Erreur certs OpenVPN

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Mafiew
OpenVpn Newbie
Posts: 7
Joined: Fri Jun 16, 2017 9:56 am

Erreur certs OpenVPN

Post by Mafiew » Fri Jun 16, 2017 10:11 am

Salut à tous,

J'ai récemment voulu supprimer mon routeur pfsense pour faire tout mon routage a base d'iptables.
J'ai donc du supprimer le service openvpn de pfsense. A la place, j'ai recréé un serveur OpenVPN.

Cependant, je n'arrive pas a debugger cette erreur :/

Tous les certificats sont crée a partir du serveur puis signer par ma pki intermédiaire ( Serveur distant) sauf le Diffie-Helman.



Conf Client:

Code: Select all

dev tun
persist-key
persist-tun
cipher AES-256-CBC
client
resolv-retry infinite
http-proxy proxy.com 8000 stdin ntlm
remote mathieuborn.fr 443 tcp-client
redirect-gateway def1
ca cacert.pem
cert Mathieu.crt
key Mathieu.key
;auth-user-pass
ns-cert-type server
tls-auth ta.key 1
tls-client
verb 3
;proto tcp

Code erreur Client :

Code: Select all

Fri Jun 16 11:42:47 2017 OpenVPN 2.3.14 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec  7 2016
Fri Jun 16 11:42:47 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jun 16 11:42:47 2017 library versions: OpenSSL 1.0.2i  22 Sep 2016, LZO 2.09
Enter Management Password:
Fri Jun 16 11:42:47 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jun 16 11:42:47 2017 Need hold release from management interface, waiting...
Fri Jun 16 11:42:48 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'state on'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'log all on'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'hold off'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'hold release'
Fri Jun 16 11:42:48 2017 MANAGEMENT: CMD 'proxy HTTP proxy.fr 8000'
Fri Jun 16 11:42:55 2017 MANAGEMENT: CMD 'username "HTTP Proxy" "born"'
Fri Jun 16 11:42:55 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 11:43:01 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 11:43:01 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jun 16 11:43:01 2017 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jun 16 11:43:01 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:43:01 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:43:01 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 16 11:43:01 2017 MANAGEMENT: >STATE:1497606181,RESOLVE,,,
Fri Jun 16 11:43:01 2017 Attempting to establish TCP connection with [AF_INET]10.223.121.30:8000 [nonblock]
Fri Jun 16 11:43:01 2017 MANAGEMENT: >STATE:1497606181,TCP_CONNECT,,,
Fri Jun 16 11:43:02 2017 TCP connection established with [AF_INET]10.223.121.30:8000
Fri Jun 16 11:43:02 2017 Send to HTTP proxy: 'CONNECT Moi.fr:443 HTTP/1.0'
Fri Jun 16 11:43:02 2017 Attempting NTLM Proxy-Authorization phase 1
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Fri Jun 16 11:43:02 2017 Proxy requires authentication
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Server: squid'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Mime-Version: 1.0'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Date: Fri, 16 Jun 2017 09:43:02 GMT'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Content-Type: text/html'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Content-Length: 3121'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0'
Fri Jun 16 11:43:02 2017 HTTP proxy returned: 'Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAADAAAAACAgAAwub0hkHGCkAAAAAAAAAAAAAAAAAwAAAA'
Fri Jun 16 11:43:02 2017 auth string: 'TlRMTVNTUAACAAAAAAAAADAAAAACAgAAwub0hkHGCkAAAAAAAAAAAAAAAAAwAAAA'
Fri Jun 16 11:43:02 2017 Received NTLM Proxy-Authorization phase 2 response
Fri Jun 16 11:43:04 2017 recv_line: TCP port read timeout expired
Fri Jun 16 11:43:04 2017 Send to HTTP proxy: 'CONNECT Moi.fr:443 HTTP/1.0'
Fri Jun 16 11:43:04 2017 Send to HTTP proxy: 'Host: Moi.fr'
Fri Jun 16 11:43:04 2017 Attempting NTLM Proxy-Authorization phase 3
Fri Jun 16 11:43:04 2017 Send to HTTP proxy: 'Proxy-Authorization: NTLM TlRMTVNTUAADAAAAAAAAAFwAAAAYABgAQAAAAAAAAABcAAAABAAEAFgAAAAAAAAAXAAAAAAAAABcAAAAAgIAAImQxhbxzF0L+8eGsmN4rkqmmzmTXaObDmJvcm4='
Fri Jun 16 11:43:04 2017 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Fri Jun 16 11:43:06 2017 TCPv4_CLIENT link local: [undef]
Fri Jun 16 11:43:06 2017 TCPv4_CLIENT link remote: [AF_INET]10.223.121.30:8000
Fri Jun 16 11:43:06 2017 MANAGEMENT: >STATE:1497606186,WAIT,,,
Fri Jun 16 11:43:06 2017 Connection reset, restarting [0]
Fri Jun 16 11:43:06 2017 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jun 16 11:43:06 2017 MANAGEMENT: >STATE:1497606186,RECONNECTING,connection-reset,,
Conf Serveur:

