I am trying to change my OpenVPN server from my Windows tower to my Linux (CentOS 7 Min) with out having to re-issue all the certs. For testing reasons, i created new certs in the linux environment and connected to the server from my Windows tower to make sure the firewall was configured correctly. Everything worked but when I transferred over all the existing certs from the Windows tower, I am getting a
"VERIFY ERROR: depth=0, error=certificate signature failure:..."
Initially my linux openssl was out of date and i didn't realize until after i transferred the windows files, so i had to update that.
Now both versions of OpenSSL are up to date (Windows: 1.0.2k 26 Jan 2017, Linux 1.0.2l 25 May 2017) and verified my Client cert with the ca.crt through
openssl verify -CAfile ca.crt Client.crt
and it comes back good. I have also created a new client cert using the windows ca.crt and i was able to connect to the linux server, but still no luck with the existing client certs
Any help would be great, re-issuing the certs just isn't a good option at the moment.
certificate signature failure
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jun 13, 2017 7:03 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: certificate signature failure
Please see:JamesGFelg wrote: I am getting a "VERIFY ERROR: depth=0, error=certificate signature failure:..."
HOWTO: Request Help !
-
- OpenVpn Newbie
- Posts: 3
- Joined: Tue Jun 13, 2017 7:03 pm
Re: certificate signature failure
Sorry about that. My OpenVPN is community version, here are the docs.
server.conf --Server on CentOS 7 Minimum
server.log --Server on CentOS 7 Minimum
client.ovpn --Windows 7 Pro
client log
server.conf --Server on CentOS 7 Minimum
server
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
proto udp
dev tun
ca "/etc/openvpn/ca.crt"
cert "/etc/openvpn/server.crt"
key "/etc/openvpn/server.key" # This file should be kept secret
dh "/etc/openvpn/dh1024.pem"
server 10.7.0.0 255.255.255.0
ifconfig-pool-persist "/etc/openvpn/logs/ipp.txt"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status "/etc/openvpn/logs/openvpn-status.log"
verb 4
log server.log
explicit-exit-notify 1
# listen on? (optional)
;local a.b.c.d
port 1194
proto udp
dev tun
ca "/etc/openvpn/ca.crt"
cert "/etc/openvpn/server.crt"
key "/etc/openvpn/server.key" # This file should be kept secret
dh "/etc/openvpn/dh1024.pem"
server 10.7.0.0 255.255.255.0
ifconfig-pool-persist "/etc/openvpn/logs/ipp.txt"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status "/etc/openvpn/logs/openvpn-status.log"
verb 4
log server.log
explicit-exit-notify 1
Code: Select all
Mon Jul 24 10:47:21 2017 us=611358 WARNING: file '/etc/openvpn/server.key' is group or others accessible
Mon Jul 24 10:47:21 2017 us=611464 Current Parameter Settings:
Mon Jul 24 10:47:21 2017 us=611480 config = 'server.conf'
Mon Jul 24 10:47:21 2017 us=611491 mode = 1
Mon Jul 24 10:47:21 2017 us=611502 persist_config = DISABLED
Mon Jul 24 10:47:21 2017 us=611512 persist_mode = 1
Mon Jul 24 10:47:21 2017 us=611523 show_ciphers = DISABLED
Mon Jul 24 10:47:21 2017 us=611533 show_digests = DISABLED
Mon Jul 24 10:47:21 2017 us=611543 show_engines = DISABLED
Mon Jul 24 10:47:21 2017 us=611554 genkey = DISABLED
Mon Jul 24 10:47:21 2017 us=611564 key_pass_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611575 show_tls_ciphers = DISABLED
Mon Jul 24 10:47:21 2017 us=611585 connect_retry_max = 0
Mon Jul 24 10:47:21 2017 us=611596 Connection profiles [0]:
Mon Jul 24 10:47:21 2017 us=611607 proto = udp
Mon Jul 24 10:47:21 2017 us=611617 local = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611628 local_port = '1194'
Mon Jul 24 10:47:21 2017 us=611638 remote = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611648 remote_port = '1194'
Mon Jul 24 10:47:21 2017 us=611659 remote_float = DISABLED
Mon Jul 24 10:47:21 2017 us=611669 bind_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=611679 bind_local = ENABLED
Mon Jul 24 10:47:21 2017 us=611689 bind_ipv6_only = DISABLED
Mon Jul 24 10:47:21 2017 us=611700 connect_retry_seconds = 5
Mon Jul 24 10:47:21 2017 us=611710 connect_timeout = 120
Mon Jul 24 10:47:21 2017 us=611720 socks_proxy_server = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611731 socks_proxy_port = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611741 tun_mtu = 1500
Mon Jul 24 10:47:21 2017 us=611752 tun_mtu_defined = ENABLED
Mon Jul 24 10:47:21 2017 us=611762 link_mtu = 1500
Mon Jul 24 10:47:21 2017 us=611772 link_mtu_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=611783 tun_mtu_extra = 0
Mon Jul 24 10:47:21 2017 us=611793 tun_mtu_extra_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=611803 mtu_discover_type = -1
Mon Jul 24 10:47:21 2017 us=611813 fragment = 0
Mon Jul 24 10:47:21 2017 us=611824 mssfix = 1450
Mon Jul 24 10:47:21 2017 us=611834 explicit_exit_notification = 1
Mon Jul 24 10:47:21 2017 us=611844 Connection profiles END
Mon Jul 24 10:47:21 2017 us=611854 remote_random = DISABLED
Mon Jul 24 10:47:21 2017 us=611865 ipchange = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611875 dev = 'tun'
Mon Jul 24 10:47:21 2017 us=611885 dev_type = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611896 dev_node = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611906 lladdr = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611916 topology = 1
