Hi all,
Not sure whats the problem, but my client will not connect. the OpenVPN server is an OpenWRT box.
Here is the out put from my client:
$>openvpn Consulting.ovpn
Thu Jun 2 09:48:05 2016 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Thu Jun 2 09:48:05 2016 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Thu Jun 2 09:48:05 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Jun 2 09:48:05 2016 UDPv4 link local: [undef]
Thu Jun 2 09:48:05 2016 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1194
Thu Jun 2 09:48:05 2016 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=29c14b89 4fcd2512
Thu Jun 2 09:48:05 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=SE, L=Stockholm, OU=Consulting, CN=Consulting, name=EasyRSA, emailAddress=me@myhost.mydomain
Thu Jun 2 09:48:05 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Thu Jun 2 09:48:05 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Jun 2 09:48:05 2016 TLS Error: TLS handshake failed
Thu Jun 2 09:48:05 2016 SIGUSR1[soft,tls-error] received, process restarting
Thu Jun 2 09:48:05 2016 Restart pause, 2 second(s)
Log on the server:
Thu Jun 2 07:48:05 2016 YY.YY.YY.YY:6156 TLS: Initial packet from [AF_INET]YY.YY.YY.YY:46156, sid=4ed30910 0004c1f1
Thu Jun 2 07:48:07 2016 YY.YY.YY.YY:38317 TLS: Initial packet from [AF_INET]YY.YY.YY.YY:38317, sid=e22d2dea 1786972f
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 TLS Error: TLS handshake failed
Thu Jun 2 07:49:06 2016 YY.YY.YY.YY:46156 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 TLS Error: TLS handshake failed
Thu Jun 2 07:49:07 2016 YY.YY.YY.YY:38317 SIGUSR1[soft,tls-error] received, client-instance restarting
I have recreated both CA, server and client certs.
Any help will be much appreciated.
Cheers
JB
Cliet will not connect VERIFY ERROR: depth=1
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 02, 2016 7:59 am
-
- OpenVpn Newbie
- Posts: 18
- Joined: Fri Sep 12, 2014 3:29 pm
Re: Cliet will not connect VERIFY ERROR: depth=1
How did you create your PKI ?joakimbecker wrote:error=self signed certificate in certificate chain
I advise you see this HOWTO:
https://openvpn.net/index.php/open-sour ... o.html#pki
And use this version of EasyRSA:
https://github.com/OpenVPN/easy-rsa/rel ... v3.0.0-rc2
-
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jun 02, 2016 7:59 am
Re: Cliet will not connect VERIFY ERROR: depth=1
Hi
created it by using the
build-ca
command. dont think that easy-rsa version is avalible for the OpenWRT routers, or does any one know is it avalible?
created it by using the
build-ca
command. dont think that easy-rsa version is avalible for the OpenWRT routers, or does any one know is it avalible?
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Cliet will not connect VERIFY ERROR: depth=1
You can create your PKI on any PC with EasyRSA and upload the files.
You may find this is useful:
http://superuser.com/questions/549017/o ... 308#977308
You may find this is useful:
http://superuser.com/questions/549017/o ... 308#977308