIFY ERROR: depth=1, error=certificate signature failure: /C=PL/ST=xxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx_CA/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 13:18:22 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Oct 22 13:18:22 2013 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 22 13:18:22 2013 TLS Error: TLS handshake failed
Tue Oct 22 13:18:22 2013 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 22 13:18:24 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 13:18:24 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 22 13:18:24 2013 UDPv4 link local (bound): [undef]:1194
Tue Oct 22 13:18:24 2013 UDPv4 link remote: xxx.xxx.xx.xx:1194
Tue Oct 22 13:18:24 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:24 2013 VERIFY ERROR: depth=1, error=certificate signature failure: /C=PL/ST=xxxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx_CA/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 13:18:24 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Oct 22 13:18:24 2013 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 22 13:18:24 2013 TLS Error: TLS handshake failed
Tue Oct 22 13:18:24 2013 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 22 13:18:26 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 13:18:26 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 22 13:18:26 2013 UDPv4 link local (bound): [undef]:1194
Tue Oct 22 13:18:26 2013 UDPv4 link remote: xxx.xxx.xx.xx:1194
Tue Oct 22 13:18:26 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:26 2013 TLS Error: Unroutable control packet received from xxx.xxx.xxx.xxx (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:27 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:27 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:28 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:29 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:29 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:31 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:31 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)
Tue Oct 22 13:18:32 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_ACK_V1)
Tue Oct 22 13:18:33 2013 TLS Error: Unroutable control packet received from xxx.xxx.xx.xx:1194 (si=3 op=P_CONTROL_V1)

 

 

a poniżej moje pliki konfiguracyjne:

 

serwer.conf

local xx.xx.xx.xx
dev tun
port 1194
proto udp
server 10.8.0.0 255.255.255.0
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
user nobody
group nobody

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

 

client1,ovpn

client
dev tun
proto udp
remote xx.xx.xx.xx 1194
ca ca.crt
cert client1.crt
key client1.key

Próbowałem wyłączyć całkowcie firewalla ale nic ro nie zmieniło wydałem też polecenie:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE

(pod eth1 mam przypisane właściwe IP) eth0 w mam int

Czy mogłby ktoś podpowiedzieć gdzie robię błąd

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Twój problem jest w tym:

 

Tue Oct 22 13:18:22 2013 VERIFY ERROR: depth=1, error=certificate signature failure: /C=PL/ST=xxx/L=xxxx/O=xxxx/OU=xxxx/CN=xxxx_CA/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 13:18:22 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

 

Jesteś pewien, że klucze wygenerowałeś zgodnie z instrukcją

 

./build-key-server server
./build-key client1

A nie np. pomyliłeś się i zrobiłeś ./build-key-server client1?

Udostępnij ten post


Link to postu
Udostępnij na innych stronach
Gość patrys

Coś może z howto, bo wygląda na problem z certyfikatem

Zweryfikuj ten certyfikat z CA czy jest poprawny i włącz jakiś wyższy poziom debug.

Choć ja bym zrobił od nowa tego OpenVPN ;)

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

to wynik sprawdzenia certyfikatu:

 

[root@s1 cert]# openssl verify -CAfile ca.crt client1.crt
client1.crt: OK

 

 

więc certyfikat wygląda OK, zmieniłem też config clienta wykorzystując te przykładowe z dystrybucji. Oto jego obecna zawartość:

 

##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote xxxx.pl 1194
;remote my-server-2 1194

# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca ca.crt
cert client1.crt
key client1.key

# Verify server certificate by checking
# that the certicate has the nsCertType
# field set to "server". This is an
# important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the nsCertType
# field set to "server". The build-key-server
# script in the easy-rsa folder will do this.
ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 4

# Silence repeating messages
;mute 20
auth-user-pass

 

 

 

a oto obecne komunikaty przy połączeniu klienta:

 