Mon Jul 24 10:47:21 2017 us=611926 ifconfig_local = '10.7.0.1'
Mon Jul 24 10:47:21 2017 us=611936 ifconfig_remote_netmask = '10.7.0.2'
Mon Jul 24 10:47:21 2017 us=611947 ifconfig_noexec = DISABLED
Mon Jul 24 10:47:21 2017 us=611957 ifconfig_nowarn = DISABLED
Mon Jul 24 10:47:21 2017 us=611967 ifconfig_ipv6_local = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611978 ifconfig_ipv6_netbits = 0
Mon Jul 24 10:47:21 2017 us=611988 ifconfig_ipv6_remote = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611998 shaper = 0
Mon Jul 24 10:47:21 2017 us=612008 mtu_test = 0
Mon Jul 24 10:47:21 2017 us=612019 mlock = DISABLED
Mon Jul 24 10:47:21 2017 us=612029 keepalive_ping = 10
Mon Jul 24 10:47:21 2017 us=612040 keepalive_timeout = 120
Mon Jul 24 10:47:21 2017 us=612050 inactivity_timeout = 0
Mon Jul 24 10:47:21 2017 us=612060 ping_send_timeout = 10
Mon Jul 24 10:47:21 2017 us=612070 ping_rec_timeout = 240
Mon Jul 24 10:47:21 2017 us=612081 ping_rec_timeout_action = 2
Mon Jul 24 10:47:21 2017 us=612091 ping_timer_remote = DISABLED
Mon Jul 24 10:47:21 2017 us=612101 remap_sigusr1 = 0
Mon Jul 24 10:47:21 2017 us=612112 persist_tun = ENABLED
Mon Jul 24 10:47:21 2017 us=612122 persist_local_ip = DISABLED
Mon Jul 24 10:47:21 2017 us=612151 persist_remote_ip = DISABLED
Mon Jul 24 10:47:21 2017 us=612162 persist_key = ENABLED
Mon Jul 24 10:47:21 2017 us=612172 passtos = DISABLED
Mon Jul 24 10:47:21 2017 us=612190 resolve_retry_seconds = 1000000000
Mon Jul 24 10:47:21 2017 us=612201 resolve_in_advance = DISABLED
Mon Jul 24 10:47:21 2017 us=612211 username = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612221 groupname = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612232 chroot_dir = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612242 cd_dir = '/etc/openvpn/'
Mon Jul 24 10:47:21 2017 us=612264 selinux_context = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612275 writepid = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612285 up_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612296 down_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612306 down_pre = DISABLED
Mon Jul 24 10:47:21 2017 us=612316 up_restart = DISABLED
Mon Jul 24 10:47:21 2017 us=612326 up_delay = DISABLED
Mon Jul 24 10:47:21 2017 us=612336 daemon = DISABLED
Mon Jul 24 10:47:21 2017 us=612347 inetd = 0
Mon Jul 24 10:47:21 2017 us=612357 log = ENABLED
Mon Jul 24 10:47:21 2017 us=612367 suppress_timestamps = DISABLED
Mon Jul 24 10:47:21 2017 us=612378 machine_readable_output = DISABLED
Mon Jul 24 10:47:21 2017 us=612388 nice = 0
Mon Jul 24 10:47:21 2017 us=612398 verbosity = 4
Mon Jul 24 10:47:21 2017 us=612409 mute = 0
Mon Jul 24 10:47:21 2017 us=612419 gremlin = 0
Mon Jul 24 10:47:21 2017 us=612429 status_file = '/etc/openvpn/logs/openvpn-status.log'
Mon Jul 24 10:47:21 2017 us=612440 status_file_version = 1
Mon Jul 24 10:47:21 2017 us=612450 status_file_update_freq = 60
Mon Jul 24 10:47:21 2017 us=612460 occ = ENABLED
Mon Jul 24 10:47:21 2017 us=612471 rcvbuf = 0
Mon Jul 24 10:47:21 2017 us=612481 sndbuf = 0
Mon Jul 24 10:47:21 2017 us=612491 mark = 0
Mon Jul 24 10:47:21 2017 us=612501 sockflags = 0
Mon Jul 24 10:47:21 2017 us=612511 fast_io = DISABLED
Mon Jul 24 10:47:21 2017 us=612522 comp.alg = 0
Mon Jul 24 10:47:21 2017 us=612532 comp.flags = 0
Mon Jul 24 10:47:21 2017 us=612543 route_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612553 route_default_gateway = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612564 route_default_metric = 0
Mon Jul 24 10:47:21 2017 us=612574 route_noexec = DISABLED
Mon Jul 24 10:47:21 2017 us=612585 route_delay = 0
Mon Jul 24 10:47:21 2017 us=612595 route_delay_window = 30
Mon Jul 24 10:47:21 2017 us=612605 route_delay_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=612615 route_nopull = DISABLED
Mon Jul 24 10:47:21 2017 us=612626 route_gateway_via_dhcp = DISABLED
Mon Jul 24 10:47:21 2017 us=612636 allow_pull_fqdn = DISABLED
Mon Jul 24 10:47:21 2017 us=612648 route 10.7.0.0/255.255.255.0/default (not set)/default (not set)
Mon Jul 24 10:47:21 2017 us=612659 management_addr = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612669 management_port = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612680 management_user_pass = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612690 management_log_history_cache = 250
Mon Jul 24 10:47:21 2017 us=612700 management_echo_buffer_size = 100
Mon Jul 24 10:47:21 2017 us=612711 management_write_peer_info_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612722 management_client_user = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612732 management_client_group = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612742 management_flags = 0
Mon Jul 24 10:47:21 2017 us=612753 shared_secret_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612763 key_direction = 0
Mon Jul 24 10:47:21 2017 us=612774 ciphername = 'AES-256-CBC'
Mon Jul 24 10:47:21 2017 us=612784 ncp_enabled = ENABLED
Mon Jul 24 10:47:21 2017 us=612795 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Mon Jul 24 10:47:21 2017 us=612805 authname = 'SHA1'
Mon Jul 24 10:47:21 2017 us=612816 prng_hash = 'SHA1'
Mon Jul 24 10:47:21 2017 us=612826 prng_nonce_secret_len = 16
