[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Connection resets


  • Subject: [Openvpn-users] Connection resets
  • From: Jan Luehr <jluehr@xxxxxxx>
  • Date: Sat, 19 May 2007 12:22:15 +0200

Hello,

I've some trouble setting up a vpn-connection between WIndows Vista (server) 
and Linux (client) using certificates generated with xca.

The client says:
gyro-gearloose:/etc/openvpn/vitaly-vpn# openvpn --config client.conf
Sat May 19 11:15:35 2007 OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] 
built on Jan 21 2007
Sat May 19 11:15:35 2007 IMPORTANT: OpenVPN's default port number is now 1194, 
based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and 
earlier used 5000 as the default port.
Sat May 19 11:15:35 2007 WARNING: No server certificate verification method 
has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat May 19 11:15:35 2007 LZO compression initialized
Sat May 19 11:15:35 2007 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Sat May 19 11:15:35 2007 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 
ET:0 EL:0 AF:3/1 ]
Sat May 19 11:15:35 2007 Local Options hash (VER=V4): '958c5492'
Sat May 19 11:15:35 2007 Expected Remote Options hash (VER=V4): '79ef4284'
Sat May 19 11:15:35 2007 Attempting to establish TCP connection with 
212.202.24.225:1194
Sat May 19 11:15:35 2007 TCP connection established with 212.202.24.225:1194
Sat May 19 11:15:35 2007 TCPv4_CLIENT link local: [undef]
Sat May 19 11:15:35 2007 TCPv4_CLIENT link remote: 212.202.24.225:1194
Sat May 19 11:15:35 2007 TLS: Initial packet from 212.202.24.225:1194, 
sid=fbb7756c efd1fb42
Sat May 19 11:15:36 2007 VERIFY OK: 
depth=1, /C=DE/ST=NRW/L=Koeln/O=privat/OU=PC/CN=cavitaly/emailAddress=test@xxxxxxxx
Sat May 19 11:15:36 2007 VERIFY OK: 
depth=0, /C=DE/ST=NRW/L=Koeln/O=privat/OU=PC/CN=server/emailAddress=test@xxxxxxxx
Sat May 19 11:15:37 2007 Connection reset, restarting [0]
Sat May 19 11:15:37 2007 TCP/UDP: Closing socket
Sat May 19 11:15:37 2007 SIGUSR1[soft,connection-reset] received, process 
restarting
Sat May 19 11:15:37 2007 Restart pause, 5 second(s)
Sat May 19 11:15:38 2007 SIGINT[hard,init_instance] received, process exiting


The server says:

Sat May 19 11:13:15 2007 MULTI: multi_create_instance called
Sat May 19 11:13:15 2007 Re-using SSL/TLS context
Sat May 19 11:13:15 2007 LZO compression initialized
Sat May 19 11:13:15 2007 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 
ET:0 EL:0 ]
Sat May 19 11:13:15 2007 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 
ET:0 EL:0 AF:3/1 ]
Sat May 19 11:13:15 2007 Local Options hash (VER=V4): '79ef4284'
Sat May 19 11:13:15 2007 Expected Remote Options hash (VER=V4): '958c5492'
Sat May 19 11:13:15 2007 TCP connection established with 84.63.2.59:54655
Sat May 19 11:13:15 2007 TCPv4_SERVER link local: [undef]
Sat May 19 11:13:15 2007 TCPv4_SERVER link remote: 84.63.2.59:54655
Sat May 19 11:13:15 2007 84.63.2.59:54655 TLS: Initial packet from 
84.63.2.59:54655, sid=ed8fed86 7d90f5bf
Sat May 19 11:13:17 2007 84.63.2.59:54655 VERIFY ERROR: depth=1, 
error=certificate signature 
failure: /C=DE/ST=NRW/L=Koeln/O=privat/OU=PC/CN=cavitaly/emailAddress=test@xxxxxxxx
Sat May 19 11:13:17 2007 84.63.2.59:54655 TLS_ERROR: BIO read 
tls_read_plaintext error: error:140890B2:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Sat May 19 11:13:17 2007 84.63.2.59:54655 TLS Error: TLS object -> incoming 
plaintext read error
Sat May 19 11:13:17 2007 84.63.2.59:54655 TLS Error: TLS handshake failed
Sat May 19 11:13:17 2007 84.63.2.59:54655 Fatal TLS error 
(check_tls_errors_co), restarting
Sat May 19 11:13:17 2007 84.63.2.59:54655 SIGUSR1[soft,tls-error] received, 
client-instance restarting
Sat May 19 11:13:17 2007 TCP/UDP: Closing socket

I use tinyca2 to generate certificates, everything is alright...
If I use my router as server (OpenWRT OpenVPN 2.0.8) everything is alright, 
too.
What may be wrong here?
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users