[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Options error: specify only one of --tls-server, --tls-client, or --secret (OpenVPN GUI)


  • Subject: Re: [Openvpn-users] Options error: specify only one of --tls-server, --tls-client, or --secret (OpenVPN GUI)
  • From: "Gabe Green" <gabegreen@xxxxxxxxx>
  • Date: Wed, 30 Jan 2008 00:31:10 -0700
  • Importance: Normal

I just want to use the same key on both ends without generating
certificates.  My VPN machine (pfSense) gives me this option of a preshared
key (which from the looks of it, is symmetrical.)

--GG

-----Original Message-----
From: Jan Just Keijser [mailto:janjust@xxxxxxxxx]
Sent: Wednesday, January 30, 2008 12:26 AM
To: Gabriel Green
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] Options error: specify only one of
--tls-server, --tls-client, or --secret (OpenVPN GUI)


the error says it all: you're specifying both
  client
and
  secret static.key
in your config file. you're not supposed to do that : 'client' is for
client/server style configs, 'secret' is for "old-style" point-to-point
links. what are you trying to achieve ?

HTH,

JJK

Gabriel Green wrote:
> Config file included, secret.key is in C:\Program Files\OpenVPN\config
>
> # Specify that we are a client and that we
> # will be pulling certain config file directives
> # from the server.
> client
>
> # Use the same setting as you are using on
> # the server.
> # On most systems, the VPN will not function
> # unless you partially or fully disable
> # the firewall for the TUN/TAP interface.
> ;dev tap
> dev tun
>
> # Windows needs the TAP-Win32 adapter name
> # from the Network Connections panel
> # if you have more than one.  On XP SP2,
> # you may need to disable the firewall
> # for the TAP adapter.
> dev-node tap1
>
> # Are we connecting to a TCP or
> # UDP server?  Use the same setting as
> # on the server.
> ;proto tcp
> proto udp
>
> # The hostname/IP and port of the server.
> # You can have multiple remote entries
> # to load balance between the servers.
> remote XXX.XXX.XXX.XXX 1194
> ;remote my-server-2 1194
>
> # Choose a random host from the remote
> # list for load-balancing.  Otherwise
> # try hosts in the order specified.
> ;remote-random
>
> # Keep trying indefinitely to resolve the
> # host name of the OpenVPN server.  Very useful
> # on machines which are not permanently connected
> # to the internet such as laptops.
> resolv-retry infinite
>
> # Most clients don't need to bind to
> # a specific local port number.
> nobind
>
> # Downgrade privileges after initialization (non-Windows only)
> ;user nobody
> ;group nobody
>
> # Try to preserve some state across restarts.
> persist-key
> persist-tun
>
> # If you are connecting through an
> # HTTP proxy to reach the actual OpenVPN
> # server, put the proxy server/IP and
> # port number here.  See the man page
> # if your proxy server requires
> # authentication.
> ;http-proxy-retry # retry on connection failures
> ;http-proxy [proxy server] [proxy port #]
>
> # Wireless networks often produce a lot
> # of duplicate packets.  Set this flag
> # to silence duplicate packet warnings.
> ;mute-replay-warnings
>
> secret static.key
>
> # Verify server certificate by checking
> # that the certicate has the nsCertType
> # field set to "server".  This is an
> # important precaution to protect against
> # a potential attack discussed here:
> #  http://openvpn.net/howto.html#mitm
> #
> # To use this feature, you will need to generate
> # your server certificates with the nsCertType
> # field set to "server".  The build-key-server
> # script in the easy-rsa folder will do this.
> ;ns-cert-type server
>
> # If a tls-auth key is used on the server
> # then every client must also have the key.
> ;tls-auth ta.key 1
>
> # Select a cryptographic cipher.
> # If the cipher option is used on the server
> # then you must also specify it here.
> cipher aes
>
> # Enable compression on the VPN link.
> # Don't enable this unless it is also
> # enabled in the server config file.
> comp-lzo
>
> # Set log file verbosity.
> verb 3
>
> # Silence repeating messages
> ;mute 20
>
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users