Mon Jul 24 10:47:21 2017 us=612836 keysize = 0
Mon Jul 24 10:47:21 2017 us=612846 engine = DISABLED
Mon Jul 24 10:47:21 2017 us=612857 replay = ENABLED
Mon Jul 24 10:47:21 2017 us=612867 mute_replay_warnings = DISABLED
Mon Jul 24 10:47:21 2017 us=612877 replay_window = 64
Mon Jul 24 10:47:21 2017 us=612887 replay_time = 15
Mon Jul 24 10:47:21 2017 us=612904 packet_id_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612915 use_iv = ENABLED
Mon Jul 24 10:47:21 2017 us=612925 test_crypto = DISABLED
Mon Jul 24 10:47:21 2017 us=612936 tls_server = ENABLED
Mon Jul 24 10:47:21 2017 us=612946 tls_client = DISABLED
Mon Jul 24 10:47:21 2017 us=612956 key_method = 2
Mon Jul 24 10:47:21 2017 us=612967 ca_file = '/etc/openvpn/ca.crt'
Mon Jul 24 10:47:21 2017 us=612977 ca_path = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612987 dh_file = '/etc/openvpn/dh1024.pem'
Mon Jul 24 10:47:21 2017 us=612998 cert_file = '/etc/openvpn/server.crt'
Mon Jul 24 10:47:21 2017 us=613008 extra_certs_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613019 priv_key_file = '/etc/openvpn/server.key'
Mon Jul 24 10:47:21 2017 us=613029 pkcs12_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613040 cipher_list = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613050 tls_verify = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613060 tls_export_cert = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613071 verify_x509_type = 0
Mon Jul 24 10:47:21 2017 us=613081 verify_x509_name = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613091 crl_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613102 ns_cert_type = 0
Mon Jul 24 10:47:21 2017 us=613112 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613122 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613149 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613160 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613170 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613180 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613190 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613200 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613211 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613221 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613231 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613241 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613251 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613261 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613272 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613282 remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613292 remote_cert_eku = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613303 ssl_flags = 0
Mon Jul 24 10:47:21 2017 us=613313 tls_timeout = 2
Mon Jul 24 10:47:21 2017 us=613323 renegotiate_bytes = -1
Mon Jul 24 10:47:21 2017 us=613333 renegotiate_packets = 0
Mon Jul 24 10:47:21 2017 us=613344 renegotiate_seconds = 3600
Mon Jul 24 10:47:21 2017 us=613355 handshake_window = 60
Mon Jul 24 10:47:21 2017 us=613365 transition_window = 3600
Mon Jul 24 10:47:21 2017 us=613376 single_session = DISABLED
Mon Jul 24 10:47:21 2017 us=613386 push_peer_info = DISABLED
Mon Jul 24 10:47:21 2017 us=613397 tls_exit = DISABLED
Mon Jul 24 10:47:21 2017 us=613407 tls_auth_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613417 tls_crypt_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613428 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613439 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613449 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613459 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613470 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613480 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613490 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613501 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613511 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613521 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613531 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613542 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613552 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613562 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613578 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613589 pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613600 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613611 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613621 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613632 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613642 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613653 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613663 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613673 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613684 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613694 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613705 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613715 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613725 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613736 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613746 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613757 pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613767 