|
|
Michel,
Because you are connecting 1.3.x to 1.5 using TLS, there are some minor
compatibility issues (you can see the "compatibility issues" page on the
website). There are no changes in the protocol, but some changes in default
parameters. You might try using the --disable-occ parameter on the 1.3.x side.
Also, 1.5-beta8, which should be out shortly, has new support for using the
--ifconfig option on tap devices, and allows --ifconfig to be used on Windows
or Linux, eliminating the need for up scripts on linux or manual IP/netmask
changes on Windows.
James
Michel MEUNIER <mmeunier@xxxxxxx> said:
> After several months of use of OpenVPN between Linux boxes, I have to
> connect W2K and XP boxes now.
>
> It was pretty easy to setup a link using static key. But it is not so
> straight forward to use SSL-TLS with the same machines.
>
> My Linux boxes use 1.3.1 version, whereas W2K one uses 1.5-beta7 one.
>
> Here is a part of my log :
>
> 21[0]: tun_mtu = 1500
> 22[0]: tun_mtu_defined = ENABLED
> 23[0]: udp_mtu = 1300
> 24[0]: udp_mtu_defined = DISABLED
> 25[0]: mlock = DISABLED
> 26[0]: inactivity_timeout = 0
> 27[0]: ping_send_timeout = 15
> 28[0]: ping_rec_timeout = 0
> 29[0]: ping_rec_timeout_action = 0
> 30[0]: ping_timer_remote = DISABLED
>
>
> 36[0]: username = 'nobody'
> 37[0]: groupname = 'nogroup'
> 38[0]: chroot_dir = '[UNDEF]'
> 39[0]: cd_dir = '/etc/openvpn'
> 40[0]: writepid = '[UNDEF]'
> 41[0]: up_script = './r_furtif2.up'
> 42[0]: down_script = '[UNDEF]'
> 43[0]: daemon = DISABLED
> 44[0]: nice = 0
> 45[0]: verbosity = 3
> 46[0]: mute = 0
> 47[0]: gremlin = DISABLED
> 48[0]: comp_lzo = ENABLED
> 49[0]: comp_lzo_adaptive = ENABLED
> 50[0]: shared_secret_file = '[UNDEF]'
> 51[0]: ciphername_defined = ENABLED
> 52[0]: ciphername = 'BF-CBC'
> 53[0]: authname_defined = ENABLED
> 54[0]: authname = 'SHA1'
> 55[0]: keysize = 0 <-------- this works between Linux boxes
> keysize = 128 in conf file
> as no effect here
> 56[0]: packet_id = ENABLED
> 57[0]: iv = ENABLED
> 58[0]: test_crypto = DISABLED
> 59[0]: tls_server = ENABLED
> 60[0]: tls_client = DISABLED
> 61[0]: ca_file = '/root/.ssl/calydial-ca.crt'
> 62[0]: dh_file = '/root/.ssl/dh1024.pem'
> 63[0]: cert_file = '/root/.ssl/rabelais-calydial.crt'
> 64[0]: priv_key_file = '/root/.ssl/rabelais-calydial.key'
> 65[0]: cipher_list = '[UNDEF]'
> 66[0]: tls_verify = '[UNDEF]'
> 67[0]: tls_timeout = 5
>
>
> 75[0]: tls_auth_file = '[UNDEF]'
> 76[0]: OpenVPN 1.3.1 i386-redhat-linux built on Jul 10 2002
> 77[0]: PTHREAD support initialized
> 78[0]: UDP link local (bound): [undef]:5012
> 79[0]: UDP link remote: [undef]
> 80[0]: LZO compression initialized
> 81[0]: Data Channel MTU parms: mtu=1500 extra_frame=42 extra_buffer=61
> extra_tun=0
> 82[0]: Control Channel MTU parms: mtu=1504 extra_frame=38
> extra_buffer=38 extra_tun=0
> 83[0]: tun/tap device tap2 opened
> 84[0]: ./r_furtif2.up tap2 1500 1542
> 85[0]: GID set to nogroup
> 86[0]: UID set to nobody
> 87[1]: VERIFY OK: depth=1,
> /C=FR/ST=Some-State/L=VIENNE/O=CALYDIAL/CN=CALYDIAL/E
> mail=calydial@xxxxxxxxxx
> 88[1]: VERIFY OK: depth=0,
> /C=FR/ST=Some-State/O=CALYDIAL/CN=Furtif/Email=furtif
> @calydial.loc
> 89[1]: TLS Error: Local ('V1 --cipher BF-CBC --auth SHA1 --comp-lzo')
> and Remote ('V2 --dev-type tap --link-mtu 1606 --tun-mtu 1564 --cipher
> BF-CBC --auth SHA1 --keysize 128 --comp-lzo') options are incompatible
> 90[1]: TLS Error: TLS handshake failed
>
> Any idea ??
> Thanks in advance.
>
>
> Michel MEUNIER
>
> PS : OpenVPN is really good stuff !
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
--
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|