Hi,

thanks a bunch for your support.

Well, I did a new installation of EFW and applied the patched and changes as mentioned in the change log at Mantis and used the scripts that come with the OpenVPN to create the CA , server and clients and things work!!!. I am still clueless on why XCA certificates are throwing errors. Will dig into that later.


cheers...

./pradeep

On Mon, Mar 24, 2008 at 5:55 PM, compdoc <compdoc@hotrodpc.com> wrote:

Ive seen other people get pem rather than cer certs as well, and I don't know why.

 

Are you using windows? If so, right click a cert file and select open with>, and tell me if you have the option to open with 'Crypto Shell Extensions'

 

In any case, open the cert with notepad instead, and tell me if there is any text above -----BEGIN CERTIFICATE-----

 

The newest version of efw that I use is 2.1.2, which isn't a beta. I wouldn't use a beta for anything other than testing.

 

Do you have the udp port for openvpn forwarded to the efw?

 

 

 

From: efw-user-bounces@lists.sourceforge.net [mailto:efw-user-bounces@lists.sourceforge.net] On Behalf Of Pradeep Raghavan
Sent: Monday, March 24, 2008 3:57 AM


To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Road warrior configuration on 2.2Beta3

 

Hello compdoc,

Tried the way you have mentioned (on EFW 2.2 Beta3)but still no success.Btw, the ca certificate what I get to download from efw is in "pem" format and not cer format.


regards.

./pradeep

On Sun, Mar 23, 2008 at 11:27 PM, compdoc <compdoc@hotrodpc.com> wrote:

I use the cert created on the openvpn page in efw, so I don't use the 'pkcs12 me.p12', or 'ns-cert-type server' lines, but this works for me:

 

client

float

dev tap

proto udp

port 1194

remote xx.xx.xx.xx

resolv-retry infinite

nobind

persist-key

persist-tun

ca lasvegas.cer

auth-user-pass

pull

comp-lzo

 

 

 

From: efw-user-bounces@lists.sourceforge.net [mailto:efw-user-bounces@lists.sourceforge.net] On Behalf Of Pradeep Raghavan
Sent: Sunday, March 23, 2008 12:55 PM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Road warrior configuration on 2.2Beta3

 

Hi,

thanks for the help, somehow the issue got solved.I removed the "ns-cert-type client" from the server configuration by editing the template file.But, stepped into another problem.
The server is configured to lease ip-addresses from the pool "192.168.1.40-192.168.1.60" and for some reason the client configured to get ip-address from the vpn server assigns itself "192.168.1.10", and the tap interface at the client side does not come up.The client configuration is as below

Client conf

tls-client
client
dev tap
proto udp
remote xx.xx.xx.xx 1194
#remote 192.168.1.123 1194
resolv-retry infinite
nobind
persist-key
persist-tun
keepalive 10 120
pkcs12 me.p12
ns-cert-type server
comp-lzo
verb 5

Wondering what configuration is causing the client to get 192.168.1.10   as the ipaddress. Any help would be highly appreciated.


cheers...
./pradeep

On Sat, Mar 22, 2008 at 11:12 AM, Pradeep Raghavan <sniffnsnoop@gmail.com> wrote:

hi,

thanks for the quick reply. l tried connecting to the VPN server (Endian 2.2beta3) and ends up with a different error. I get a different error this time. I have selected the "Authentication Type to be X.509 certificate."

"Error Message"



"TLS Error: TLS object -> incoming plaintext read error

TLS Error: TLS handshake failed

Re-using SSL/TLS context

LZO compression initialized
TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned"




Any help would be highly appreciated.


cheers...

./pradeep

On Thu, Mar 20, 2008 at 4:09 PM, André Pohl <andre_pohl@gmx.net> wrote:

Hi there,

my client Configuration is different, but works :-)

#OpenVPN Server conf
#donīt touch this lines
tls-client

client
dev tap
proto udp

cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server

#Login-Typ Certificate + PSK
#comment it out, if you donīt wan two-way authentication
#auth-user-pass

# remote Gateway
remote tgjansen.no-ip.info 1194

# name and typo of the user-cert
pkcs12 example-cert.p12

Hope, this will help



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

 

 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

 


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user