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613777 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613788 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613798 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613808 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613818 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613828 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613839 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613849 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613859 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613869 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613880 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613890 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613900 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613911 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613921 pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613931 pkcs11_pin_cache_period = -1
Mon Jul 24 10:47:21 2017 us=613942 pkcs11_id = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613952 pkcs11_id_management = DISABLED
Mon Jul 24 10:47:21 2017 us=613964 server_network = 10.7.0.0
Mon Jul 24 10:47:21 2017 us=613975 server_netmask = 255.255.255.0
Mon Jul 24 10:47:21 2017 us=613992 server_network_ipv6 = ::
Mon Jul 24 10:47:21 2017 us=614003 server_netbits_ipv6 = 0
Mon Jul 24 10:47:21 2017 us=614014 server_bridge_ip = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614026 server_bridge_netmask = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614037 server_bridge_pool_start = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614048 server_bridge_pool_end = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614059 push_entry = 'redirect-gateway def1 bypass-dhcp'
Mon Jul 24 10:47:21 2017 us=614070 push_entry = 'dhcp-option DNS 8.8.8.8'
Mon Jul 24 10:47:21 2017 us=614080 push_entry = 'dhcp-option DNS 8.8.4.4'
Mon Jul 24 10:47:21 2017 us=614090 push_entry = 'route 10.7.0.1'
Mon Jul 24 10:47:21 2017 us=614101 push_entry = 'topology net30'
Mon Jul 24 10:47:21 2017 us=614111 push_entry = 'ping 10'
Mon Jul 24 10:47:21 2017 us=614121 push_entry = 'ping-restart 120'
Mon Jul 24 10:47:21 2017 us=614152 ifconfig_pool_defined = ENABLED
Mon Jul 24 10:47:21 2017 us=614164 ifconfig_pool_start = 10.7.0.4
Mon Jul 24 10:47:21 2017 us=614176 ifconfig_pool_end = 10.7.0.251
Mon Jul 24 10:47:21 2017 us=614187 ifconfig_pool_netmask = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614198 ifconfig_pool_persist_filename = '/etc/openvpn/logs/ipp.txt'
Mon Jul 24 10:47:21 2017 us=614208 ifconfig_pool_persist_refresh_freq = 600
Mon Jul 24 10:47:21 2017 us=614219 ifconfig_ipv6_pool_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=614230 ifconfig_ipv6_pool_base = ::
Mon Jul 24 10:47:21 2017 us=614266 ifconfig_ipv6_pool_netbits = 0
Mon Jul 24 10:47:21 2017 us=614277 n_bcast_buf = 256
Mon Jul 24 10:47:21 2017 us=614288 tcp_queue_limit = 64
Mon Jul 24 10:47:21 2017 us=614298 real_hash_size = 256
Mon Jul 24 10:47:21 2017 us=614309 virtual_hash_size = 256
Mon Jul 24 10:47:21 2017 us=614319 client_connect_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614330 learn_address_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614340 client_disconnect_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614351 client_config_dir = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614361 ccd_exclusive = DISABLED
Mon Jul 24 10:47:21 2017 us=614372 tmp_dir = '/tmp'
Mon Jul 24 10:47:21 2017 us=614382 push_ifconfig_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=614394 push_ifconfig_local = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614405 push_ifconfig_remote_netmask = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614416 push_ifconfig_ipv6_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=614427 push_ifconfig_ipv6_local = ::/0
Mon Jul 24 10:47:21 2017 us=614438 push_ifconfig_ipv6_remote = ::
Mon Jul 24 10:47:21 2017 us=614449 enable_c2c = DISABLED
Mon Jul 24 10:47:21 2017 us=614459 duplicate_cn = DISABLED
Mon Jul 24 10:47:21 2017 us=614469 cf_max = 0
Mon Jul 24 10:47:21 2017 us=614480 cf_per = 0
Mon Jul 24 10:47:21 2017 us=614490 max_clients = 1024
Mon Jul 24 10:47:21 2017 us=614501 max_routes_per_client = 256
Mon Jul 24 10:47:21 2017 us=614511 auth_user_pass_verify_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614522 auth_user_pass_verify_script_via_file = DISABLED
Mon Jul 24 10:47:21 2017 us=614532 auth_token_generate = DISABLED
Mon Jul 24 10:47:21 2017 us=614543 auth_token_lifetime = 0
Mon Jul 24 10:47:21 2017 us=614553 port_share_host = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614564 port_share_port = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614574 client = DISABLED
Mon Jul 24 10:47:21 2017 us=614584 pull = DISABLED
Mon Jul 24 10:47:21 2017 us=614595 auth_user_pass_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614607 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Mon Jul 24 10:47:21 2017 us=614624 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Mon Jul 24 10:47:21 2017 us=617567 Diffie-Hellman initialized with 1024 bit key
Mon Jul 24 10:47:21 2017 us=618079 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Mon Jul 24 10:47:21 2017 us=618099 ECDH curve secp384r1 added
