Menu
▾
▴
Re: [Openvpn-users] Certificate Problems getting Linux<->Windows tunnel to work?
|
From: James Y. <ji...@yo...> - 2003-09-16 23:11:50
|
Carl, Offhand, I don't see anything wrong with the configs. I personally use a configuration very similar to yours, i.e. tls security + tls-auth, windows to linux, and I've never had a problem like this. Have you tried a static key tunnel? It would be interesting to see if you also get the packet duplication with that. Have you tried running tcpdump on port 5000 to see if there really is packet duplication occurring? You might also do a loopback test on your tls config to check that it is correct, independent of the networking issues. See the linux INSTALL file for more info on loopback tests. James Carl Perry <cp...@ti...> said: > James Yonan wrote: > > >Carl, > > > >This looks like a configuration issue. > > > >Can you post your config files? > > > > > > > > Certainly. I'm stripping all comments and mangling IP addresses in the > intrests of space and security :) > > The linux box: > cd /etc/openvpn/inspiron > daemon openvpn.inspiron > log /etc/openvpn/inspiron/log > writepid /etc/openvpn/pids/inspiron.pid > up /etc/openvpn/inspiron/up.bash > down /etc/openvpn/common/commands/down.bash > tls-verify /etc/openvpn/common/commands/tls-verify.perl > dev tap > tls-server > dh dh1024.pem > ca /etc/openvpn/common/pem/ticomgeo-vpn.pem > cert /etc/openvpn/common/pem/dimebox.ticom-geo.com.pem > key /etc/openvpn/common/pem/dimebox.ticom-geo.com.nodes-key.pem > tls-auth auth-code.pwd > port 5000 > proto udp > local a.a.a.a > user openvpn > group nobody > comp-lzo > ping 20 > ping-restart 40 > ping-timer-rem > persist-key > verb 5 > mute 10 > ---8<---8<---8<--- > > The Windows box: > cd "C:\Program Files\OpenVPN\ticomgeo" > remote a.a.a.a > port 5000 > proto udp > dev tap > dev-node "OpenVPN TAP Adapter" > tls-client > dh dh1024.pem > ca ticomgeo-vpn.pem > cert inspiron.pem > key inspiron-key.pem > tls-auth auth-code.pwd > ping-exit 40 > ping-timer-rem > persist-tun > persist-key > ping 20 > comp-lzo > verb 5 > mute 10 > ---8<---8<---8<--- > > Some notes: > On the windows box I'm using the FQDN of the linux box instead of > the IP address. The connection is established, so I don't think this > will be an issue. > tls-verify.perl is the example tls-verify script from the OpenVPN > distribution > I'm running my own CA > The tls-auth file is the same on both machines > The dh1024.pem file is the same on both machines > > If there is anything else I can do to help, please let me know! Thanks! > > -Carl > -- |
