Jump to content

Recommended Posts

Posted

This doesn't make sense to me. TLS has been disabled in both the server.conf and client.conf but the following error is coming up. I'm confused.

root@OpenWrt:/interceptor/openvpn/client# vim client.conf
# field set to "server".  The build-key-server
# script in the easy-rsa folder will do this.
;ns-cert-type server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo

# Set log file verbosity.
verb 3

# Silence repeating messages
;mute 20

server.ovpn (yep I'm running this on Vista right now)

port 1194
proto udp
dev tap

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one.  On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this.
dev-node tap0 #Yes, I rename my connections in Vista to linux names

ca ca.crt
cert server.crt
key server.key  # This file should be kept secret

dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
#   openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret

comp-lzo

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log


# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3

# Silence repeating messages.  At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20

Thu May 28 15:45:07 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu May 28 15:45:07 2009 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu May 28 15:45:07 2009 Re-using SSL/TLS context
Thu May 28 15:45:07 2009 LZO compression initialized
Thu May 28 15:45:07 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu May 28 15:45:07 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 28 15:45:07 2009 Local Options hash (VER=V4): 'd79ca330'
Thu May 28 15:45:07 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Thu May 28 15:45:07 2009 UDPv4 link local: [undef]
Thu May 28 15:45:07 2009 UDPv4 link remote: 10.255.255.253:1194
Thu May 28 15:45:07 2009 TLS: Initial packet from 10.255.255.253:1194, sid=97d1645f d8ea6368
Thu May 28 15:45:07 2009 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=XX/L=MonkeyIsland/O=interceptor/OU=interceptor/CN=interceptor/emailAddress=monkey@interceptor.nul
Thu May 28 15:45:07 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:lib(20):func(144):reason(134)
Thu May 28 15:45:07 2009 TLS Error: TLS object -> incoming plaintext read error
Thu May 28 15:45:07 2009 TLS Error: TLS handshake failed
Thu May 28 15:45:07 2009 TCP/UDP: Closing socket
Thu May 28 15:45:07 2009 SIGUSR1[soft,tls-error] received, process restarting
Thu May 28 15:45:07 2009 Restart pause, 2 second(s)

Anybody got ideas?

Posted

Ah, who cares. Just use

openvpn --genkey --secret ta.key

Modify your client.conf to

tls-auth /interceptor/openvpn/client/ta.key 1

and server.conf

tls-auth ta.key 1

That takes care of that problem

  • 5 months later...
Posted
This doesn't make sense to me. TLS has been disabled in both the server.conf and client.conf but the following error is coming up. I'm confused.

user nobody
group nobody

Anybody got ideas?

I thought "group" and "user" options are mentioned only to work on Linux / Non-windows in the docs.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...