[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] new certificates and dh1024.pem file


  • Subject: Re: [Openvpn-users] new certificates and dh1024.pem file
  • From: "Bonno Bloksma" <b.bloksma@xxxxxx>
  • Date: Tue, 31 Jul 2007 14:24:20 +0200

Hi,

Maybe I wans't cleas as to what I wanto to know as I haven't received any 
answer. If someone knows the answer to any one of the questions... please 
answer


1)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS key negotiation failed 
to occur within 60 seconds (check your network connectivity)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS handshake failed
Is this indeed a network error or is something else going on?


2)
Can I simply create extra client certificates using:
. vars
./build-key client-next1
./build-key client-next2
./build-key client-next3
etc.
Ready?
Do I need to do anything with the dh1024.pem file?
Or any of the other *.pem files?

3)
Can I use the same CN for the "ein" site as before making use the previous 
certificate is never used?
I control ALL *.key and *.crt files, nothing is at a place where I cannot 
access it. I can simply delete all instances of the old ein.* files.

Bonno Bloksma

----------<original mail>-----------------------


A while ago I created several certificates with easy-rsa. At the time I even 
created two server certificates when I thought I was going to create a 
network with redundant hubs. The second hub (ein) was never launched but I 
have a problem getting that site up in the air as a client.
>From the log:

----------<quote>--------------------
.....
Jul 26 15:17:55 linein openvpn[3506]: VERIFY OK: depth=0, 
/C=NL/ST=NB/O=OpenVPN-TIO/CN=lola/emailAddress=postmaster@xxxxxx
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS key negotiation failed 
to occur within 60 seconds (check your network connectivity)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS handshake failed
Jul 26 15:18:55 linein openvpn[3506]: TCP/UDP: Closing socket
Jul 26 15:18:55 linein openvpn[3506]: SIGUSR1[soft,tls-error] received, 
process restarting
.....
----------<quote>--------------------
Is this indeed a network error or is something else going on?

Also, I need a few extra certificates for some new sites.

The HOWTO is great for first time use but it could need a little extra info 
which commands to use when needing extra certificates.

According to the HOWTO I first need to create the server(s) certificate, 
then the clients. After that I need to create a Diffie Hellman file.

Can I simply create extra client certificates using:
. vars
./build-key client-next1
./build-key client-next2
./build-key client-next3
etc.
Ready?

Do I need to do anything with the dh1024.pem file?
Or any of the other *.pem files?
Can I use the same CN for the "ein" site as before making use the previous 
certificate is never used?
I control ALL *.key and *.crt files, nothing is at a place where I cannot 
access it. I can simply delete all instances of the old ein.* files.

What are the xx.pem files for?


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer



tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.bloksma@xxxxxx  / www.tio.nl


--------------------------------------------------------------------------------


> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/


--------------------------------------------------------------------------------


> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
> 



____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users