Tue Oct 22 21:57:43 2013 us=309318 Current Parameter Settings:
Tue Oct 22 21:57:43 2013 us=309669 config = 'client1.ovpn'
Tue Oct 22 21:57:43 2013 us=309674 mode = 0
Tue Oct 22 21:57:43 2013 us=309679 show_ciphers = DISABLED
Tue Oct 22 21:57:43 2013 us=309682 show_digests = DISABLED
Tue Oct 22 21:57:43 2013 us=309686 show_engines = DISABLED
Tue Oct 22 21:57:43 2013 us=309690 genkey = DISABLED
Tue Oct 22 21:57:43 2013 us=309694 key_pass_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309698 show_tls_ciphers = DISABLED
Tue Oct 22 21:57:43 2013 us=309702 proto = 0
Tue Oct 22 21:57:43 2013 us=309705 local = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309710 remote_list[0] = {'xxxx.pl', 1194}
Tue Oct 22 21:57:43 2013 us=309713 remote_random = DISABLED
Tue Oct 22 21:57:43 2013 us=309717 local_port = 1194
Tue Oct 22 21:57:43 2013 us=309721 remote_port = 1194
Tue Oct 22 21:57:43 2013 us=309724 remote_float = DISABLED
Tue Oct 22 21:57:43 2013 us=309737 ipchange = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309741 bind_local = DISABLED
Tue Oct 22 21:57:43 2013 us=309745 dev = 'tun'
Tue Oct 22 21:57:43 2013 us=309749 dev_type = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309757 dev_node = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309761 tun_ipv6 = DISABLED
Tue Oct 22 21:57:43 2013 us=309765 ifconfig_local = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309770 ifconfig_remote_netmask = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309774 ifconfig_noexec = DISABLED
Tue Oct 22 21:57:43 2013 us=309787 ifconfig_nowarn = DISABLED
Tue Oct 22 21:57:43 2013 us=309791 shaper = 0
Tue Oct 22 21:57:43 2013 us=309795 tun_mtu = 1500
Tue Oct 22 21:57:43 2013 us=309799 tun_mtu_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=309802 link_mtu = 1500
Tue Oct 22 21:57:43 2013 us=309806 link_mtu_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=309819 tun_mtu_extra = 0
Tue Oct 22 21:57:43 2013 us=309823 tun_mtu_extra_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=309827 fragment = 0
Tue Oct 22 21:57:43 2013 us=309830 mtu_discover_type = -1
Tue Oct 22 21:57:43 2013 us=309834 mtu_test = 0
Tue Oct 22 21:57:43 2013 us=309838 mlock = DISABLED
Tue Oct 22 21:57:43 2013 us=309841 keepalive_ping = 0
Tue Oct 22 21:57:43 2013 us=309846 keepalive_timeout = 0
Tue Oct 22 21:57:43 2013 us=309849 inactivity_timeout = 0
Tue Oct 22 21:57:43 2013 us=309853 ping_send_timeout = 0
Tue Oct 22 21:57:43 2013 us=309859 ping_rec_timeout = 120
Tue Oct 22 21:57:43 2013 us=309863 ping_rec_timeout_action = 2
Tue Oct 22 21:57:43 2013 us=309867 ping_timer_remote = DISABLED
Tue Oct 22 21:57:43 2013 us=309870 remap_sigusr1 = 0
Tue Oct 22 21:57:43 2013 us=309874 explicit_exit_notification = 0
Tue Oct 22 21:57:43 2013 us=309878 persist_tun = ENABLED
Tue Oct 22 21:57:43 2013 us=309882 persist_local_ip = DISABLED
Tue Oct 22 21:57:43 2013 us=309886 persist_remote_ip = DISABLED
Tue Oct 22 21:57:43 2013 us=309889 persist_key = ENABLED
Tue Oct 22 21:57:43 2013 us=309893 mssfix = 1450
Tue Oct 22 21:57:43 2013 us=309897 resolve_retry_seconds = 1000000000
Tue Oct 22 21:57:43 2013 us=309901 connect_retry_seconds = 5
Tue Oct 22 21:57:43 2013 us=309904 username = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309908 groupname = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309911 chroot_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309915 cd_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309919 writepid = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309923 up_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309944 down_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=309948 down_pre = DISABLED
