Menu
▾
▴
[Openvpn-users] VERIFY ERROR: depth=0, error=self signed certificate
|
From: tomy <to...@ka...> - 2008-05-15 13:03:06
|
Hi All,
I am currently working on openvpn 2.0.9. While I am running
the program (client and server ) an error is getting like
_client side
_Thu May 15 18:18:04 2008 us=305025 TLS: Initial packet from
192.168.0.246:1194, sid=960d4100 7c638c5c
Thu May 15 18:18:04 2008 us=413313 VERIFY ERROR: depth=0, error=self
signed certificate:
/CN=supplied/ST=Bangalore/C=IN/Ema...@ka.../O=Kalki_Communication_Technologies
Thu May 15 18:18:04 2008 us=413520 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu May 15 18:18:04 2008 us=413538 TLS Error: TLS object -> incoming
plaintext read error
Thu May 15 18:18:04 2008 us=413550 TLS Error: TLS handshake failed
Thu May 15 18:18:04 2008 us=413696 Fatal TLS error
(check_tls_errors_co), restarting
Thu May 15 18:18:04 2008 us=413809 TCP/UDP: Closing socket
Thu May 15 18:18:04 2008 us=413922 SIGUSR1[soft,tls-error] received,
process restarting
Thu May 15 18:18:04 2008 us=413946 Restart pause, 5 second(s)
Thu May 15 18:18:05 2008 us=811932 SIGINT[hard,init_instance] received,
process exiting
_server side
_Thu May 15 18:14:57 2008 us=728537 MULTI: multi_create_instance called
Thu May 15 18:14:57 2008 us=728616 Re-using SSL/TLS context
Thu May 15 18:14:57 2008 us=728683 LZO compression initialized
Thu May 15 18:14:57 2008 us=728854 Control Channel MTU parms [ L:1544
D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 15 18:14:57 2008 us=728921 Data Channel MTU parms [ L:1544
D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu May 15 18:14:57 2008 us=729000 Local Options String: 'V4,dev-type
tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu May 15 18:14:57 2008 us=729046 Expected Remote Options String:
'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto
TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-client'
Thu May 15 18:14:57 2008 us=729114 Local Options hash (VER=V4): 'c0103fa8'
Thu May 15 18:14:57 2008 us=729166 Expected Remote Options hash
(VER=V4): '69109d17'
Thu May 15 18:14:57 2008 us=729238 TCP connection established with
192.168.0.222:33473
Thu May 15 18:14:57 2008 us=729288 Socket Buffers: R=[131072->131072]
S=[131072->131072]
Thu May 15 18:14:57 2008 us=729346 TCPv4_SERVER link local: [undef]
Thu May 15 18:14:57 2008 us=729392 TCPv4_SERVER link remote:
192.168.0.222:33473
Thu May 15 18:14:57 2008 us=729605 192.168.0.222:33473 TLS: Initial
packet from 192.168.0.222:33473, sid=52d93037 8be9a794
Thu May 15 18:14:57 2008 us=840249 192.168.0.222:33473 Connection reset,
restarting [-1]
Thu May 15 18:14:57 2008 us=840304 192.168.0.222:33473
SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu May 15 18:14:57 2008 us=840397 TCP/UDP: Closing socket
The key are generated manually referring
http://openvpn.net/index.php/documentation/howto.html
What is problem in generating keys manually. Is there any configuration
issues.. I am giving the server and client configuration files
It is working properly for openvpn demo keys with the same client and
server configuration. So I doubt some problem with the manual key
generation.
_server
_
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
_client
_client
dev tun
proto tcp
remote 192.168.0.246 1194
resolv-retry infinite
nobind
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
comp-lzo
verb 4
--
Thanks & Regards
Tomy Devasia
India
|
