The server is also running fine for Windows clients using keys stored on Nitrokeys.
However I am not able to connect to the server using a Nitrokey to hold the certificate using FreeBSD 10.3 (or 11) with OpenVPN 2.3.14 as the client and using opensc0.16
The key is accessible and on FreeBSD 10.3
Code: Select all
openvpn --show-pkcs11-ids /usr/local/lib/opensc-pkcs11.so
If I try connecting to the server with the config settings
Code: Select all
pkcs11-providers /usr/local/lib/opensc-pkcs11.so
pkcs11-id 'SERIAL'
Code: Select all
Enter OpenPGP card (User PIN) token Password:
Code: Select all
/sbin/ifconfig tun0 10.10.0.142 10.10.0.141 mtu 1500 netmask 255.255.255.255 up
PKCS#11: __pkcs11h_forkFixup entry pid=2318, activate_slotevent=1
At this stage there are two processes
Code: Select all
root 2294 0.0 0.1 40512 8000 0 I+ 3:44PM 0:00.04 openvpn --config openvpn.test
root 2295 0.0 0.1 40512 7996 0 I+ 3:44PM 0:00.00 openvpn --config openvpn.test
i.e. netstat -rn shows
Code: Select all
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.0.1 UGS bge0
127.0.0.1 link#2 UH lo0
192.168.0.0/24 link#1 U bge0
192.168.0.81 link#1 UHS lo0
Using the exact same client and server and using
Code: Select all
ca ca.crt
cert keyname.crt
key keyname.key
The server OpenVPN logs do not show anything usual that I can see to compare it to a normal connection (other than there are no read events as nothing is being sent back I assume).
Any suggestions?
Is this related to the discussion here http://www.sparklabs.com/forum/viewtopi ... 4806#p4823 about pkcs11-helper crashing when using threads?