Mon Jul 24 10:47:21 2017 us=618231 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 24 10:47:21 2017 us=619060 ROUTE_GATEWAY 192.168.1.1
Mon Jul 24 10:47:21 2017 us=619611 TUN/TAP device tun0 opened
Mon Jul 24 10:47:21 2017 us=619645 TUN/TAP TX queue length set to 100
Mon Jul 24 10:47:21 2017 us=619665 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jul 24 10:47:21 2017 us=619686 /sbin/ip link set dev tun0 up mtu 1500
Mon Jul 24 10:47:21 2017 us=621492 /sbin/ip addr add dev tun0 local 10.7.0.1 peer 10.7.0.2
Mon Jul 24 10:47:21 2017 us=622895 /sbin/ip route add 10.7.0.0/24 via 10.7.0.2
Mon Jul 24 10:47:21 2017 us=624808 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 24 10:47:21 2017 us=624852 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Jul 24 10:47:21 2017 us=624884 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jul 24 10:47:21 2017 us=624913 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Jul 24 10:47:21 2017 us=624925 UDPv4 link remote: [AF_UNSPEC]
Mon Jul 24 10:47:21 2017 us=624946 MULTI: multi_init called, r=256 v=256
Mon Jul 24 10:47:21 2017 us=624986 IFCONFIG POOL: base=10.7.0.4 size=62, ipv6=0
Mon Jul 24 10:47:21 2017 us=625011 ifconfig_pool_read(), in='testLinux,10.7.0.4', TODO: IPv6
Mon Jul 24 10:47:21 2017 us=625025 succeeded -> ifconfig_pool_set()
Mon Jul 24 10:47:21 2017 us=625036 ifconfig_pool_read(), in='testLinuxCert,10.7.0.8', TODO: IPv6
Mon Jul 24 10:47:21 2017 us=625047 succeeded -> ifconfig_pool_set()
Mon Jul 24 10:47:21 2017 us=625073 IFCONFIG POOL LIST
Mon Jul 24 10:47:21 2017 us=625085 testLinux,10.7.0.4
Mon Jul 24 10:47:21 2017 us=625096 testLinuxCert,10.7.0.8
Mon Jul 24 10:47:21 2017 us=625185 Initialization Sequence Completed
Mon Jul 24 10:47:22 2017 us=958664 MULTI: multi_create_instance called
Mon Jul 24 10:47:22 2017 us=958726 192.168.1.241:49396 Re-using SSL/TLS context
Mon Jul 24 10:47:22 2017 us=958876 192.168.1.241:49396 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 24 10:47:22 2017 us=958891 192.168.1.241:49396 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 24 10:47:22 2017 us=958930 192.168.1.241:49396 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 24 10:47:22 2017 us=958974 192.168.1.241:49396 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 24 10:47:22 2017 us=959028 192.168.1.241:49396 TLS: Initial packet from [AF_INET]192.168.1.241:49396, sid=89b83f96 45df58bb
Mon Jul 24 10:47:22 2017 us=983846 192.168.1.241:49396 VERIFY OK: depth=1, C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=ca, name=ca, emailAddress=*********@gmail.com
Mon Jul 24 10:47:22 2017 us=983892 192.168.1.241:49396 VERIFY ERROR: depth=0, error=certificate signature failure: C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=James, name=James, emailAddress=****************@gmail.com
Mon Jul 24 10:47:22 2017 us=983964 192.168.1.241:49396 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mon Jul 24 10:47:22 2017 us=983977 192.168.1.241:49396 TLS_ERROR: BIO read tls_read_plaintext error
Mon Jul 24 10:47:22 2017 us=983990 192.168.1.241:49396 TLS Error: TLS object -> incoming plaintext read error
Mon Jul 24 10:47:22 2017 us=984001 192.168.1.241:49396 TLS Error: TLS handshake failed
Mon Jul 24 10:47:22 2017 us=984059 192.168.1.241:49396 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Jul 24 10:48:02 2017 us=565653 MULTI: multi_create_instance called
Mon Jul 24 10:48:02 2017 us=565725 192.168.1.241:56547 Re-using SSL/TLS context
Mon Jul 24 10:48:02 2017 us=565844 192.168.1.241:56547 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 24 10:48:02 2017 us=565859 192.168.1.241:56547 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 24 10:48:02 2017 us=565895 192.168.1.241:56547 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 24 10:48:02 2017 us=565907 192.168.1.241:56547 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 24 10:48:02 2017 us=565943 192.168.1.241:56547 TLS: Initial packet from [AF_INET]192.168.1.241:56547, sid=e3c335ef 47d37a0d
Mon Jul 24 10:48:02 2017 us=590871 192.168.1.241:56547 VERIFY OK: depth=1, C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=ca, name=ca, emailAddress=***************@gmail.com
Mon Jul 24 10:48:02 2017 us=590936 192.168.1.241:56547 VERIFY ERROR: depth=0, error=certificate signature failure: C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=James, name=James, emailAddress=VistaMedia4@gmail.com
Mon Jul 24 10:48:02 2017 us=590991 192.168.1.241:56547 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mon Jul 24 10:48:02 2017 us=591005 192.168.1.241:56547 TLS_ERROR: BIO read tls_read_plaintext error
Mon Jul 24 10:48:02 2017 us=591016 192.168.1.241:56547 TLS Error: TLS object -> incoming plaintext read error
Mon Jul 24 10:48:02 2017 us=591026 192.168.1.241:56547 TLS Error: TLS handshake failed
Mon Jul 24 10:48:02 2017 us=591111 192.168.1.241:56547 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Jul 24 10:49:12 2017 us=215318 event_wait : Interrupted system call (code=4)
Mon Jul 24 10:49:14 2017 us=217562 TCP/UDP: Closing socket
Mon Jul 24 10:49:14 2017 us=217627 /sbin/ip route del 10.7.0.0/24
Mon Jul 24 10:49:14 2017 us=219459 Closing TUN/TAP interface
Mon Jul 24 10:49:14 2017 us=219517 /sbin/ip addr del dev tun0 local 10.7.0.1 peer 10.7.0.2
