certificate signature failure

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
JamesGFelg
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 13, 2017 7:03 pm

certificate signature failure

Post by JamesGFelg » Fri Jul 21, 2017 10:59 am

I am trying to change my OpenVPN server from my Windows tower to my Linux (CentOS 7 Min) with out having to re-issue all the certs. For testing reasons, i created new certs in the linux environment and connected to the server from my Windows tower to make sure the firewall was configured correctly. Everything worked but when I transferred over all the existing certs from the Windows tower, I am getting a
"VERIFY ERROR: depth=0, error=certificate signature failure:..."

Initially my linux openssl was out of date and i didn't realize until after i transferred the windows files, so i had to update that.
Now both versions of OpenSSL are up to date (Windows: 1.0.2k 26 Jan 2017, Linux 1.0.2l 25 May 2017) and verified my Client cert with the ca.crt through
openssl verify -CAfile ca.crt Client.crt
and it comes back good. I have also created a new client cert using the windows ca.crt and i was able to connect to the linux server, but still no luck with the existing client certs

Any help would be great, re-issuing the certs just isn't a good option at the moment.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: certificate signature failure

Post by TinCanTech » Fri Jul 21, 2017 6:08 pm

JamesGFelg wrote: I am getting a "VERIFY ERROR: depth=0, error=certificate signature failure:..."
Please see:
HOWTO: Request Help !

JamesGFelg
OpenVpn Newbie
Posts: 3
Joined: Tue Jun 13, 2017 7:03 pm

Re: certificate signature failure

Post by JamesGFelg » Mon Jul 24, 2017 3:08 pm

Sorry about that. My OpenVPN is community version, here are the docs.

server.conf --Server on CentOS 7 Minimum
server
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
proto udp
dev tun

ca "/etc/openvpn/ca.crt"
cert "/etc/openvpn/server.crt"
key "/etc/openvpn/server.key" # This file should be kept secret
dh "/etc/openvpn/dh1024.pem"

server 10.7.0.0 255.255.255.0
ifconfig-pool-persist "/etc/openvpn/logs/ipp.txt"

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status "/etc/openvpn/logs/openvpn-status.log"
verb 4
log server.log
explicit-exit-notify 1
server.log --Server on CentOS 7 Minimum

