[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Odd Issue With TLS Padding?


  • Subject: [Openvpn-users] Odd Issue With TLS Padding?
  • From: "Petersen, Mark" <MPetersen@xxxxxxxxx>
  • Date: Wed, 11 Jul 2007 14:33:49 -0500

Hello,

I'm using OpenVPN 2.0.9 i486-pc-linux-gnu Debian Etch package trying to
setup a bridge.  I'm getting an unusual error (Wed Jul 11 14:09:36 2007
66.88.39.226:17847 TLS_ERROR: BIO read tls_read_plaintext error:
error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too
short) on the server.  Configs and more logging below, any help would be
appreciated.  Time is definitely in-sync.  This is going through a
CheckPoint Firewall1 router if that could somehow be the problem, but I
can make whatever changes are necessary.




-Server Config
port 10001
proto tcp
dev tap
ca certs/ca.crt
cert certs/server.crt
key certs/server.key  
dh certs/dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 66.88.xx.xx 255.255.255.0 10.1.1.20 10.1.1.25
keepalive 10 120
cipher BF-CBC        # Blowfish (default)
comp-lzo
max-clients 2
user nobody
group nogroup
status /var/log/openvpn/status.log
log-append  /var/log/openvpn/openvpn.log
verb 6 # for debugging
mute 20

-Client Config
client
dev tap
proto tcp
remote 66.88.xx.xx 10001
resolv-retry infinite
nobind
user nobody
group nogroup
ca certs/ca.crt
cert certs/client.crt
key certs/client.key
ns-cert-type server
tls-client
cipher BF-CBC
comp-lzo
verb 6 # for debugging
mute 20

-Server Log
us=183140 66.88.xx.xx:21243 86 variation(s) on previous 20 message(s)
suppressed by --mute
us=183223 66.88.xx.xx:21243 VERIFY OK: depth=1,
/C=US/ST=IL/L=Chicago/O=1SYNC/OU=Infrastructure/CN=1SYNC_Certificate_Aut
hority/emailAddress=mpetersen@xxxxxxxxx
us=184045 66.88.xx.xx:21243 VERIFY OK: depth=0,
/C=US/ST=Illinois/L=Chicago/O=1SYNC/OU=Tech_Ops/CN=openvpn-10s.mgmt.1syn
c.org/emailAddress=hostmaster@xxxxxxxxx
us=184182 66.88.xx.xx:21243 TLS_ERROR: BIO read tls_read_plaintext
error: error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding
too short
us=184254 66.88.xx.xx:21243 TLS Error: TLS object -> incoming plaintext
read error
us=184303 66.88.xx.xx:21243 TLS Error: TLS handshake failed
us=184707 66.88.xx.xx:21243 Fatal TLS error (check_tls_errors_co),
restarting
us=184797 66.88.xx.xx:21243 SIGUSR1[soft,tls-error] received,
client-instance restarting
us=185023 TCP/UDP: Closing socket



Client Log
ovpn-client[4445]: ACK reliable_send_timeout 0 [26] 22 23 24 25
ovpn-client[4445]: TLS: tls_process: timeout set to 1
ovpn-client[4445]: TLS: tls_multi_process: i=1 state=S_INITIAL,
mysid=72b3180a f793f59c, stored-sid=00000000 00000000, stored-ip=[undef]
ovpn-client[4445]: TLS: tls_multi_process: i=2 state=S_UNDEF,
mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
ovpn-client[4445]: STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1
maxlen=1576
ovpn-client[4445]: PO_CTL rwflags=0x0003 ev=5 arg=0x080900cc
ovpn-client[4445]: I/O WAIT T?|T?|SR|SW [1/87344]
ovpn-client[4445]: PO_WAIT[0,0] fd=5 rev=0x00000019 rwflags=0x0001
arg=0x080900cc 
ovpn-client[4445]:  event_wait returned 1
ovpn-client[4445]: I/O WAIT status=0x0001
ovpn-client[4445]: STREAM: GET NEXT len=1576
ovpn-client[4445]: Connection reset, restarting [0]
ovpn-client[4445]: PID packet_id_free
ovpn-client[4445]: TCP/UDP: Closing socket
ovpn-client[4445]: PID packet_id_free
ovpn-client[4445]: SIGUSR1[soft,connection-reset] received, process
restarting
ovpn-client[4445]: Restart pause, 5 second(s)

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users