beakmyn Posted May 28, 2009 Posted May 28, 2009 This doesn't make sense to me. TLS has been disabled in both the server.conf and client.conf but the following error is coming up. I'm confused. root@OpenWrt:/interceptor/openvpn/client# vim client.conf # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 server.ovpn (yep I'm running this on Vista right now) port 1194 proto udp dev tap # Windows needs the TAP-Win32 adapter name # from the Network Connections panel if you # have more than one. On XP SP2 or higher, # you may need to selectively disable the # Windows firewall for the TAP adapter. # Non-Windows systems usually don't need this. dev-node tap0 #Yes, I rename my connections in Vista to linux names ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt keepalive 10 120 # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. ;tls-auth ta.key 0 # This file is secret comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. ;mute 20 Thu May 28 15:45:07 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Thu May 28 15:45:07 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu May 28 15:45:07 2009 Re-using SSL/TLS context Thu May 28 15:45:07 2009 LZO compression initialized Thu May 28 15:45:07 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ] Thu May 28 15:45:07 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ] Thu May 28 15:45:07 2009 Local Options hash (VER=V4): 'd79ca330' Thu May 28 15:45:07 2009 Expected Remote Options hash (VER=V4): 'f7df56b8' Thu May 28 15:45:07 2009 UDPv4 link local: [undef] Thu May 28 15:45:07 2009 UDPv4 link remote: 10.255.255.253:1194 Thu May 28 15:45:07 2009 TLS: Initial packet from 10.255.255.253:1194, sid=97d1645f d8ea6368 Thu May 28 15:45:07 2009 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=XX/L=MonkeyIsland/O=interceptor/OU=interceptor/CN=interceptor/emailAddress=monkey@interceptor.nul Thu May 28 15:45:07 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134) Thu May 28 15:45:07 2009 TLS Error: TLS object -> incoming plaintext read error Thu May 28 15:45:07 2009 TLS Error: TLS handshake failed Thu May 28 15:45:07 2009 TCP/UDP: Closing socket Thu May 28 15:45:07 2009 SIGUSR1[soft,tls-error] received, process restarting Thu May 28 15:45:07 2009 Restart pause, 2 second(s) Anybody got ideas? Quote
beakmyn Posted May 29, 2009 Author Posted May 29, 2009 Ah, who cares. Just use openvpn --genkey --secret ta.key Modify your client.conf to tls-auth /interceptor/openvpn/client/ta.key 1 and server.conf tls-auth ta.key 1 That takes care of that problem Quote
lbsl Posted November 23, 2009 Posted November 23, 2009 This doesn't make sense to me. TLS has been disabled in both the server.conf and client.conf but the following error is coming up. I'm confused. user nobody group nobody Anybody got ideas? I thought "group" and "user" options are mentioned only to work on Linux / Non-windows in the docs. Quote
beakmyn Posted November 23, 2009 Author Posted November 23, 2009 I believe they are ignored otherwise. Yet that wasn't the root cause of the TLS error issue. Never did find the root cause. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.