Code: Select all

Mon Jul 24 10:47:21 2017 us=611358 WARNING: file '/etc/openvpn/server.key' is group or others accessible
Mon Jul 24 10:47:21 2017 us=611464 Current Parameter Settings:
Mon Jul 24 10:47:21 2017 us=611480   config = 'server.conf'
Mon Jul 24 10:47:21 2017 us=611491   mode = 1
Mon Jul 24 10:47:21 2017 us=611502   persist_config = DISABLED
Mon Jul 24 10:47:21 2017 us=611512   persist_mode = 1
Mon Jul 24 10:47:21 2017 us=611523   show_ciphers = DISABLED
Mon Jul 24 10:47:21 2017 us=611533   show_digests = DISABLED
Mon Jul 24 10:47:21 2017 us=611543   show_engines = DISABLED
Mon Jul 24 10:47:21 2017 us=611554   genkey = DISABLED
Mon Jul 24 10:47:21 2017 us=611564   key_pass_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611575   show_tls_ciphers = DISABLED
Mon Jul 24 10:47:21 2017 us=611585   connect_retry_max = 0
Mon Jul 24 10:47:21 2017 us=611596 Connection profiles [0]:
Mon Jul 24 10:47:21 2017 us=611607   proto = udp
Mon Jul 24 10:47:21 2017 us=611617   local = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611628   local_port = '1194'
Mon Jul 24 10:47:21 2017 us=611638   remote = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611648   remote_port = '1194'
Mon Jul 24 10:47:21 2017 us=611659   remote_float = DISABLED
Mon Jul 24 10:47:21 2017 us=611669   bind_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=611679   bind_local = ENABLED
Mon Jul 24 10:47:21 2017 us=611689   bind_ipv6_only = DISABLED
Mon Jul 24 10:47:21 2017 us=611700   connect_retry_seconds = 5
Mon Jul 24 10:47:21 2017 us=611710   connect_timeout = 120
Mon Jul 24 10:47:21 2017 us=611720   socks_proxy_server = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611731   socks_proxy_port = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611741   tun_mtu = 1500
Mon Jul 24 10:47:21 2017 us=611752   tun_mtu_defined = ENABLED
Mon Jul 24 10:47:21 2017 us=611762   link_mtu = 1500
Mon Jul 24 10:47:21 2017 us=611772   link_mtu_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=611783   tun_mtu_extra = 0
Mon Jul 24 10:47:21 2017 us=611793   tun_mtu_extra_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=611803   mtu_discover_type = -1
Mon Jul 24 10:47:21 2017 us=611813   fragment = 0
Mon Jul 24 10:47:21 2017 us=611824   mssfix = 1450
Mon Jul 24 10:47:21 2017 us=611834   explicit_exit_notification = 1
Mon Jul 24 10:47:21 2017 us=611844 Connection profiles END
Mon Jul 24 10:47:21 2017 us=611854   remote_random = DISABLED
Mon Jul 24 10:47:21 2017 us=611865   ipchange = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611875   dev = 'tun'
Mon Jul 24 10:47:21 2017 us=611885   dev_type = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611896   dev_node = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611906   lladdr = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611916   topology = 1
Mon Jul 24 10:47:21 2017 us=611926   ifconfig_local = '10.7.0.1'
Mon Jul 24 10:47:21 2017 us=611936   ifconfig_remote_netmask = '10.7.0.2'
Mon Jul 24 10:47:21 2017 us=611947   ifconfig_noexec = DISABLED
Mon Jul 24 10:47:21 2017 us=611957   ifconfig_nowarn = DISABLED
Mon Jul 24 10:47:21 2017 us=611967   ifconfig_ipv6_local = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611978   ifconfig_ipv6_netbits = 0
Mon Jul 24 10:47:21 2017 us=611988   ifconfig_ipv6_remote = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=611998   shaper = 0
Mon Jul 24 10:47:21 2017 us=612008   mtu_test = 0
Mon Jul 24 10:47:21 2017 us=612019   mlock = DISABLED
Mon Jul 24 10:47:21 2017 us=612029   keepalive_ping = 10
Mon Jul 24 10:47:21 2017 us=612040   keepalive_timeout = 120
Mon Jul 24 10:47:21 2017 us=612050   inactivity_timeout = 0
Mon Jul 24 10:47:21 2017 us=612060   ping_send_timeout = 10
Mon Jul 24 10:47:21 2017 us=612070   ping_rec_timeout = 240
Mon Jul 24 10:47:21 2017 us=612081   ping_rec_timeout_action = 2
Mon Jul 24 10:47:21 2017 us=612091   ping_timer_remote = DISABLED
Mon Jul 24 10:47:21 2017 us=612101   remap_sigusr1 = 0
Mon Jul 24 10:47:21 2017 us=612112   persist_tun = ENABLED
Mon Jul 24 10:47:21 2017 us=612122   persist_local_ip = DISABLED
Mon Jul 24 10:47:21 2017 us=612151   persist_remote_ip = DISABLED
Mon Jul 24 10:47:21 2017 us=612162   persist_key = ENABLED
Mon Jul 24 10:47:21 2017 us=612172   passtos = DISABLED
Mon Jul 24 10:47:21 2017 us=612190   resolve_retry_seconds = 1000000000
Mon Jul 24 10:47:21 2017 us=612201   resolve_in_advance = DISABLED
Mon Jul 24 10:47:21 2017 us=612211   username = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612221   groupname = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612232   chroot_dir = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612242   cd_dir = '/etc/openvpn/'
Mon Jul 24 10:47:21 2017 us=612264   selinux_context = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612275   writepid = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612285   up_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612296   down_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612306   down_pre = DISABLED