Mon Jul 24 10:49:14 2017 us=241224 SIGTERM[hard,] received, process exiting
client
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
;remote 72.91.76.10 1194
;remote my-server-2 1194
remote 192.168.1.3 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "ca.crt"
cert "James.crt"
key "James.key"
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
# Set log file verbosity.
verb 4
log "C:\\Users\\VM Admin\\Desktop\\clientlog.txt"
# Silence repeating messages
;mute 20
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
;remote 72.91.76.10 1194
;remote my-server-2 1194
remote 192.168.1.3 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "ca.crt"
cert "James.crt"
key "James.key"
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo
# Set log file verbosity.
verb 4
log "C:\\Users\\VM Admin\\Desktop\\clientlog.txt"
# Silence repeating messages
;mute 20
Code: Select all
Mon Jul 24 10:48:01 2017 us=850000 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
Mon Jul 24 10:48:01 2017 us=850000 Current Parameter Settings:
Mon Jul 24 10:48:01 2017 us=850000 config = 'stdin'
Mon Jul 24 10:48:01 2017 us=850000 mode = 0
Mon Jul 24 10:48:01 2017 us=850000 show_ciphers = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 show_digests = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 show_engines = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 genkey = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 key_pass_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 show_tls_ciphers = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 Connection profiles [default]:
Mon Jul 24 10:48:01 2017 us=850000 proto = udp
Mon Jul 24 10:48:01 2017 us=850000 local = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 local_port = 1194
Mon Jul 24 10:48:01 2017 us=850000 remote = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 remote_port = 1194
Mon Jul 24 10:48:01 2017 us=850000 remote_float = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 bind_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 bind_local = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 connect_retry_seconds = 5
Mon Jul 24 10:48:01 2017 us=850000 connect_timeout = 10
Mon Jul 24 10:48:01 2017 us=850000 connect_retry_max = 0
Mon Jul 24 10:48:01 2017 us=850000 socks_proxy_server = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 socks_proxy_port = 0
Mon Jul 24 10:48:01 2017 us=850000 socks_proxy_retry = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 Connection profiles [0]:
Mon Jul 24 10:48:01 2017 us=850000 proto = udp
Mon Jul 24 10:48:01 2017 us=850000 local = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 local_port = 0
Mon Jul 24 10:48:01 2017 us=850000 remote = '192.168.1.3'
Mon Jul 24 10:48:01 2017 us=850000 remote_port = 1194
Mon Jul 24 10:48:01 2017 us=850000 remote_float = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 bind_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 bind_local = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 connect_retry_seconds = 5
Mon Jul 24 10:48:01 2017 us=850000 connect_timeout = 10
Mon Jul 24 10:48:01 2017 us=850000 connect_retry_max = 0
Mon Jul 24 10:48:01 2017 us=850000 socks_proxy_server = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 socks_proxy_port = 0
Mon Jul 24 10:48:01 2017 us=850000 socks_proxy_retry = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 Connection profiles END
Mon Jul 24 10:48:01 2017 us=850000 remote_random = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 ipchange = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 dev = 'tun'
Mon Jul 24 10:48:01 2017 us=850000 dev_type = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 dev_node = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 lladdr = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 topology = 1
Mon Jul 24 10:48:01 2017 us=850000 tun_ipv6 = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 ifconfig_local = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 ifconfig_remote_netmask = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 ifconfig_noexec = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 ifconfig_nowarn = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 shaper = 0
Mon Jul 24 10:48:01 2017 us=850000 tun_mtu = 1500
Mon Jul 24 10:48:01 2017 us=850000 tun_mtu_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 link_mtu = 1500
Mon Jul 24 10:48:01 2017 us=850000 link_mtu_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 tun_mtu_extra = 0
Mon Jul 24 10:48:01 2017 us=850000 tun_mtu_extra_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 fragment = 0
Mon Jul 24 10:48:01 2017 us=850000 mtu_discover_type = -1
Mon Jul 24 10:48:01 2017 us=850000 mtu_test = 0
Mon Jul 24 10:48:01 2017 us=850000 mlock = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 keepalive_ping = 0
Mon Jul 24 10:48:01 2017 us=850000 keepalive_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000 inactivity_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000 ping_send_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000 ping_rec_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000 ping_rec_timeout_action = 0
Mon Jul 24 10:48:01 2017 us=850000 ping_timer_remote = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 remap_sigusr1 = 0
