[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Problem with Tls mode setup.


  • Subject: [Openvpn-users] Problem with Tls mode setup.
  • From: "Joshua Snyder" <josh@xxxxxxxxxxxxxxx>
  • Date: Tue, 18 Jan 2005 12:17:12 -0500

I have problems setting up a Openvpn tunnel in Tls mode.  I have setup 
Openvpn with pre-shared keysmany times before and I have never had any 
problems.  But Tls mode just isn't working for me.  I think at this point 
that my problem has nothing to do with Openvpn, I think it is a OpenSsl 
issue.  But seeing how I followed the setup documents off of the website I 
figured I would ask here.  What I am getting now is the following.

Jan 18 16:40:17 mouse openvpn-Tunnel1[19954]: VERIFY ERROR: depth=0, 
error=unable to get local issuer certificate: 
/C=US/ST=Indiana/O=FoxComputers/CN=Josh.Snyder
Jan 18 16:40:17 mouse openvpn-Tunnel1[19954]: TLS_ERROR: BIO read 
tls_read_plaintext error: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Jan 18 16:40:17 mouse openvpn-Tunnel1[19954]: TLS Error: TLS object -> 
incoming plaintext read error
Jan 18 16:40:17 mouse openvpn-Tunnel1[19954]: TLS Error: TLS handshake 
failed
Jan 18 16:40:17 mouse openvpn-Tunnel1[19954]: TLS Error: Unroutable control 
packet received from 192.168.125.2:3201 (si=3 op=P_CONTROL_V1)

Here is my openvpn config file (coments stripped)

dev Tunnel1
dev-type tun
tls-client
ca /etc/CA/my-ca.crt
cert /etc/CA/mouse.crt
key /etc/CA/mouse.key
ifconfig 10.10.0.2 10.10.0.1
remote 192.168.125.2
rport 3201
lport 3201
ping            5
ping-restart    15
ping-timer-rem
persist-tun
persist-key
tun-mtu 1500
comp-lzo
up /usr/share/etc/openvpn-updown.sh
ipchange /usr/share/etc/openvpn-updown.sh
down /usr/share/etc/openvpn-updown.sh
up-restart
setenv dev_name Tunnel1
writepid /var/run/Tunnel1.pid
daemon openvpn-Tunnel1

I think the real problem is the first line.  But I followed the setup guide 
at http://openvpn.net/howto.html so I think it should be correct. I looked 
around on the internet and found lots of people haveing problems like this 
in general with openssl but nothing that seem to apply in this case.  Any 
suggestions?

                    josh 





-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users