Mon Jul 24 10:47:21 2017 us=612316   up_restart = DISABLED
Mon Jul 24 10:47:21 2017 us=612326   up_delay = DISABLED
Mon Jul 24 10:47:21 2017 us=612336   daemon = DISABLED
Mon Jul 24 10:47:21 2017 us=612347   inetd = 0
Mon Jul 24 10:47:21 2017 us=612357   log = ENABLED
Mon Jul 24 10:47:21 2017 us=612367   suppress_timestamps = DISABLED
Mon Jul 24 10:47:21 2017 us=612378   machine_readable_output = DISABLED
Mon Jul 24 10:47:21 2017 us=612388   nice = 0
Mon Jul 24 10:47:21 2017 us=612398   verbosity = 4
Mon Jul 24 10:47:21 2017 us=612409   mute = 0
Mon Jul 24 10:47:21 2017 us=612419   gremlin = 0
Mon Jul 24 10:47:21 2017 us=612429   status_file = '/etc/openvpn/logs/openvpn-status.log'
Mon Jul 24 10:47:21 2017 us=612440   status_file_version = 1
Mon Jul 24 10:47:21 2017 us=612450   status_file_update_freq = 60
Mon Jul 24 10:47:21 2017 us=612460   occ = ENABLED
Mon Jul 24 10:47:21 2017 us=612471   rcvbuf = 0
Mon Jul 24 10:47:21 2017 us=612481   sndbuf = 0
Mon Jul 24 10:47:21 2017 us=612491   mark = 0
Mon Jul 24 10:47:21 2017 us=612501   sockflags = 0
Mon Jul 24 10:47:21 2017 us=612511   fast_io = DISABLED
Mon Jul 24 10:47:21 2017 us=612522   comp.alg = 0
Mon Jul 24 10:47:21 2017 us=612532   comp.flags = 0
Mon Jul 24 10:47:21 2017 us=612543   route_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612553   route_default_gateway = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612564   route_default_metric = 0
Mon Jul 24 10:47:21 2017 us=612574   route_noexec = DISABLED
Mon Jul 24 10:47:21 2017 us=612585   route_delay = 0
Mon Jul 24 10:47:21 2017 us=612595   route_delay_window = 30
Mon Jul 24 10:47:21 2017 us=612605   route_delay_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=612615   route_nopull = DISABLED
Mon Jul 24 10:47:21 2017 us=612626   route_gateway_via_dhcp = DISABLED
Mon Jul 24 10:47:21 2017 us=612636   allow_pull_fqdn = DISABLED
Mon Jul 24 10:47:21 2017 us=612648   route 10.7.0.0/255.255.255.0/default (not set)/default (not set)
Mon Jul 24 10:47:21 2017 us=612659   management_addr = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612669   management_port = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612680   management_user_pass = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612690   management_log_history_cache = 250
Mon Jul 24 10:47:21 2017 us=612700   management_echo_buffer_size = 100
Mon Jul 24 10:47:21 2017 us=612711   management_write_peer_info_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612722   management_client_user = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612732   management_client_group = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612742   management_flags = 0
Mon Jul 24 10:47:21 2017 us=612753   shared_secret_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612763   key_direction = 0
Mon Jul 24 10:47:21 2017 us=612774   ciphername = 'AES-256-CBC'
Mon Jul 24 10:47:21 2017 us=612784   ncp_enabled = ENABLED
Mon Jul 24 10:47:21 2017 us=612795   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Mon Jul 24 10:47:21 2017 us=612805   authname = 'SHA1'
Mon Jul 24 10:47:21 2017 us=612816   prng_hash = 'SHA1'
Mon Jul 24 10:47:21 2017 us=612826   prng_nonce_secret_len = 16
Mon Jul 24 10:47:21 2017 us=612836   keysize = 0
Mon Jul 24 10:47:21 2017 us=612846   engine = DISABLED
Mon Jul 24 10:47:21 2017 us=612857   replay = ENABLED
Mon Jul 24 10:47:21 2017 us=612867   mute_replay_warnings = DISABLED
Mon Jul 24 10:47:21 2017 us=612877   replay_window = 64
Mon Jul 24 10:47:21 2017 us=612887   replay_time = 15
Mon Jul 24 10:47:21 2017 us=612904   packet_id_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612915   use_iv = ENABLED
Mon Jul 24 10:47:21 2017 us=612925   test_crypto = DISABLED
Mon Jul 24 10:47:21 2017 us=612936   tls_server = ENABLED
Mon Jul 24 10:47:21 2017 us=612946   tls_client = DISABLED
Mon Jul 24 10:47:21 2017 us=612956   key_method = 2
Mon Jul 24 10:47:21 2017 us=612967   ca_file = '/etc/openvpn/ca.crt'
Mon Jul 24 10:47:21 2017 us=612977   ca_path = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=612987   dh_file = '/etc/openvpn/dh1024.pem'
Mon Jul 24 10:47:21 2017 us=612998   cert_file = '/etc/openvpn/server.crt'
Mon Jul 24 10:47:21 2017 us=613008   extra_certs_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613019   priv_key_file = '/etc/openvpn/server.key'
Mon Jul 24 10:47:21 2017 us=613029   pkcs12_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613040   cipher_list = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613050   tls_verify = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613060   tls_export_cert = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613071   verify_x509_type = 0
Mon Jul 24 10:47:21 2017 us=613081   verify_x509_name = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613091   crl_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613102   ns_cert_type = 0
