I
am trying to get a 2.0 server running. But my client keeps reporting
back with the following error:
(excerpt from client log)
Fri Jun 02 15:02:46 2006 us=582105 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Fri Jun 02 15:02:46 2006 us=582167 Re-using SSL/TLS context
Fri Jun 02 15:02:46 2006 us=582215 LZO compression initialized
Fri Jun 02 15:02:46 2006 us=582310 Control Channel MTU parms [ L:1542
D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jun 02 15:02:46 2006 us=583931 Data Channel MTU parms [ L:1542
D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 02 15:02:46 2006 us=583990 Local Options String: 'V4,dev-type
tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth
SHA1,keysize 128,key-method 2,tls-client'
Fri Jun 02 15:02:46 2006 us=584007 Expected Remote Options String:
'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Fri Jun 02 15:02:46 2006 us=585247 Local Options hash (VER=V4):
'41690919'
Fri Jun 02 15:02:46 2006 us=585367 Expected Remote Options hash
(VER=V4): '530fdded'
Fri Jun 02 15:02:46 2006 us=585447 Socket Buffers: R=[8192->8192]
S=[8192->8192]
Fri Jun 02 15:02:46 2006 us=585472 UDPv4 link local: [undef]
Fri Jun 02 15:02:46 2006 us=585487 UDPv4 link remote:
192.168.1.111:1194
Fri Jun 02 15:02:46 2006 us=591270 TLS: Initial packet from
192.168.1.111:1194, sid=3a2ae001 a204f9b4
Fri Jun 02 15:02:46 2006 us=660126 VERIFY ERROR: depth=1, error=self
signed certificate in certificate chain:
/C=US/ST=NC/L=Cary/O=CommLogix__Inc./CN=vpn1/emailAddress=support@xxxxxxxxxxxxx
Fri Jun 02 15:02:46 2006 us=660326 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jun 02 15:02:46 2006 us=660344 TLS Error: TLS object -> incoming
plaintext read error
Fri Jun 02 15:02:46 2006 us=660358 TLS Error: TLS handshake failed
Fri Jun 02 15:02:46 2006 us=660745 TCP/UDP: Closing socket
Fri Jun 02 15:02:46 2006 us=660862 SIGUSR1[soft,tls-error] received,
process restarting
Fri Jun 02 15:02:46 2006 us=660879 Restart pause, 2 second(s)
The server log states this: (the times may be a little off)
Fri Jun 2 15:00:58 2006 192.168.1.150:1036 TLS: Initial packet from
192.168.1.150:1036, sid=c7147b4c d330a202
Fri Jun 2 15:01:00 2006 MULTI: multi_create_instance called
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 Re-using SSL/TLS context
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 LZO compression initialized
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 Control Channel MTU parms [
L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 Data Channel MTU parms [
L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 Local Options hash
(VER=V4): '530fdded'
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 Expected Remote Options
hash (VER=V4): '41690919'
Fri Jun 2 15:01:00 2006 192.168.1.150:1038 TLS: Initial packet from
192.168.1.150:1038, sid=c8583d59 a2c4b652
Fri Jun 2 15:01:54 2006 192.168.1.150:1032 TLS Error: TLS key
negotiation failed to occur within 60 seconds (check your network
connectivity)
Fri Jun 2 15:01:54 2006 192.168.1.150:1032 TLS Error: TLS handshake
failed
Fri Jun 2 15:01:54 2006 192.168.1.150:1032 SIGUSR1[soft,tls-error]
received, client-instance restarting
Any thoughts? I have another OpenVPN 2.0 server setup (separate
physical computer) and this same client can connect to it with no
problem. So I don't think there is a TAP issue, etc. What does the
error mean about the self-signed certificate? I followed the
directions on the OpenVPN How-to line by line.... i used the
./build-key-server for the server key
Thanks
Brian