Menu
▾
▴
Re: [Openvpn-users] HELP-ME OpenVPN x iptables
|
From: Erich T. <eri...@th...> - 2007-01-10 23:44:49
|
Hi cristiano furtado wrote: > I am trying to raise one tunel with openvpn 2,0 to put I am having > problems with firewall. used rules: > > iptables -t filter INPUT -i ppp0 -p tcp --dport 1194 -j ACCEPT > iptables -t filter INPUT -i ppp0 -p udp --dport 1194 -j ACCEPT > > error: > > Server: > > Wed Jan 10 14:12:04 2007 TLS: Initial packet from 201.50.87.166:1194, > sid=242775bc 91db3d7b > Wed Jan 10 14:12:07 2007 TLS: new session incoming connection from > 201.50.87.166:1194 > Wed Jan 10 14:12:09 2007 TLS: new session incoming connection from > 201.50.87.166:1194 This is not an iptables problem, as you ae getting a new session initiation. > Wed Jan 10 14:13:04 2007 TLS Error: TLS key negotiation failed to > occur within 60 seconds (check your network connectivity) > Wed Jan 10 14:13:04 2007 TLS Error: TLS handshake failed rather obvious, a TLS problem... > Wed Jan 10 14:13:04 2007 TCP/UDP: Closing socket > > Client: > > Wed Jan 10 14:56:16 2007 UDPv4 link remote: 201.50.46.253:1194 > Wed Jan 10 14:56:33 2007 TLS: Initial packet from 201.50.46.253:1194, > sid=ab1fed5e 62455089 > Wed Jan 10 14:56:34 2007 VERIFY ERROR: depth=1, error=self signed > certificate in certificate chain: The client reports a problem with a self signed certificate. > /C=BR/ST=BAHIA/L=SALVADOR/O=FBASIL/OU=VPN/CN=JASONN/ema...@GM... > Wed Jan 10 14:56:34 2007 TLS_ERROR: BIO read tls_read_plaintext error: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed Apparently the client cannot verify the server certificate. Check your set up for missing CA certificate and certificate validity. cheers Erich |
