From: Pradeep R. <sni...@gm...> - 2008-03-23 18:55:31
|
Hi, thanks for the help, somehow the issue got solved.I removed the "ns-cert-type client" from the server configuration by editing the template file.But, stepped into another problem. The server is configured to lease ip-addresses from the pool " 192.168.1.40-192.168.1.60" and for some reason the client configured to get ip-address from the vpn server assigns itself *"192.168.1.10", *and the tap interface at the client side does not come up.The client configuration is as below *Client conf tls-client client dev tap proto udp remote xx.xx.xx.xx 1194 #remote 192.168.1.123 1194 resolv-retry infinite nobind persist-key persist-tun keepalive 10 120 pkcs12 me.p12 ns-cert-type server comp-lzo verb 5 *Wondering what configuration is causing the client to get *192.168.1.10* as the ipaddress. Any help would be highly appreciated. cheers... ./pradeep * * On Sat, Mar 22, 2008 at 11:12 AM, Pradeep Raghavan <sni...@gm...> wrote: > hi, > > thanks for the quick reply. l tried connecting to the VPN server (Endian > 2.2beta3) and ends up with a different error. I get a different error this > time. I have selected the "Authentication Type to be X.509 certificate." > > *"Error Message"* > > "TLS Error: TLS object -> incoming plaintext read error > TLS Error: TLS handshake failed > Re-using SSL/TLS context > LZO compression initialized > TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL > routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned" > > > Any help would be highly appreciated. > > > cheers... > > ./pradeep > > On Thu, Mar 20, 2008 at 4:09 PM, André Pohl <and...@gm...> wrote: > > > Hi there, > > > > my client Configuration is different, but works :-) > > > > #OpenVPN Server conf > > #don´t touch this lines > > tls-client > > client > > dev tap > > proto udp > > cipher BF-CBC > > comp-lzo > > verb 3 > > ns-cert-type server > > > > #Login-Typ Certificate + PSK > > #comment it out, if you don´t wan two-way authentication > > #auth-user-pass > > > > # remote Gateway > > remote tgjansen.no-ip.info 1194 > > > > # name and typo of the user-cert > > pkcs12 example-cert.p12 > > > > Hope, this will help > > > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Efw-user mailing list > > Efw...@li... > > https://lists.sourceforge.net/lists/listinfo/efw-user > > > > |