[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Odd Issue With TLS Padding?

  • Subject: [Openvpn-users] Odd Issue With TLS Padding?
  • From: "Petersen, Mark" <MPetersen@xxxxxxxxx>
  • Date: Wed, 11 Jul 2007 14:33:49 -0500


I'm using OpenVPN 2.0.9 i486-pc-linux-gnu Debian Etch package trying to
setup a bridge.  I'm getting an unusual error (Wed Jul 11 14:09:36 2007 TLS_ERROR: BIO read tls_read_plaintext error:
error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding too
short) on the server.  Configs and more logging below, any help would be
appreciated.  Time is definitely in-sync.  This is going through a
CheckPoint Firewall1 router if that could somehow be the problem, but I
can make whatever changes are necessary.

-Server Config
port 10001
proto tcp
dev tap
ca certs/ca.crt
cert certs/server.crt
key certs/server.key  
dh certs/dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 66.88.xx.xx
keepalive 10 120
cipher BF-CBC        # Blowfish (default)
max-clients 2
user nobody
group nogroup
status /var/log/openvpn/status.log
log-append  /var/log/openvpn/openvpn.log
verb 6 # for debugging
mute 20

-Client Config
dev tap
proto tcp
remote 66.88.xx.xx 10001
resolv-retry infinite
user nobody
group nogroup
ca certs/ca.crt
cert certs/client.crt
key certs/client.key
ns-cert-type server
cipher BF-CBC
verb 6 # for debugging
mute 20

-Server Log
us=183140 66.88.xx.xx:21243 86 variation(s) on previous 20 message(s)
suppressed by --mute
us=183223 66.88.xx.xx:21243 VERIFY OK: depth=1,
us=184045 66.88.xx.xx:21243 VERIFY OK: depth=0,
us=184182 66.88.xx.xx:21243 TLS_ERROR: BIO read tls_read_plaintext
error: error:04067069:rsa routines:RSA_EAY_PUBLIC_DECRYPT:pkcs1 padding
too short
us=184254 66.88.xx.xx:21243 TLS Error: TLS object -> incoming plaintext
read error
us=184303 66.88.xx.xx:21243 TLS Error: TLS handshake failed
us=184707 66.88.xx.xx:21243 Fatal TLS error (check_tls_errors_co),
us=184797 66.88.xx.xx:21243 SIGUSR1[soft,tls-error] received,
client-instance restarting
us=185023 TCP/UDP: Closing socket

Client Log
ovpn-client[4445]: ACK reliable_send_timeout 0 [26] 22 23 24 25
ovpn-client[4445]: TLS: tls_process: timeout set to 1
ovpn-client[4445]: TLS: tls_multi_process: i=1 state=S_INITIAL,
mysid=72b3180a f793f59c, stored-sid=00000000 00000000, stored-ip=[undef]
ovpn-client[4445]: TLS: tls_multi_process: i=2 state=S_UNDEF,
mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
ovpn-client[4445]: STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1
ovpn-client[4445]: PO_CTL rwflags=0x0003 ev=5 arg=0x080900cc
ovpn-client[4445]: I/O WAIT T?|T?|SR|SW [1/87344]
ovpn-client[4445]: PO_WAIT[0,0] fd=5 rev=0x00000019 rwflags=0x0001
ovpn-client[4445]:  event_wait returned 1
ovpn-client[4445]: I/O WAIT status=0x0001
ovpn-client[4445]: STREAM: GET NEXT len=1576
ovpn-client[4445]: Connection reset, restarting [0]
ovpn-client[4445]: PID packet_id_free
ovpn-client[4445]: TCP/UDP: Closing socket
ovpn-client[4445]: PID packet_id_free
ovpn-client[4445]: SIGUSR1[soft,connection-reset] received, process
ovpn-client[4445]: Restart pause, 5 second(s)

OpenVPN mailing lists