Project

General

Profile

Actions
Copy link

Bug #1266

closed

now my VPN is broken

Added by Joaquim Soares Soares over 13 years ago. Updated almost 9 years ago.

Status:
Rejected
Priority:
High
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
02/08/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:
amd64

Description

----------------------
Using My Cert My client

  • Log in client

Tue Feb 08 11:56:58 2011 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Tue Feb 08 11:57:08 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Feb 08 11:57:08 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Feb 08 11:57:08 2011 LZO compression initialized
Tue Feb 08 11:57:08 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Tue Feb 08 11:57:08 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Feb 08 11:57:08 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Feb 08 11:57:08 2011 Local Options hash (VER=V4): '41690919'
Tue Feb 08 11:57:08 2011 Expected Remote Options hash (VER=V4): '530fdded'
Tue Feb 08 11:57:08 2011 UDPv4 link local: [undef]
Tue Feb 08 11:57:08 2011 UDPv4 link remote: 200.129.150.3:1194
Tue Feb 08 11:57:08 2011 TLS: Initial packet from 200.129.150.3:1194, sid=66ffa403 c5f27866
Tue Feb 08 11:57:08 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 08 11:57:08 2011 VERIFY OK: depth=1, /C=BR/ST=PA/L=Belem/O=Universidade_Federal_Rural_da_Amazonia/OU=Campus_Belem/CN=srvvpn.ufra.edu.br/emailAddress=
Tue Feb 08 11:57:08 2011 VERIFY OK: depth=0, /C=BR/ST=PA/L=Belem/O=Universidade_Federal_Rural_da_Amazonia/OU=Campus_Belem/CN=srvvpn.ufra.edu.br/emailAddress=

**Log OpenVpn in Pfsense

Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 SIGUSR1[soft,tls-error] received, client-instance restarting
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS Error: TLS handshake failed
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS Error: TLS object -> incoming plaintext read error
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 TLS: Initial packet from [AF_INET]10.10.60.11:1703, sid=59c06ce4 011c467d
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Expected Remote Options hash (VER=V4): '66096c33'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Local Options hash (VER=V4): '691e95c7'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 LZO compression initialized
Feb 8 11:57:07 openvpn22479: 10.10.60.11:1703 Re-using SSL/TLS context
Feb 8 11:57:07 openvpn22479: MULTI: multi_create_instance called

Using My Cert
export Client openvpn (vpn_openvpn_export.php)
----------------------------------------
**LOG in Client
Options error: Unrecognized option or missing parameter(s) in pfSense-udp-1194-config.ovpn:13: passtos (2.1.3)
Use --help for more information.

Connecting to pfSense-udp-1194-config has failed

Using Cert create in wizart
and Client export (vpn_openvpn_export.php)
---------------------------------------------------
**LOG in Client
Options error: Unrecognized option or missing parameter(s) in pfSense-udp-1194-config.ovpn:13: passtos (2.1.3)
Use --help for more information.
Connecting to pfSense-udp-1194-config has failed

------------------------------------
cONFIG vpn
---------------------------------------------
Disabled false
server Mode Remote Acess (USer Auth)
Backend for authentication SambaLDAP
Protocol UDP
Interface WAN
Local port 1194
Description Ufra_VPN
TLS Authentication false

Peer Certificate Authority ca
Peer Certificate Revocation List nome
Server Certificate ufra (in user)
DH Parameters Length 1024bits
Encryption algorithm AES-128-CBC
Hardware Crypto No hardwareCrypo....

Tunnel Network 10.10.209/24
Redirect Gateway true
Compression true
Type-of-Service true

Dynamic IP TRUE
Address Pool TRUE
DNS Default Domain UFRA.EDU.BR

Actions
Copy link

Also available in: Atom PDF