Mon Jul 24 10:48:01 2017 us=850000 explicit_exit_notification = 0
Mon Jul 24 10:48:01 2017 us=850000 persist_tun = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 persist_local_ip = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 persist_remote_ip = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 persist_key = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 mssfix = 1450
Mon Jul 24 10:48:01 2017 us=850000 resolve_retry_seconds = 1000000000
Mon Jul 24 10:48:01 2017 us=850000 username = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 groupname = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 chroot_dir = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 cd_dir = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 writepid = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 up_script = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 down_script = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 down_pre = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 up_restart = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 up_delay = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 daemon = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 inetd = 0
Mon Jul 24 10:48:01 2017 us=850000 log = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 suppress_timestamps = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 nice = 0
Mon Jul 24 10:48:01 2017 us=850000 verbosity = 4
Mon Jul 24 10:48:01 2017 us=850000 mute = 0
Mon Jul 24 10:48:01 2017 us=850000 gremlin = 0
Mon Jul 24 10:48:01 2017 us=850000 status_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 status_file_version = 1
Mon Jul 24 10:48:01 2017 us=850000 status_file_update_freq = 60
Mon Jul 24 10:48:01 2017 us=850000 occ = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 rcvbuf = 0
Mon Jul 24 10:48:01 2017 us=850000 sndbuf = 0
Mon Jul 24 10:48:01 2017 us=850000 sockflags = 0
Mon Jul 24 10:48:01 2017 us=850000 fast_io = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 lzo = 0
Mon Jul 24 10:48:01 2017 us=850000 route_script = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 route_default_gateway = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 route_default_metric = 0
Mon Jul 24 10:48:01 2017 us=850000 route_noexec = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 route_delay = 5
Mon Jul 24 10:48:01 2017 us=850000 route_delay_window = 30
Mon Jul 24 10:48:01 2017 us=850000 route_delay_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 route_nopull = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 route_gateway_via_dhcp = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 max_routes = 100
Mon Jul 24 10:48:01 2017 us=850000 allow_pull_fqdn = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 management_addr = '127.0.0.1'
Mon Jul 24 10:48:01 2017 us=850000 management_port = 57310
Mon Jul 24 10:48:01 2017 us=850000 management_user_pass = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 management_log_history_cache = 250
Mon Jul 24 10:48:01 2017 us=850000 management_echo_buffer_size = 100
Mon Jul 24 10:48:01 2017 us=850000 management_write_peer_info_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 management_client_user = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 management_client_group = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 management_flags = 38
Mon Jul 24 10:48:01 2017 us=850000 shared_secret_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 key_direction = 0
Mon Jul 24 10:48:01 2017 us=850000 ciphername_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 ciphername = 'AES-256-CBC'
Mon Jul 24 10:48:01 2017 us=850000 authname_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 authname = 'SHA1'
Mon Jul 24 10:48:01 2017 us=850000 prng_hash = 'SHA1'
Mon Jul 24 10:48:01 2017 us=850000 prng_nonce_secret_len = 16
Mon Jul 24 10:48:01 2017 us=850000 keysize = 0
Mon Jul 24 10:48:01 2017 us=850000 engine = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 replay = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 mute_replay_warnings = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 replay_window = 64
Mon Jul 24 10:48:01 2017 us=850000 replay_time = 15
Mon Jul 24 10:48:01 2017 us=850000 packet_id_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 use_iv = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 test_crypto = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 tls_server = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 tls_client = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 key_method = 2
Mon Jul 24 10:48:01 2017 us=850000 ca_file = '[[INLINE]]'
Mon Jul 24 10:48:01 2017 us=850000 ca_path = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 dh_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 cert_file = '[[INLINE]]'
Mon Jul 24 10:48:01 2017 us=850000 priv_key_file = '[[INLINE]]'
Mon Jul 24 10:48:01 2017 us=850000 pkcs12_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 cryptoapi_cert = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 cipher_list = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 tls_verify = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 tls_remote = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 crl_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 ns_cert_type = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 160
