[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] syslog messages


  • Subject: Re: [Openvpn-users] syslog messages
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Sun, 09 Dec 2007 23:06:14 +0100

hmmm seems pretty obvious: there's a problem with the certificate

  /C=/ST=/L/O=/OU=Administration/CN=LCTN_CA/emailAddress=admin@xxxxxxxxxx

Dec 8 13:01:59 localhost ovpn-client[4180]:

  VERIFY ERROR: depth=1, error=self signed certificate in certificate chain:

check the certificate and the config files of both client and server. This seems to be the CA certificate and you should NOT use it also as either a client of server certificate. Build a CA certificate first and then derive client and server certificates from those (e.g. using the easy-rsa scripts).

HTH,

JJK


admin@xxxxxxxx wrote:
> I am able to pass traffic over our vpn, but syslog on the client shows the
> following messages, every few seconds.
>
>
>
> Dec  8 13:01:59 localhost ovpn-client[4180]: VERIFY ERROR: depth=1,
> error=self signed certificate in certificate chain:
> /C=/ST=/L/O=/OU=Administration/CN=LCTN_CA/emailAddress=admin@xxxxxxxxxx
> Dec  8 13:01:59 localhost ovpn-client[4180]: TLS_ERROR: BIO read
> tls_read_plaintext error: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> Dec  8 13:01:59 localhost ovpn-client[4180]: TLS Error: TLS object ->
> incoming plaintext read error
> Dec  8 13:01:59 localhost ovpn-client[4180]: TLS Error: TLS handshake failed
> Dec  8 13:01:59 localhost ovpn-client[4180]: Fatal TLS error
> (check_tls_errors_co), restarting
> Dec  8 13:01:59 localhost ovpn-client[4180]: TCP/UDP: Closing socket
> Dec  8 13:01:59 localhost ovpn-client[4180]: SIGUSR1[soft,tls-error]
> received, process restarting
> Dec  8 13:01:59 localhost ovpn-client[4180]: Restart pause, 5 second(s)
>
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by:
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://sourceforge.net/services/buy/index.php
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users