Menu
▾
▴
[Openvpn-users] Certificate Problems getting Linux<->Windows tunnel to work?
|
From: Carl P. <cp...@ti...> - 2003-09-16 15:59:52
|
I'm testing OpenVPN here at the office as a road-warrior solution. I've got a Win2k notebook and our Linux firewall on a hub connected to our T1 line. When I try to launch the OpenVPN client on windows, I get the following messages: Mon Sep 15 18:26:18 2003 24: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1 / time = (1063667992) Mon Sep 15 18:19:52 2003 ] Mon Sep 15 18:26:18 2003 25: TLS Error: incoming packet authentication failed from 67.153.25.126:500 ... Mon Sep 15 18:26:18 2003 38: Authenticate/Decrypt packet error: bad packet ID ( may be a replay): [ #23 / time = (1063667992) Mon Sep 15 18:19:52 2003 ] Mon Sep 15 18:26:18 2003 39: TLS Error: incoming packet authentication failed fr om 67.153.25.126:5000 Mon Sep 15 18:26:18 2003 40: VERIFY ERROR: depth=0, error=unsupported certifi cate purpose: /C=US/ST=Texas/L=Austin/O=TICOM.Geomtaics.VPN/OU=IPSEC.VPN.Server. Certificate/CN=dimebox.ticom-geo.com/ema...@ti... Mon Sep 15 18:26:18 2003 41: TLS_ERROR: BIO read tls_read_plaintext error: error :14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Mon Sep 15 18:26:18 2003 42: TLS Error: TLS object -> incoming plaintext read er ror Mon Sep 15 18:26:18 2003 43: TLS Error: TLS handshake failed Mon Sep 15 18:26:18 2003 44: TLS Error: Unroutable control packet received from 67.153.25.126:5000 (si=3 op=P_CONTROL_V1) The linux side has less details: Mon Sep 15 23:19:52 2003 26[0]: TLS: tls_pre_decrypt: first response to initial packet from 67.153.25.80:5000, sid=5c4768a4 6890f26f Mon Sep 15 23:19:52 2003 27[0]: Authenticate/Decrypt packet error: bad packet I D (may be a replay): [ #1 / time = (1063668373) Mon Sep 15 23:26:13 2003 ] Mon Sep 15 23:19:52 2003 28[0]: TLS Error: incoming packet authentication failed from 67.153.25.80:5000 Mon Sep 15 23:19:52 2003 29[0]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #2 / time = (1063668373) Mon Sep 15 23:26:13 2003 ] Mon Sep 15 23:19:52 2003 30[0]: TLS Error: incoming packet authentication failed from 67.153.25.80:5000 Is this a configuration issue, a lack of router issue, or a TLS certificate issue? I've tried with both UDP and TCP transport, same results. I have not tried going from linux to linux yet, as windows to linux is far more valuable to me in the short term. I am willing to post config files and public certificates if they will be of help. I'm sorry if this has come up before and an answer posted to the list, but SF's lack of search function makes it difficult to find past messages. I did check back about three months on the list archive manually, but may have missed some stuff. Any information would be appreciated. Thanks! -Carl |