Mon Jul 24 10:47:21 2017 us=613112   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613122   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613149   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613160   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613170   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613180   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613190   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613200   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613211   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613221   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613231   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613241   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613251   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613261   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613272   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613282   remote_cert_ku[i] = 0
Mon Jul 24 10:47:21 2017 us=613292   remote_cert_eku = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613303   ssl_flags = 0
Mon Jul 24 10:47:21 2017 us=613313   tls_timeout = 2
Mon Jul 24 10:47:21 2017 us=613323   renegotiate_bytes = -1
Mon Jul 24 10:47:21 2017 us=613333   renegotiate_packets = 0
Mon Jul 24 10:47:21 2017 us=613344   renegotiate_seconds = 3600
Mon Jul 24 10:47:21 2017 us=613355   handshake_window = 60
Mon Jul 24 10:47:21 2017 us=613365   transition_window = 3600
Mon Jul 24 10:47:21 2017 us=613376   single_session = DISABLED
Mon Jul 24 10:47:21 2017 us=613386   push_peer_info = DISABLED
Mon Jul 24 10:47:21 2017 us=613397   tls_exit = DISABLED
Mon Jul 24 10:47:21 2017 us=613407   tls_auth_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613417   tls_crypt_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613428   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613439   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613449   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613459   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613470   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613480   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613490   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613501   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613511   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613521   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613531   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613542   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613552   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613562   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613578   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613589   pkcs11_protected_authentication = DISABLED
Mon Jul 24 10:47:21 2017 us=613600   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613611   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613621   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613632   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613642   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613653   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613663   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613673   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613684   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613694   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613705   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613715   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613725   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613736   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613746   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613757   pkcs11_private_mode = 00000000
Mon Jul 24 10:47:21 2017 us=613767   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613777   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613788   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613798   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613808   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613818   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613828   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613839   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613849   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613859   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613869   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613880   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613890   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613900   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613911   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613921   pkcs11_cert_private = DISABLED
Mon Jul 24 10:47:21 2017 us=613931   pkcs11_pin_cache_period = -1
