I use the cert created on the openvpn page in efw, so I don’t use the ‘pkcs12 me.p12’, or ‘ns-cert-type server’ lines, but this works for me:

 

client

float

dev tap

proto udp

port 1194

remote xx.xx.xx.xx

resolv-retry infinite

nobind

persist-key

persist-tun

ca lasvegas.cer

auth-user-pass

pull

comp-lzo

 

 

 

From: efw-user-bounces@lists.sourceforge.net [mailto:efw-user-bounces@lists.sourceforge.net] On Behalf Of Pradeep Raghavan
Sent: Sunday, March 23, 2008 12:55 PM
To: efw-user@lists.sourceforge.net
Subject: Re: [Efw-user] Road warrior configuration on 2.2Beta3

 

Hi,

thanks for the help, somehow the issue got solved.I removed the "ns-cert-type client" from the server configuration by editing the template file.But, stepped into another problem.
The server is configured to lease ip-addresses from the pool "192.168.1.40-192.168.1.60" and for some reason the client configured to get ip-address from the vpn server assigns itself "192.168.1.10", and the tap interface at the client side does not come up.The client configuration is as below

Client conf

tls-client
client
dev tap
proto udp
remote xx.xx.xx.xx 1194
#remote 192.168.1.123 1194
resolv-retry infinite
nobind
persist-key
persist-tun
keepalive 10 120
pkcs12 me.p12
ns-cert-type server
comp-lzo
verb 5

Wondering what configuration is causing the client to get 192.168.1.10   as the ipaddress. Any help would be highly appreciated.


cheers...
./pradeep

On Sat, Mar 22, 2008 at 11:12 AM, Pradeep Raghavan <sniffnsnoop@gmail.com> wrote:

hi,

thanks for the quick reply. l tried connecting to the VPN server (Endian 2.2beta3) and ends up with a different error. I get a different error this time. I have selected the "Authentication Type to be X.509 certificate."

"Error Message"



"TLS Error: TLS object -> incoming plaintext read error

TLS Error: TLS handshake failed

Re-using SSL/TLS context

LZO compression initialized
TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned"




Any help would be highly appreciated.


cheers...

./pradeep

On Thu, Mar 20, 2008 at 4:09 PM, André Pohl <andre_pohl@gmx.net> wrote:

Hi there,

my client Configuration is different, but works :-)

#OpenVPN Server conf
#don´t touch this lines
tls-client

client
dev tap
proto udp

cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server

#Login-Typ Certificate + PSK
#comment it out, if you don´t wan two-way authentication
#auth-user-pass

# remote Gateway
remote tgjansen.no-ip.info 1194

# name and typo of the user-cert
pkcs12 example-cert.p12

Hope, this will help



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user