Tue Oct 22 21:57:43 2013 us=309951 up_restart = DISABLED
Tue Oct 22 21:57:43 2013 us=309955 up_delay = DISABLED
Tue Oct 22 21:57:43 2013 us=309958 daemon = DISABLED
Tue Oct 22 21:57:43 2013 us=309962 inetd = 0
Tue Oct 22 21:57:43 2013 us=309965 log = DISABLED
Tue Oct 22 21:57:43 2013 us=309969 suppress_timestamps = DISABLED
Tue Oct 22 21:57:43 2013 us=309972 nice = 0
Tue Oct 22 21:57:43 2013 us=309976 verbosity = 4
Tue Oct 22 21:57:43 2013 us=309979 mute = 0
Tue Oct 22 21:57:43 2013 us=310176 gremlin = 0
Tue Oct 22 21:57:43 2013 us=310185 status_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310190 status_file_version = 1
Tue Oct 22 21:57:43 2013 us=310194 status_file_update_freq = 60
Tue Oct 22 21:57:43 2013 us=310198 occ = ENABLED
Tue Oct 22 21:57:43 2013 us=310203 rcvbuf = 0
Tue Oct 22 21:57:43 2013 us=310207 sndbuf = 0
Tue Oct 22 21:57:43 2013 us=310212 socks_proxy_server = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310220 socks_proxy_port = 0
Tue Oct 22 21:57:43 2013 us=310225 socks_proxy_retry = DISABLED
Tue Oct 22 21:57:43 2013 us=310229 fast_io = DISABLED
Tue Oct 22 21:57:43 2013 us=310233 comp_lzo = ENABLED
Tue Oct 22 21:57:43 2013 us=310237 comp_lzo_adaptive = ENABLED
Tue Oct 22 21:57:43 2013 us=310241 route_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310246 route_default_gateway = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=310250 route_noexec = DISABLED
Tue Oct 22 21:57:43 2013 us=310254 route_delay = 0
Tue Oct 22 21:57:43 2013 us=316919 route_delay_window = 30
Tue Oct 22 21:57:43 2013 us=316932 route_delay_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=316950 management_addr = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=316954 management_port = 0
Tue Oct 22 21:57:43 2013 us=316959 management_user_pass = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=316965 management_log_history_cache = 250
Tue Oct 22 21:57:43 2013 us=316970 management_echo_buffer_size = 100
Tue Oct 22 21:57:43 2013 us=316975 management_query_passwords = DISABLED
Tue Oct 22 21:57:43 2013 us=316980 management_hold = DISABLED
Tue Oct 22 21:57:43 2013 us=316984 shared_secret_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=316989 key_direction = 0
Tue Oct 22 21:57:43 2013 us=316993 ciphername_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=316998 ciphername = 'BF-CBC'
Tue Oct 22 21:57:43 2013 us=317019 authname_defined = ENABLED
Tue Oct 22 21:57:43 2013 us=317025 authname = 'SHA1'
Tue Oct 22 21:57:43 2013 us=317031 keysize = 0
Tue Oct 22 21:57:43 2013 us=328541 engine = DISABLED
Tue Oct 22 21:57:43 2013 us=328553 replay = ENABLED
Tue Oct 22 21:57:43 2013 us=328562 mute_replay_warnings = DISABLED
Tue Oct 22 21:57:43 2013 us=328568 replay_window = 64
Tue Oct 22 21:57:43 2013 us=328573 replay_time = 15
Tue Oct 22 21:57:43 2013 us=328579 packet_id_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=328583 use_iv = ENABLED
Tue Oct 22 21:57:43 2013 us=328589 test_crypto = DISABLED
Tue Oct 22 21:57:43 2013 us=328594 tls_server = DISABLED
Tue Oct 22 21:57:43 2013 us=328598 tls_client = ENABLED
Tue Oct 22 21:57:43 2013 us=328602 key_method = 2
Tue Oct 22 21:57:43 2013 us=328606 ca_file = 'ca.crt'