Mon Jul 24 10:47:21 2017 us=613942   pkcs11_id = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=613952   pkcs11_id_management = DISABLED
Mon Jul 24 10:47:21 2017 us=613964   server_network = 10.7.0.0
Mon Jul 24 10:47:21 2017 us=613975   server_netmask = 255.255.255.0
Mon Jul 24 10:47:21 2017 us=613992   server_network_ipv6 = ::
Mon Jul 24 10:47:21 2017 us=614003   server_netbits_ipv6 = 0
Mon Jul 24 10:47:21 2017 us=614014   server_bridge_ip = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614026   server_bridge_netmask = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614037   server_bridge_pool_start = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614048   server_bridge_pool_end = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614059   push_entry = 'redirect-gateway def1 bypass-dhcp'
Mon Jul 24 10:47:21 2017 us=614070   push_entry = 'dhcp-option DNS 8.8.8.8'
Mon Jul 24 10:47:21 2017 us=614080   push_entry = 'dhcp-option DNS 8.8.4.4'
Mon Jul 24 10:47:21 2017 us=614090   push_entry = 'route 10.7.0.1'
Mon Jul 24 10:47:21 2017 us=614101   push_entry = 'topology net30'
Mon Jul 24 10:47:21 2017 us=614111   push_entry = 'ping 10'
Mon Jul 24 10:47:21 2017 us=614121   push_entry = 'ping-restart 120'
Mon Jul 24 10:47:21 2017 us=614152   ifconfig_pool_defined = ENABLED
Mon Jul 24 10:47:21 2017 us=614164   ifconfig_pool_start = 10.7.0.4
Mon Jul 24 10:47:21 2017 us=614176   ifconfig_pool_end = 10.7.0.251
Mon Jul 24 10:47:21 2017 us=614187   ifconfig_pool_netmask = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614198   ifconfig_pool_persist_filename = '/etc/openvpn/logs/ipp.txt'
Mon Jul 24 10:47:21 2017 us=614208   ifconfig_pool_persist_refresh_freq = 600
Mon Jul 24 10:47:21 2017 us=614219   ifconfig_ipv6_pool_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=614230   ifconfig_ipv6_pool_base = ::
Mon Jul 24 10:47:21 2017 us=614266   ifconfig_ipv6_pool_netbits = 0
Mon Jul 24 10:47:21 2017 us=614277   n_bcast_buf = 256
Mon Jul 24 10:47:21 2017 us=614288   tcp_queue_limit = 64
Mon Jul 24 10:47:21 2017 us=614298   real_hash_size = 256
Mon Jul 24 10:47:21 2017 us=614309   virtual_hash_size = 256
Mon Jul 24 10:47:21 2017 us=614319   client_connect_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614330   learn_address_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614340   client_disconnect_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614351   client_config_dir = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614361   ccd_exclusive = DISABLED
Mon Jul 24 10:47:21 2017 us=614372   tmp_dir = '/tmp'
Mon Jul 24 10:47:21 2017 us=614382   push_ifconfig_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=614394   push_ifconfig_local = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614405   push_ifconfig_remote_netmask = 0.0.0.0
Mon Jul 24 10:47:21 2017 us=614416   push_ifconfig_ipv6_defined = DISABLED
Mon Jul 24 10:47:21 2017 us=614427   push_ifconfig_ipv6_local = ::/0
Mon Jul 24 10:47:21 2017 us=614438   push_ifconfig_ipv6_remote = ::
Mon Jul 24 10:47:21 2017 us=614449   enable_c2c = DISABLED
Mon Jul 24 10:47:21 2017 us=614459   duplicate_cn = DISABLED
Mon Jul 24 10:47:21 2017 us=614469   cf_max = 0
Mon Jul 24 10:47:21 2017 us=614480   cf_per = 0
Mon Jul 24 10:47:21 2017 us=614490   max_clients = 1024
Mon Jul 24 10:47:21 2017 us=614501   max_routes_per_client = 256
Mon Jul 24 10:47:21 2017 us=614511   auth_user_pass_verify_script = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614522   auth_user_pass_verify_script_via_file = DISABLED
Mon Jul 24 10:47:21 2017 us=614532   auth_token_generate = DISABLED
Mon Jul 24 10:47:21 2017 us=614543   auth_token_lifetime = 0
Mon Jul 24 10:47:21 2017 us=614553   port_share_host = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614564   port_share_port = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614574   client = DISABLED
Mon Jul 24 10:47:21 2017 us=614584   pull = DISABLED
Mon Jul 24 10:47:21 2017 us=614595   auth_user_pass_file = '[UNDEF]'
Mon Jul 24 10:47:21 2017 us=614607 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Mon Jul 24 10:47:21 2017 us=614624 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Mon Jul 24 10:47:21 2017 us=617567 Diffie-Hellman initialized with 1024 bit key
Mon Jul 24 10:47:21 2017 us=618079 Failed to extract curve from certificate (UNDEF), using secp384r1 instead.
Mon Jul 24 10:47:21 2017 us=618099 ECDH curve secp384r1 added
Mon Jul 24 10:47:21 2017 us=618231 TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 24 10:47:21 2017 us=619060 ROUTE_GATEWAY 192.168.1.1
Mon Jul 24 10:47:21 2017 us=619611 TUN/TAP device tun0 opened
Mon Jul 24 10:47:21 2017 us=619645 TUN/TAP TX queue length set to 100
Mon Jul 24 10:47:21 2017 us=619665 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Jul 24 10:47:21 2017 us=619686 /sbin/ip link set dev tun0 up mtu 1500
Mon Jul 24 10:47:21 2017 us=621492 /sbin/ip addr add dev tun0 local 10.7.0.1 peer 10.7.0.2
Mon Jul 24 10:47:21 2017 us=622895 /sbin/ip route add 10.7.0.0/24 via 10.7.0.2
Mon Jul 24 10:47:21 2017 us=624808 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 24 10:47:21 2017 us=624852 Could not determine IPv4/IPv6 protocol. Using AF_INET
Mon Jul 24 10:47:21 2017 us=624884 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Jul 24 10:47:21 2017 us=624913 UDPv4 link local (bound): [AF_INET][undef]:1194
Mon Jul 24 10:47:21 2017 us=624925 UDPv4 link remote: [AF_UNSPEC]
Mon Jul 24 10:47:21 2017 us=624946 MULTI: multi_init called, r=256 v=256
Mon Jul 24 10:47:21 2017 us=624986 IFCONFIG POOL: base=10.7.0.4 size=62, ipv6=0
Mon Jul 24 10:47:21 2017 us=625011 ifconfig_pool_read(), in='testLinux,10.7.0.4', TODO: IPv6
Mon Jul 24 10:47:21 2017 us=625025 succeeded -> ifconfig_pool_set()
Mon Jul 24 10:47:21 2017 us=625036 ifconfig_pool_read(), in='testLinuxCert,10.7.0.8', TODO: IPv6
Mon Jul 24 10:47:21 2017 us=625047 succeeded -> ifconfig_pool_set()
Mon Jul 24 10:47:21 2017 us=625073 IFCONFIG POOL LIST
Mon Jul 24 10:47:21 2017 us=625085 testLinux,10.7.0.4
Mon Jul 24 10:47:21 2017 us=625096 testLinuxCert,10.7.0.8
Mon Jul 24 10:47:21 2017 us=625185 Initialization Sequence Completed
Mon Jul 24 10:47:22 2017 us=958664 MULTI: multi_create_instance called
Mon Jul 24 10:47:22 2017 us=958726 192.168.1.241:49396 Re-using SSL/TLS context
Mon Jul 24 10:47:22 2017 us=958876 192.168.1.241:49396 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 24 10:47:22 2017 us=958891 192.168.1.241:49396 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 24 10:47:22 2017 us=958930 192.168.1.241:49396 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 24 10:47:22 2017 us=958974 192.168.1.241:49396 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 24 10:47:22 2017 us=959028 192.168.1.241:49396 TLS: Initial packet from [AF_INET]192.168.1.241:49396, sid=89b83f96 45df58bb
Mon Jul 24 10:47:22 2017 us=983846 192.168.1.241:49396 VERIFY OK: depth=1, C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=ca, name=ca, emailAddress=*********@gmail.com
Mon Jul 24 10:47:22 2017 us=983892 192.168.1.241:49396 VERIFY ERROR: depth=0, error=certificate signature failure: C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=James, name=James, emailAddress=****************@gmail.com
Mon Jul 24 10:47:22 2017 us=983964 192.168.1.241:49396 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mon Jul 24 10:47:22 2017 us=983977 192.168.1.241:49396 TLS_ERROR: BIO read tls_read_plaintext error
Mon Jul 24 10:47:22 2017 us=983990 192.168.1.241:49396 TLS Error: TLS object -> incoming plaintext read error
Mon Jul 24 10:47:22 2017 us=984001 192.168.1.241:49396 TLS Error: TLS handshake failed
Mon Jul 24 10:47:22 2017 us=984059 192.168.1.241:49396 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Jul 24 10:48:02 2017 us=565653 MULTI: multi_create_instance called
Mon Jul 24 10:48:02 2017 us=565725 192.168.1.241:56547 Re-using SSL/TLS context
Mon Jul 24 10:48:02 2017 us=565844 192.168.1.241:56547 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jul 24 10:48:02 2017 us=565859 192.168.1.241:56547 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Jul 24 10:48:02 2017 us=565895 192.168.1.241:56547 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 24 10:48:02 2017 us=565907 192.168.1.241:56547 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 24 10:48:02 2017 us=565943 192.168.1.241:56547 TLS: Initial packet from [AF_INET]192.168.1.241:56547, sid=e3c335ef 47d37a0d
Mon Jul 24 10:48:02 2017 us=590871 192.168.1.241:56547 VERIFY OK: depth=1, C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=ca, name=ca, emailAddress=***************@gmail.com
Mon Jul 24 10:48:02 2017 us=590936 192.168.1.241:56547 VERIFY ERROR: depth=0, error=certificate signature failure: C=US, ST=FL, L=Largo, O=VistaMedia, OU=ICT, CN=James, name=James, emailAddress=VistaMedia4@gmail.com
Mon Jul 24 10:48:02 2017 us=590991 192.168.1.241:56547 OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mon Jul 24 10:48:02 2017 us=591005 192.168.1.241:56547 TLS_ERROR: BIO read tls_read_plaintext error
Mon Jul 24 10:48:02 2017 us=591016 192.168.1.241:56547 TLS Error: TLS object -> incoming plaintext read error
Mon Jul 24 10:48:02 2017 us=591026 192.168.1.241:56547 TLS Error: TLS handshake failed
Mon Jul 24 10:48:02 2017 us=591111 192.168.1.241:56547 SIGUSR1[soft,tls-error] received, client-instance restarting
Mon Jul 24 10:49:12 2017 us=215318 event_wait : Interrupted system call (code=4)
Mon Jul 24 10:49:14 2017 us=217562 TCP/UDP: Closing socket
Mon Jul 24 10:49:14 2017 us=217627 /sbin/ip route del 10.7.0.0/24
Mon Jul 24 10:49:14 2017 us=219459 Closing TUN/TAP interface
Mon Jul 24 10:49:14 2017 us=219517 /sbin/ip addr del dev tun0 local 10.7.0.1 peer 10.7.0.2
Mon Jul 24 10:49:14 2017 us=241224 SIGTERM[hard,] received, process exiting
client.ovpn --Windows 7 Pro
client
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################

# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client

# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap

# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
;remote 72.91.76.10 1194
;remote my-server-2 1194
remote 192.168.1.3 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# Most clients don't need to bind to
# a specific local port number.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings

# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca "ca.crt"
cert "James.crt"
key "James.key"

# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server

# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that 2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC

# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
#comp-lzo

# Set log file verbosity.
verb 4
log "C:\\Users\\VM Admin\\Desktop\\clientlog.txt"

# Silence repeating messages
;mute 20
client log

Code: Select all

Mon Jul 24 10:48:01 2017 us=850000 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
Mon Jul 24 10:48:01 2017 us=850000 Current Parameter Settings:
Mon Jul 24 10:48:01 2017 us=850000   config = 'stdin'
Mon Jul 24 10:48:01 2017 us=850000   mode = 0
Mon Jul 24 10:48:01 2017 us=850000   show_ciphers = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   show_digests = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   show_engines = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   genkey = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   key_pass_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   show_tls_ciphers = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 Connection profiles [default]:
Mon Jul 24 10:48:01 2017 us=850000   proto = udp
Mon Jul 24 10:48:01 2017 us=850000   local = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   local_port = 1194
Mon Jul 24 10:48:01 2017 us=850000   remote = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   remote_port = 1194
Mon Jul 24 10:48:01 2017 us=850000   remote_float = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   bind_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   bind_local = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   connect_retry_seconds = 5
Mon Jul 24 10:48:01 2017 us=850000   connect_timeout = 10
Mon Jul 24 10:48:01 2017 us=850000   connect_retry_max = 0
Mon Jul 24 10:48:01 2017 us=850000   socks_proxy_server = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   socks_proxy_port = 0
Mon Jul 24 10:48:01 2017 us=850000   socks_proxy_retry = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 Connection profiles [0]:
Mon Jul 24 10:48:01 2017 us=850000   proto = udp
Mon Jul 24 10:48:01 2017 us=850000   local = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   local_port = 0
Mon Jul 24 10:48:01 2017 us=850000   remote = '192.168.1.3'
Mon Jul 24 10:48:01 2017 us=850000   remote_port = 1194
Mon Jul 24 10:48:01 2017 us=850000   remote_float = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   bind_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   bind_local = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   connect_retry_seconds = 5
Mon Jul 24 10:48:01 2017 us=850000   connect_timeout = 10
Mon Jul 24 10:48:01 2017 us=850000   connect_retry_max = 0
Mon Jul 24 10:48:01 2017 us=850000   socks_proxy_server = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   socks_proxy_port = 0
Mon Jul 24 10:48:01 2017 us=850000   socks_proxy_retry = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 Connection profiles END
Mon Jul 24 10:48:01 2017 us=850000   remote_random = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   ipchange = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   dev = 'tun'
Mon Jul 24 10:48:01 2017 us=850000   dev_type = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   dev_node = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   lladdr = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   topology = 1
Mon Jul 24 10:48:01 2017 us=850000   tun_ipv6 = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   ifconfig_local = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   ifconfig_remote_netmask = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   ifconfig_noexec = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   ifconfig_nowarn = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   shaper = 0
Mon Jul 24 10:48:01 2017 us=850000   tun_mtu = 1500
Mon Jul 24 10:48:01 2017 us=850000   tun_mtu_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   link_mtu = 1500
Mon Jul 24 10:48:01 2017 us=850000   link_mtu_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   tun_mtu_extra = 0
Mon Jul 24 10:48:01 2017 us=850000   tun_mtu_extra_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   fragment = 0
Mon Jul 24 10:48:01 2017 us=850000   mtu_discover_type = -1
Mon Jul 24 10:48:01 2017 us=850000   mtu_test = 0
Mon Jul 24 10:48:01 2017 us=850000   mlock = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   keepalive_ping = 0
Mon Jul 24 10:48:01 2017 us=850000   keepalive_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000   inactivity_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000   ping_send_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000   ping_rec_timeout = 0
Mon Jul 24 10:48:01 2017 us=850000   ping_rec_timeout_action = 0
Mon Jul 24 10:48:01 2017 us=850000   ping_timer_remote = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   remap_sigusr1 = 0
Mon Jul 24 10:48:01 2017 us=850000   explicit_exit_notification = 0
Mon Jul 24 10:48:01 2017 us=850000   persist_tun = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   persist_local_ip = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   persist_remote_ip = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   persist_key = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   mssfix = 1450
Mon Jul 24 10:48:01 2017 us=850000   resolve_retry_seconds = 1000000000
Mon Jul 24 10:48:01 2017 us=850000   username = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   groupname = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   chroot_dir = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   cd_dir = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   writepid = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   up_script = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   down_script = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   down_pre = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   up_restart = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   up_delay = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   daemon = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   inetd = 0
Mon Jul 24 10:48:01 2017 us=850000   log = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   suppress_timestamps = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   nice = 0
Mon Jul 24 10:48:01 2017 us=850000   verbosity = 4
Mon Jul 24 10:48:01 2017 us=850000   mute = 0
Mon Jul 24 10:48:01 2017 us=850000   gremlin = 0
Mon Jul 24 10:48:01 2017 us=850000   status_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   status_file_version = 1
Mon Jul 24 10:48:01 2017 us=850000   status_file_update_freq = 60
Mon Jul 24 10:48:01 2017 us=850000   occ = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   rcvbuf = 0
Mon Jul 24 10:48:01 2017 us=850000   sndbuf = 0
Mon Jul 24 10:48:01 2017 us=850000   sockflags = 0
Mon Jul 24 10:48:01 2017 us=850000   fast_io = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   lzo = 0
Mon Jul 24 10:48:01 2017 us=850000   route_script = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   route_default_gateway = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   route_default_metric = 0
Mon Jul 24 10:48:01 2017 us=850000   route_noexec = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   route_delay = 5
Mon Jul 24 10:48:01 2017 us=850000   route_delay_window = 30
Mon Jul 24 10:48:01 2017 us=850000   route_delay_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   route_nopull = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   route_gateway_via_dhcp = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   max_routes = 100
