[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Problems connecting Windows Clients with a Solaris Server


  • Subject: [Openvpn-users] Problems connecting Windows Clients with a Solaris Server
  • From: sithglan@xxxxxxxxxxxxxxxxxxxx
  • Date: Wed, 16 May 2007 12:55:42 +0200

Hello,
I try to connect a Windows Client to a Solaris Server. I already have
sucessfully attached several other Solaris instances to my OpenVPN
Server.

This is the log of the Server:

        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 Re-using SSL/TLS context
        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.warning] 157.163.232.239:1194 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1359)
        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 Control Channel MTU parms [ L:1400 D:138 EF:38 EB:0 ET:0 EL:0 ]
        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 Data Channel MTU parms [ L:1400 D:1400 EF:41 EB:4 ET:0 EL:0 ]
        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 Local Options hash (VER=V4): '02151217'
        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 Expected Remote Options hash (VER=V4): '5ed072f1'
        May 16 12:46:10 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 TLS: Initial packet from 157.163.232.239:1194, sid=b599ebee f472e0f4
        May 16 12:46:11 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 VERIFY OK: depth=1, /C=DE/ST=Bayern/L=Erlangen/O=Siemens_AG/OU=GIO_IT_SHS_5116/CN=GIO_IT_SHS_5116_OpenVPN_Certification_Authority/emailAddress=thomas.glanzmann.ext@xxxxxxxxxxx
        May 16 12:46:11 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 VERIFY OK: depth=0, /C=DE/ST=Bayern/L=Erlangen/O=Siemens_AG/OU=GIO_IT_SHS_5116/CN=thomas.glanzmann/emailAddress=thomas.glanzmann.ext@xxxxxxxxxxx
        May 16 12:46:11 mcvpn openvpn[15019]: [ID 583609 daemon.error] 157.163.232.239:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
        May 16 12:46:11 mcvpn openvpn[15019]: [ID 583609 daemon.error] 157.163.232.239:1194 TLS Error: TLS object -> incoming plaintext read error
        May 16 12:46:11 mcvpn openvpn[15019]: [ID 583609 daemon.error] 157.163.232.239:1194 TLS Error: TLS handshake failed
        May 16 12:46:11 mcvpn openvpn[15019]: [ID 583609 daemon.notice] 157.163.232.239:1194 SIGUSR1[soft,tls-error] received, client-instance restarting

This is the log from the Client:

        Wed May 16 12:46:10 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
        Wed May 16 12:46:10 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
        Wed May 16 12:46:10 2007 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1359)
        Wed May 16 12:46:10 2007 Control Channel MTU parms [ L:1400 D:138 EF:38 EB:0 ET:0 EL:0 ]
        Wed May 16 12:46:10 2007 Data Channel MTU parms [ L:1400 D:1400 EF:41 EB:4 ET:0 EL:0 ]
        Wed May 16 12:46:10 2007 Local Options hash (VER=V4): '5ed072f1'
        Wed May 16 12:46:10 2007 Expected Remote Options hash (VER=V4): '02151217'
        Wed May 16 12:46:10 2007 UDPv4 link local (bound): [undef]:1194
        Wed May 16 12:46:10 2007 UDPv4 link remote: 157.163.224.172:1194
        Wed May 16 12:46:10 2007 TLS: Initial packet from 157.163.224.172:1194, sid=8faa3572 69d78a4f
        Wed May 16 12:46:10 2007 VERIFY OK: depth=1, /C=DE/ST=Bayern/L=Erlangen/O=Siemens_AG/OU=GIO_IT_SHS_5116/CN=GIO_IT_SHS_5116_OpenVPN_Certification_Authority/emailAddress=thomas.glanzmann.ext@xxxxxxxxxxx
        Wed May 16 12:46:10 2007 VERIFY OK: nsCertType=SERVER
        Wed May 16 12:46:10 2007 VERIFY OK: depth=0, /C=DE/ST=Bayern/L=Erlangen/O=Siemens_AG/OU=GIO_IT_SHS_5116/CN=mcvpn.erlf.siemens.de/emailAddress=thomas.glanzmann.ext@xxxxxxxxxxx
        Wed May 16 12:47:10 2007 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
        Wed May 16 12:47:10 2007 TLS Error: TLS handshake failed
        Wed May 16 12:47:10 2007 TCP/UDP: Closing socket
        Wed May 16 12:47:10 2007 SIGUSR1[soft,tls-error] received, process restarting
        Wed May 16 12:47:10 2007 Restart pause, 2 second(s)

I saw the error "TLS_ERROR: BIO read tls_read_plaintext error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac"
before. It happened for me when I used one openvpn binary linked against
the openssl library that is shipped with solaris and one openvpn binary
linked against a self-compiled lib openssl. I used the windows installer
from the openvpn.sf.net site. So I wonder why this error pops up.
This isn't my first openvpn setup. I have several bigger openvpn
installation running on debian which perfectly work with Linux and
Windows Clients.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users