Bug #1266
closednow my VPN is broken
0%
Description
----------------------
Using My Cert My client
- Log in client
Tue Feb 08 11:56:58 2011 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Tue Feb 08 11:57:08 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Feb 08 11:57:08 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb 08 11:57:08 2011 LZO compression initialized
Tue Feb 08 11:57:08 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb 08 11:57:08 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Feb 08 11:57:08 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Feb 08 11:57:08 2011 Local Options hash (VER=V4): '41690919'
Tue Feb 08 11:57:08 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Feb 08 11:57:08 2011 UDPv4 link local: [undef]
Tue Feb 08 11:57:08 2011 UDPv4 link remote: 200.129.150.3:1194
Tue Feb 08 11:57:08 2011 TLS: Initial packet from 200.129.150.3:1194, sid=66ffa403 c5f27866
Tue Feb 08 11:57:08 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 08 11:57:08 2011 VERIFY OK: depth=1, /C=BR/ST=PA/L=Belem/O=Universidade_Federal_Rural_da_Amazonia/OU=Campus_Belem/CN=srvvpn.ufra.edu.br/emailAddress=jonne.cley@ufra.edu.br
Tue Feb 08 11:57:08 2011 VERIFY OK: depth=0, /C=BR/ST=PA/L=Belem/O=Universidade_Federal_Rural_da_Amazonia/OU=Campus_Belem/CN=srvvpn.ufra.edu.br/emailAddress=jonne.cley@ufra.edu.br
**Log OpenVpn in Pfsense
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS Error: TLS handshake failed
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS Error: TLS object -> incoming plaintext read error
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS: Initial packet from [AF_INET]10.10.60.11:1703, sid=59c06ce4 011c467d
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Expected Remote Options hash (VER=V4): '66096c33'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Local Options hash (VER=V4): '691e95c7'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 LZO compression initialized
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Re-using SSL/TLS context
Feb 8 11:57:07 openvpn22479: MULTI: multi_create_instance called
Using My Cert
export Client openvpn (vpn_openvpn_export.php)
----------------------------------------
**LOG in Client
Options error: Unrecognized option or missing parameter(s) in pfSense-udp-1194-config.ovpn:13: passtos (2.1.3)
Use --help for more information.
Connecting to pfSense-udp-1194-config has failed
Using Cert create in wizart
and Client export (vpn_openvpn_export.php)
---------------------------------------------------
**LOG in Client
Options error: Unrecognized option or missing parameter(s) in pfSense-udp-1194-config.ovpn:13: passtos (2.1.3)
Use --help for more information.
Connecting to pfSense-udp-1194-config has failed
------------------------------------
cONFIG vpn
---------------------------------------------
Disabled false
server Mode Remote Acess (USer Auth)
Backend for authentication SambaLDAP
Protocol UDP
Interface WAN
Local port 1194
Description Ufra_VPN
TLS Authentication false
Peer Certificate Authority ca
Peer Certificate Revocation List nome
Server Certificate ufra (in user)
DH Parameters Length 1024bits
Encryption algorithm AES-128-CBC
Hardware Crypto No hardwareCrypo....
Tunnel Network 10.10.209/24
Redirect Gateway true
Compression true
Type-of-Service true
Dynamic IP TRUE
Address Pool TRUE
DNS Default Domain UFRA.EDU.BR
Updated by Chris Buechler almost 14 years ago
- Status changed from New to Rejected
you can't use passtos with Windows hosts, not a bug.
Updated by Joaquim Soares Soares almost 14 years ago
Okay, but passtos, was included in the pfsense configuration file client [pfSense-udp-1194-config.ovpn]
If I remove passto
Still vpn does not connect and do not get an ip
Note that my whole installation was
using the wizard, including certificates
and using the client addon to export client
---------------------
Log Client
Wed Feb 09 08:28:47 2011 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Wed Feb 09 08:28:55 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Feb 09 08:28:55 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Feb 09 08:28:55 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Feb 09 08:28:55 2011 LZO compression initialized
Wed Feb 09 08:28:55 2011 UDPv4 link local (bound): [undef]:1194
Wed Feb 09 08:28:55 2011 UDPv4 link remote: 200.129.150.3:1194
Wed Feb 09 08:28:55 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
====================================================================
Log in Pfsense
Feb 9 08:32:01 openvpn46138: 200.129.150.27:1194 TLS Error: TLS handshake failed
Feb 9 08:32:01 openvpn46138: 200.129.150.27:1194 TLS Error: TLS object -> incoming plaintext read error
Feb 9 08:32:01 openvpn46138: 200.129.150.27:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Feb 9 08:32:01 openvpn46138: 200.129.150.27:1194 LZO compression initialized
Feb 9 08:32:01 openvpn46138: 200.129.150.27:1194 Re-using SSL/TLS context
Feb 9 08:31:00 openvpn46138: 200.129.150.27:1194 TLS Error: TLS handshake failed
Feb 9 08:31:00 openvpn46138: 200.129.150.27:1194 TLS Error: TLS object -> incoming plaintext read error
Feb 9 08:31:00 openvpn46138: 200.129.150.27:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Feb 9 08:30:59 openvpn46138: 200.129.150.27:1194 LZO compression initialized
Feb 9 08:30:59 openvpn46138: 200.129.150.27:1194 Re-using SSL/TLS context
Feb 9 08:29:57 openvpn46138: 200.129.150.27:1194 TLS Error: TLS handshake failed
Feb 9 08:29:57 openvpn46138: 200.129.150.27:1194 TLS Error: TLS object -> incoming plaintext read error
Feb 9 08:29:57 openvpn46138: 200.129.150.27:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Feb 9 08:29:57 openvpn46138: 200.129.150.27:1194 LZO compression initialized
Feb 9 08:29:57 openvpn46138: 200.129.150.27:1194 Re-using SSL/TLS context
Feb 9 08:28:55 openvpn46138: 200.129.150.27:1194 TLS Error: TLS handshake failed
Feb 9 08:28:55 openvpn46138: 200.129.150.27:1194 TLS Error: TLS object -> incoming plaintext read error
Feb 9 08:28:55 openvpn46138: 200.129.150.27:1194 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate