Re: [Openvpn-users] Problem with PKCS#11 and iKey 1000 Token

[Marek Dlouhy <dlouhy@xxxxxxxxx>]

On 1/4/06, Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:

Marek Dlouhy wrote:
> Hi,
> I'm unsuccessfully trying to use PKCS#11 with iKey 1000 Token. When I
> start openvpn it fails with error CKR_SESSION_HANDLE_INVALID. Can
> someone help me, please?
>
> Here is my PKCS#11 config:
<snip>

Thank you for all the details!

Well... Actually it all OK... Is it the end of the log? The
CKR_SESSION_HANDLE_INVALID is OK at that stage.

Please send the rest of the log... Maybe I can see what fails.

Unfortunately that's the end of log. Last 2 lines:
PKCS#11: _isBetterCertificate entry pCurrent=00228CC0, nCurrentSize=739, pNew=00221490, nNewSize=739
PKCS#11: _isBetterCertificate return fBetter=0

are then logged again and again until i kill openvpn process. And i forgot say that CPU usage raise to 100%.

Are you prompted for password?

No.

Can you send the complete openvpn config?

remote systest 1194
verb 9
;verb 2
client
dev tun
proto udp
resolv-retry infinite
nobind
comp-lzo
persist-key
persist-tun
ca ca.crt
ns-cert-type server
pkcs11-providers k1pk112
pkcs11-slot-type id
pkcs11-slot 1
pkcs11-id-type label
pkcs11-id "838e3b93-0943-4dfc-b5f4-49e0b0827fe8"
;pkcs11-sign-mode recover
;pkcs11-cert-private
 

How do you run openvpn, as service?

No. I run "openvpn -config client.ovpn -log client.log" command from windows command line. And I'm of course member of local administrators.

Best Regards,
Alon Bar-Lev.