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 136
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000 remote_cert_eku = 'TLS Web Server Authentication'
Mon Jul 24 10:48:01 2017 us=850000 tls_timeout = 2
Mon Jul 24 10:48:01 2017 us=850000 renegotiate_bytes = 0
Mon Jul 24 10:48:01 2017 us=850000 renegotiate_packets = 0
Mon Jul 24 10:48:01 2017 us=850000 renegotiate_seconds = 3600
Mon Jul 24 10:48:01 2017 us=850000 handshake_window = 60
Mon Jul 24 10:48:01 2017 us=850000 transition_window = 3600
Mon Jul 24 10:48:01 2017 us=850000 single_session = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 push_peer_info = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 tls_exit = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 tls_auth_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 client = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 pull = ENABLED
Mon Jul 24 10:48:01 2017 us=850000 auth_user_pass_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 show_net_up = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 route_method = 0
Mon Jul 24 10:48:01 2017 us=850000 ip_win32_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 ip_win32_type = 3
Mon Jul 24 10:48:01 2017 us=850000 dhcp_masq_offset = 0
Mon Jul 24 10:48:01 2017 us=850000 dhcp_lease_time = 31536000
Mon Jul 24 10:48:01 2017 us=850000 tap_sleep = 0
Mon Jul 24 10:48:01 2017 us=850000 dhcp_options = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 dhcp_renew = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 dhcp_pre_release = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 dhcp_release = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 domain = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 netbios_scope = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000 netbios_node_type = 0
Mon Jul 24 10:48:01 2017 us=850000 disable_nbt = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: Connected to management server at 127.0.0.1:57310
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'log on'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'state on'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'echo on'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'bytecount 5'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'hold off'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'hold release'
Mon Jul 24 10:48:01 2017 us=850000 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jul 24 10:48:02 2017 us=37000 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 24 10:48:02 2017 us=37000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jul 24 10:48:02 2017 us=37000 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Mon Jul 24 10:48:02 2017 us=37000 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 24 10:48:02 2017 us=37000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 24 10:48:02 2017 us=37000 Local Options hash (VER=V4): '2dd3fcaf'
Mon Jul 24 10:48:02 2017 us=37000 Expected Remote Options hash (VER=V4): '8114d01c'
Mon Jul 24 10:48:02 2017 us=37000 UDPv4 link local: [undef]
Mon Jul 24 10:48:02 2017 us=37000 UDPv4 link remote: 192.168.1.3:1194
Mon Jul 24 10:48:02 2017 us=37000 MANAGEMENT: >STATE:1500907682,WAIT,,,
Mon Jul 24 10:48:02 2017 us=37000 MANAGEMENT: >STATE:1500907682,AUTH,,,
Mon Jul 24 10:48:02 2017 us=37000 TLS: Initial packet from 192.168.1.3:1194, sid=7ac3502e 9348c8d3
Mon Jul 24 10:48:02 2017 us=53000 VERIFY OK: depth=1, /C=US/ST=FL/L=Largo/O=VistaMedia/OU=ICT/CN=ca/name=ca/emailAddress=***********@gmail.com
Mon Jul 24 10:48:02 2017 us=53000 Validating certificate key usage
Mon Jul 24 10:48:02 2017 us=53000 ++ Certificate has key usage 00a0, expects 00a0
Mon Jul 24 10:48:02 2017 us=53000 VERIFY KU OK
Mon Jul 24 10:48:02 2017 us=53000 Validating certificate extended key usage
Mon Jul 24 10:48:02 2017 us=53000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jul 24 10:48:02 2017 us=53000 VERIFY EKU OK
Mon Jul 24 10:48:02 2017 us=53000 VERIFY OK: depth=0, /C=US/ST=FL/L=Largo/O=VistaMedia/OU=ICT/CN=server/name=server/emailAddress=***************@gmail.com
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: CMD 'exit'
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: Client disconnected
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: Triggering management exit
Mon Jul 24 10:48:55 2017 us=561000 TCP/UDP: Closing socket
Mon Jul 24 10:48:55 2017 us=561000 SIGTERM[soft,management-exit] received, process exiting
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: >STATE:1500907735,EXITING,management-exit,,
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: certificate signature failure
JamesGFelg wrote:server.log
JamesGFelg wrote:Mon Jul 24 10:47:21 2017 us=614607 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Mon Jul 24 10:47:21 2017 us=614624 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
JamesGFelg wrote:client log
Use the openvpn community edition GUI .. and keep your system up to date.JamesGFelg wrote:Mon Jul 24 10:48:01 2017 us=850000 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
BTW:
This does not match your client config ..JamesGFelg wrote:client log
Code: Select all
Mon Jul 24 10:48:01 2017 us=850000 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined