[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Something missing when building new certs/keys??

  • Subject: [Openvpn-users] Something missing when building new certs/keys??
  • From: "OverTech Argentina" <overtech.argentina@xxxxxxxxx>
  • Date: Fri, 1 Dec 2006 08:11:14 -0300
Hi everyone.
 
I'm writing because I've got a problem that I couldn't solve.
 
In a Windows 2003 Server in installed OpenVPN just to create certs and keys. The server cert and key is to place in a Linksys WRT54GL router (located at the office) that works as OpenVPN server, the others certs and keys are for clients notebooks that will connect to the VPN when they are outside the office.
 
Following the OpenVPN HOW-TO yesterday I create the ca.crt, the server cert/key and two cert/key for two clients and finally the dh1024.pem.
 
I tested all of them placing the necessary files in the server and the each clients files with the ca.crt in the corresponding notebook and everything works fine.
 
Today I realized that I forgot to build a cert/key for a third notebook that will be outside the office, so in the Windows 2003 server computer I excecute vars.bat and then build-key client3. I got the client3.crt and client3.key which I copied with the ca.crt to the third notebook. I tried to stablish connection with this third notebook and I couldn't: TLS handshake problem. The OpenVPN server running inside the router shown that the ca.crt was correctly verify and there was an error trying to verify the client certificate.
 
I sit in front of the Windows 2003 server computer to verify the cert executing:
openssl verify -CAfile ca.crt -purpose sslclient client3.crt
The result was that the client3.cert was OK.
 
I decided to execute build-dh again, because I thought that as last step of the HOW-TO after the clients cert/key, may be after building a new cert/key for a new client dh parameters has to be rebuild. So after running build-dh I re-launch the OpenVPN server with the new dh1024.pem. But the client3 couldn't connect, again the same problem.
 
To discard a problem in the notebook or in the internet connection, I copied in the notebook the cert/keys for client1 that I tested yesterday without a problem. The result was that the notebook could connect to the OpenVPN server and could access to all the network resources as I tested with success yesterday.
 
So, my question is: Do I miss some step when building the cert/key for the new client notebook??If not, what could be going on?
 
Any help will be usefull to me.
 
Thanks in advance.
 
                Santiago Gonzalez Rodriguez
 
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00007.html on line 209

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-12/msg00007.html on line 209