Mon Jul 24 10:48:01 2017 us=850000   allow_pull_fqdn = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   management_addr = '127.0.0.1'
Mon Jul 24 10:48:01 2017 us=850000   management_port = 57310
Mon Jul 24 10:48:01 2017 us=850000   management_user_pass = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   management_log_history_cache = 250
Mon Jul 24 10:48:01 2017 us=850000   management_echo_buffer_size = 100
Mon Jul 24 10:48:01 2017 us=850000   management_write_peer_info_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   management_client_user = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   management_client_group = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   management_flags = 38
Mon Jul 24 10:48:01 2017 us=850000   shared_secret_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   key_direction = 0
Mon Jul 24 10:48:01 2017 us=850000   ciphername_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   ciphername = 'AES-256-CBC'
Mon Jul 24 10:48:01 2017 us=850000   authname_defined = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   authname = 'SHA1'
Mon Jul 24 10:48:01 2017 us=850000   prng_hash = 'SHA1'
Mon Jul 24 10:48:01 2017 us=850000   prng_nonce_secret_len = 16
Mon Jul 24 10:48:01 2017 us=850000   keysize = 0
Mon Jul 24 10:48:01 2017 us=850000   engine = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   replay = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   mute_replay_warnings = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   replay_window = 64
Mon Jul 24 10:48:01 2017 us=850000   replay_time = 15
Mon Jul 24 10:48:01 2017 us=850000   packet_id_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   use_iv = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   test_crypto = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   tls_server = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   tls_client = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   key_method = 2
Mon Jul 24 10:48:01 2017 us=850000   ca_file = '[[INLINE]]'
Mon Jul 24 10:48:01 2017 us=850000   ca_path = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   dh_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   cert_file = '[[INLINE]]'
Mon Jul 24 10:48:01 2017 us=850000   priv_key_file = '[[INLINE]]'
Mon Jul 24 10:48:01 2017 us=850000   pkcs12_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   cryptoapi_cert = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   cipher_list = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   tls_verify = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   tls_remote = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   crl_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   ns_cert_type = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 160
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 136
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_ku[i] = 0
Mon Jul 24 10:48:01 2017 us=850000   remote_cert_eku = 'TLS Web Server Authentication'
Mon Jul 24 10:48:01 2017 us=850000   tls_timeout = 2
Mon Jul 24 10:48:01 2017 us=850000   renegotiate_bytes = 0
Mon Jul 24 10:48:01 2017 us=850000   renegotiate_packets = 0
Mon Jul 24 10:48:01 2017 us=850000   renegotiate_seconds = 3600
Mon Jul 24 10:48:01 2017 us=850000   handshake_window = 60
Mon Jul 24 10:48:01 2017 us=850000   transition_window = 3600
Mon Jul 24 10:48:01 2017 us=850000   single_session = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   push_peer_info = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   tls_exit = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   tls_auth_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   client = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   pull = ENABLED
Mon Jul 24 10:48:01 2017 us=850000   auth_user_pass_file = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   show_net_up = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   route_method = 0
Mon Jul 24 10:48:01 2017 us=850000   ip_win32_defined = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   ip_win32_type = 3
Mon Jul 24 10:48:01 2017 us=850000   dhcp_masq_offset = 0
Mon Jul 24 10:48:01 2017 us=850000   dhcp_lease_time = 31536000
Mon Jul 24 10:48:01 2017 us=850000   tap_sleep = 0
Mon Jul 24 10:48:01 2017 us=850000   dhcp_options = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   dhcp_renew = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   dhcp_pre_release = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   dhcp_release = DISABLED
Mon Jul 24 10:48:01 2017 us=850000   domain = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   netbios_scope = '[UNDEF]'
Mon Jul 24 10:48:01 2017 us=850000   netbios_node_type = 0
Mon Jul 24 10:48:01 2017 us=850000   disable_nbt = DISABLED
Mon Jul 24 10:48:01 2017 us=850000 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: Connected to management server at 127.0.0.1:57310
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'log on'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'state on'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'echo on'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'bytecount 5'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'hold off'
Mon Jul 24 10:48:01 2017 us=850000 MANAGEMENT: CMD 'hold release'
Mon Jul 24 10:48:01 2017 us=850000 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jul 24 10:48:02 2017 us=37000 Control Channel MTU parms [ L:1557 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 24 10:48:02 2017 us=37000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jul 24 10:48:02 2017 us=37000 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:4 ET:0 EL:0 ]
Mon Jul 24 10:48:02 2017 us=37000 Local Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Mon Jul 24 10:48:02 2017 us=37000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Mon Jul 24 10:48:02 2017 us=37000 Local Options hash (VER=V4): '2dd3fcaf'
Mon Jul 24 10:48:02 2017 us=37000 Expected Remote Options hash (VER=V4): '8114d01c'
Mon Jul 24 10:48:02 2017 us=37000 UDPv4 link local: [undef]
Mon Jul 24 10:48:02 2017 us=37000 UDPv4 link remote: 192.168.1.3:1194
Mon Jul 24 10:48:02 2017 us=37000 MANAGEMENT: >STATE:1500907682,WAIT,,,
Mon Jul 24 10:48:02 2017 us=37000 MANAGEMENT: >STATE:1500907682,AUTH,,,
Mon Jul 24 10:48:02 2017 us=37000 TLS: Initial packet from 192.168.1.3:1194, sid=7ac3502e 9348c8d3
Mon Jul 24 10:48:02 2017 us=53000 VERIFY OK: depth=1, /C=US/ST=FL/L=Largo/O=VistaMedia/OU=ICT/CN=ca/name=ca/emailAddress=***********@gmail.com
Mon Jul 24 10:48:02 2017 us=53000 Validating certificate key usage
Mon Jul 24 10:48:02 2017 us=53000 ++ Certificate has key usage  00a0, expects 00a0
Mon Jul 24 10:48:02 2017 us=53000 VERIFY KU OK
Mon Jul 24 10:48:02 2017 us=53000 Validating certificate extended key usage
Mon Jul 24 10:48:02 2017 us=53000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Jul 24 10:48:02 2017 us=53000 VERIFY EKU OK
Mon Jul 24 10:48:02 2017 us=53000 VERIFY OK: depth=0, /C=US/ST=FL/L=Largo/O=VistaMedia/OU=ICT/CN=server/name=server/emailAddress=***************@gmail.com
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: CMD 'exit'
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: Client disconnected
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: Triggering management exit
Mon Jul 24 10:48:55 2017 us=561000 TCP/UDP: Closing socket
Mon Jul 24 10:48:55 2017 us=561000 SIGTERM[soft,management-exit] received, process exiting
Mon Jul 24 10:48:55 2017 us=561000 MANAGEMENT: >STATE:1500907735,EXITING,management-exit,,

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: certificate signature failure

Post by TinCanTech » Mon Jul 24, 2017 7:48 pm

JamesGFelg wrote:server.log
JamesGFelg wrote:Mon Jul 24 10:47:21 2017 us=614607 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Mon Jul 24 10:47:21 2017 us=614624 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
JamesGFelg wrote:client log
JamesGFelg wrote:Mon Jul 24 10:48:01 2017 us=850000 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Use the openvpn community edition GUI .. and keep your system up to date.

BTW:
JamesGFelg wrote:client log

Code: Select all
Mon Jul 24 10:48:01 2017 us=850000 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
This does not match your client config ..

Post Reply