Tue Oct 22 21:57:43 2013 us=328610 dh_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=328614 cert_file = 'client1.crt'
Tue Oct 22 21:57:43 2013 us=328625 priv_key_file = 'client1.key'
Tue Oct 22 21:57:43 2013 us=328631 pkcs12_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=328635 cryptoapi_cert = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338961 cipher_list = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338971 tls_verify = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338976 tls_remote = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338981 crl_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=338986 ns_cert_type = 64
Tue Oct 22 21:57:43 2013 us=338991 tls_timeout = 2
Tue Oct 22 21:57:43 2013 us=338995 renegotiate_bytes = 0
Tue Oct 22 21:57:43 2013 us=339000 renegotiate_packets = 0
Tue Oct 22 21:57:43 2013 us=339004 renegotiate_seconds = 3600
Tue Oct 22 21:57:43 2013 us=339009 handshake_window = 60
Tue Oct 22 21:57:43 2013 us=339013 transition_window = 3600
Tue Oct 22 21:57:43 2013 us=339017 single_session = DISABLED
Tue Oct 22 21:57:43 2013 us=339021 tls_exit = DISABLED
Tue Oct 22 21:57:43 2013 us=339025 tls_auth_file = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=339036 server_network = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=339041 server_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349848 server_bridge_ip = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349858 server_bridge_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349864 server_bridge_pool_start = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349870 server_bridge_pool_end = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349876 ifconfig_pool_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=349881 ifconfig_pool_start = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349886 ifconfig_pool_end = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349891 ifconfig_pool_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=349896 ifconfig_pool_persist_filename = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=349900 ifconfig_pool_persist_refresh_freq = 600
Tue Oct 22 21:57:43 2013 us=349905 ifconfig_pool_linear = DISABLED
Tue Oct 22 21:57:43 2013 us=349910 n_bcast_buf = 256
Tue Oct 22 21:57:43 2013 us=349914 tcp_queue_limit = 64
Tue Oct 22 21:57:43 2013 us=349918 real_hash_size = 256
Tue Oct 22 21:57:43 2013 us=349922 virtual_hash_size = 256
Tue Oct 22 21:57:43 2013 us=359059 client_connect_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359077 learn_address_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359084 client_disconnect_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359089 client_config_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359094 ccd_exclusive = DISABLED
Tue Oct 22 21:57:43 2013 us=359098 tmp_dir = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=359103 push_ifconfig_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=359108 push_ifconfig_local = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=359113 push_ifconfig_remote_netmask = 0.0.0.0
Tue Oct 22 21:57:43 2013 us=359117 enable_c2c = DISABLED
Tue Oct 22 21:57:43 2013 us=359121 duplicate_cn = DISABLED
Tue Oct 22 21:57:43 2013 us=359125 cf_max = 0
Tue Oct 22 21:57:43 2013 us=359129 cf_per = 0
Tue Oct 22 21:57:43 2013 us=359133 max_clients = 1024
Tue Oct 22 21:57:43 2013 us=359137 max_routes_per_client = 256
