[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Options error: specify only one of --tls-server, --tls-client, or --secret (OpenVPN GUI)


  • Subject: Re: [Openvpn-users] Options error: specify only one of --tls-server, --tls-client, or --secret (OpenVPN GUI)
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Wed, 30 Jan 2008 08:34:28 +0100

then remove the
  client
statement and add an
  ifconfig  <IP1> <IP2>
statement, where <IP1> and <IP2> are reversed on the VPN server, e.g. if 
your pfSense machine uses
  ifconfig 10.8.0.1 10.8.0.2
then for your client config use
  ifconfig 10.8.0.2 10.8.0.1

HTH,

JJK

Gabe Green wrote:
> I just want to use the same key on both ends without generating
> certificates.  My VPN machine (pfSense) gives me this option of a preshared
> key (which from the looks of it, is symmetrical.)
>
> --GG
>
> -----Original Message-----
> From: Jan Just Keijser [mailto:janjust@xxxxxxxxx]
> Sent: Wednesday, January 30, 2008 12:26 AM
> To: Gabriel Green
> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: Re: [Openvpn-users] Options error: specify only one of
> --tls-server, --tls-client, or --secret (OpenVPN GUI)
>
>
> the error says it all: you're specifying both
>   client
> and
>   secret static.key
> in your config file. you're not supposed to do that : 'client' is for
> client/server style configs, 'secret' is for "old-style" point-to-point
> links. what are you trying to achieve ?
>
> HTH,
>
> JJK
>
> Gabriel Green wrote:
>   
>> Config file included, secret.key is in C:\Program Files\OpenVPN\config
>>
>> # Specify that we are a client and that we
>> # will be pulling certain config file directives
>> # from the server.
>> client
>>
>> # Use the same setting as you are using on
>> # the server.
>> # On most systems, the VPN will not function
>> # unless you partially or fully disable
>> # the firewall for the TUN/TAP interface.
>> ;dev tap
>> dev tun
>>
>> # Windows needs the TAP-Win32 adapter name
>> # from the Network Connections panel
>> # if you have more than one.  On XP SP2,
>> # you may need to disable the firewall
>> # for the TAP adapter.
>> dev-node tap1
>>
>> # Are we connecting to a TCP or
>> # UDP server?  Use the same setting as
>> # on the server.
>> ;proto tcp
>> proto udp
>>
>> # The hostname/IP and port of the server.
>> # You can have multiple remote entries
>> # to load balance between the servers.
>> remote XXX.XXX.XXX.XXX 1194
>> ;remote my-server-2 1194
>>
>> # Choose a random host from the remote
>> # list for load-balancing.  Otherwise
>> # try hosts in the order specified.
>> ;remote-random
>>
>> # Keep trying indefinitely to resolve the
>> # host name of the OpenVPN server.  Very useful
>> # on machines which are not permanently connected
>> # to the internet such as laptops.
>> resolv-retry infinite
>>
>> # Most clients don't need to bind to
>> # a specific local port number.
>> nobind
>>
>> # Downgrade privileges after initialization (non-Windows only)
>> ;user nobody
>> ;group nobody
>>
>> # Try to preserve some state across restarts.
>> persist-key
>> persist-tun
>>
>> # If you are connecting through an
>> # HTTP proxy to reach the actual OpenVPN
>> # server, put the proxy server/IP and
>> # port number here.  See the man page
>> # if your proxy server requires
>> # authentication.
>> ;http-proxy-retry # retry on connection failures
>> ;http-proxy [proxy server] [proxy port #]
>>
>> # Wireless networks often produce a lot
>> # of duplicate packets.  Set this flag
>> # to silence duplicate packet warnings.
>> ;mute-replay-warnings
>>
>> secret static.key
>>
>> # Verify server certificate by checking
>> # that the certicate has the nsCertType
>> # field set to "server".  This is an
>> # important precaution to protect against
>> # a potential attack discussed here:
>> #  http://openvpn.net/howto.html#mitm
>> #
>> # To use this feature, you will need to generate
>> # your server certificates with the nsCertType
>> # field set to "server".  The build-key-server
>> # script in the easy-rsa folder will do this.
>> ;ns-cert-type server
>>
>> # If a tls-auth key is used on the server
>> # then every client must also have the key.
>> ;tls-auth ta.key 1
>>
>> # Select a cryptographic cipher.
>> # If the cipher option is used on the server
>> # then you must also specify it here.
>> cipher aes
>>
>> # Enable compression on the VPN link.
>> # Don't enable this unless it is also
>> # enabled in the server config file.
>> comp-lzo
>>
>> # Set log file verbosity.
>> verb 3
>>
>> # Silence repeating messages
>> ;mute 20
>>
>>
>>     

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users