[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Problem switchign from shared secret to TLS


  • Subject: [Openvpn-users] Problem switchign from shared secret to TLS
  • From: Stephen Carville <enemyofthestate@xxxxxxxxxxxxxx>
  • Date: Thu, 16 Dec 2004 00:08:55 -0800 (PST)

I have been testing OpenVPN for about three weeks now using a shared 
key.  It has proven to be very robust and performs as well as or 
better than the IPSEC tunnels I use now.

In the interest of periodic rekeying, I tried switching to TLS
authentication.

Now the connection will not come up and which ever side is designaed 
as the client (tls-client) gets a bunch of the following messages in 
the log

TLS Error: Unroutable control packet received from 
209.189.103.196:5000 (si=3 op=P_CONTROL_V1)
TLS Error: Unroutable control packet received from 
209.189.103.196:5000 (si=3 op=P_CONTROL_V1)

I am using OpenVPN version 2.0_beta15

Configurations:

'Client' side
#tls-server
tls-client
dh ssl.key/dh1024.key
ca ssl.crt/vpn-ca.crt
cert ssl.crt/shannon.crt
key ssl.key/shannon.key
# secret ssl.key/warlock-shannon.key

comp-lzo
dev tun0

local 209.189.103.196
remote 216.117.196.95
ifconfig 192.168.254.1 192.168.254.2
port 5000
proto udp

up up/warlock-shannon.up

user nobody
group nobody

ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key

verb 3

'Server' side

tls-server
#tls-client
dh ssl.key/dh1024.key
ca ssl.crt/vpn-ca.crt
cert ssl.crt/warlock.crt
key ssl.key/warlock.key
#secret ssl.key/warlock-shannon.key

dev tun0
comp-lzo

local 216.117.196.95
remote 209.189.103.196
ifconfig 192.168.254.2 192.168.254.1
port 5000
proto udp

up up/warlock-shannon.up

user nobody
group nobody

ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key

verb 3



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users