Tue Oct 22 21:57:43 2013 us=368540 client_cert_not_required = DISABLED
Tue Oct 22 21:57:43 2013 us=368567 username_as_common_name = DISABLED
Tue Oct 22 21:57:43 2013 us=368574 auth_user_pass_verify_script = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=368580 auth_user_pass_verify_script_via_file = DISABLED
Tue Oct 22 21:57:43 2013 us=368585 client = ENABLED
Tue Oct 22 21:57:43 2013 us=368591 pull = ENABLED
Tue Oct 22 21:57:43 2013 us=368598 auth_user_pass_file = 'stdin'
Tue Oct 22 21:57:43 2013 us=368612 show_net_up = DISABLED
Tue Oct 22 21:57:43 2013 us=368616 route_method = 0
Tue Oct 22 21:57:43 2013 us=368623 ip_win32_defined = DISABLED
Tue Oct 22 21:57:43 2013 us=368628 ip_win32_type = 3
Tue Oct 22 21:57:43 2013 us=368634 dhcp_masq_offset = 0
Tue Oct 22 21:57:43 2013 us=368641 dhcp_lease_time = 31536000
Tue Oct 22 21:57:43 2013 us=368647 tap_sleep = 0
Tue Oct 22 21:57:43 2013 us=368653 dhcp_options = DISABLED
Tue Oct 22 21:57:43 2013 us=368657 dhcp_renew = DISABLED
Tue Oct 22 21:57:43 2013 us=378549 dhcp_pre_release = DISABLED
Tue Oct 22 21:57:43 2013 us=378557 dhcp_release = DISABLED
Tue Oct 22 21:57:43 2013 us=378563 domain = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=378567 netbios_scope = '[uNDEF]'
Tue Oct 22 21:57:43 2013 us=378572 netbios_node_type = 0
Tue Oct 22 21:57:43 2013 us=378576 disable_nbt = DISABLED
Tue Oct 22 21:57:43 2013 us=378584 OpenVPN 2.0.9 Win32-MinGW [sSL] [LZO] built on Oct 1 2006
Tue Oct 22 21:58:12 2013 us=523239 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Oct 22 21:58:12 2013 us=523930 LZO compression initialized
Tue Oct 22 21:58:12 2013 us=523981 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Oct 22 21:58:12 2013 us=530504 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Oct 22 21:58:12 2013 us=530530 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Oct 22 21:58:12 2013 us=530536 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Oct 22 21:58:12 2013 us=530551 Local Options hash (VER=V4): '41690919'
Tue Oct 22 21:58:12 2013 us=530559 Expected Remote Options hash (VER=V4): '530fdded'
Tue Oct 22 21:58:12 2013 us=530574 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Oct 22 21:58:12 2013 us=530582 UDPv4 link local: [undef]
Tue Oct 22 21:58:12 2013 us=530587 UDPv4 link remote: 46.29.18.86:1194
Tue Oct 22 21:58:12 2013 us=574733 TLS: Initial packet from 46.29.18.86:1194, sid=f2f49789 70333015
Tue Oct 22 21:58:12 2013 us=782039 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=PL/ST=xxxxx/L=xxxxx/O=xxxx/OU=biuro/CN=xxxx.pl/name=EasyRSA/emailAddress=marek@xxxx.pl
Tue Oct 22 21:58:12 2013 us=782155 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Oct 22 21:58:12 2013 us=782170 TLS Error: TLS object -> incoming plaintext read error
Tue Oct 22 21:58:12 2013 us=782180 TLS Error: TLS handshake failed
Tue Oct 22 21:58:12 2013 us=782332 TCP/UDP: Closing socket
Tue Oct 22 21:58:12 2013 us=782397 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 22 21:58:12 2013 us=782409 Restart pause, 2 second(s)
Edytowano przez Marek Miklewicz (zobacz historię edycji)

Udostępnij ten post


Link to postu
Udostępnij na innych stronach

Bądź aktywny! Zaloguj się lub utwórz konto

Tylko zarejestrowani użytkownicy mogą komentować zawartość tej strony

Utwórz konto

Zarejestruj nowe konto, to proste!

Zarejestruj nowe konto

Zaloguj się

Posiadasz własne konto? Użyj go!

Zaloguj się

Zaloguj się, aby obserwować  

×