Code: Select all

# Config ecoute

port 443
proto tcp
dev tun0
mode server
tls-server

persist-key
persist-tun

# Certificats SSL/TLS

ca cert/cacert.pem
cert cert/Serveur-VPN.crt
key cert/Serveur-VPN.key

# Chiffrement statique

dh cert/dh2048.pem
tls-auth cert/ta.key

# Configuration fournie aux clients

server 192.168.3.0 255.255.255.0

# Gestion de la connexion avec le client

keepalive 10 120
tun-mtu 1300
mssfix
cipher AES-256-CBC
max-clients 5
client-to-client

# Debug ?

verb 4
status /var/log/openvpn-status-server.log

Logs Serveur

Code: Select all

Fri Jun 16 11:58:28 2017 us=595615 Current Parameter Settings:
Fri Jun 16 11:58:28 2017 us=595678   config = 'server.conf'
Fri Jun 16 11:58:28 2017 us=595686   mode = 1
Fri Jun 16 11:58:28 2017 us=595691   persist_config = DISABLED
Fri Jun 16 11:58:28 2017 us=595694   persist_mode = 1
Fri Jun 16 11:58:28 2017 us=595698   show_ciphers = DISABLED
Fri Jun 16 11:58:28 2017 us=595701   show_digests = DISABLED
Fri Jun 16 11:58:28 2017 us=595705   show_engines = DISABLED
Fri Jun 16 11:58:28 2017 us=595708   genkey = DISABLED
Fri Jun 16 11:58:28 2017 us=595712   key_pass_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595716   show_tls_ciphers = DISABLED
Fri Jun 16 11:58:28 2017 us=595720 Connection profiles [default]:
Fri Jun 16 11:58:28 2017 us=595724   proto = tcp-server
Fri Jun 16 11:58:28 2017 us=595744   local = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595748   local_port = 443
Fri Jun 16 11:58:28 2017 us=595751   remote = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595755   remote_port = 443
Fri Jun 16 11:58:28 2017 us=595758   remote_float = DISABLED
Fri Jun 16 11:58:28 2017 us=595761   bind_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=595765   bind_local = ENABLED
Fri Jun 16 11:58:28 2017 us=595768   connect_retry_seconds = 5
Fri Jun 16 11:58:28 2017 us=595772   connect_timeout = 10
Fri Jun 16 11:58:28 2017 us=595775   connect_retry_max = 0
Fri Jun 16 11:58:28 2017 us=595779   socks_proxy_server = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595783   socks_proxy_port = 0
Fri Jun 16 11:58:28 2017 us=595786   socks_proxy_retry = DISABLED
Fri Jun 16 11:58:28 2017 us=595790   tun_mtu = 1300
Fri Jun 16 11:58:28 2017 us=595793   tun_mtu_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=595796   link_mtu = 1500
Fri Jun 16 11:58:28 2017 us=595800   link_mtu_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=595803   tun_mtu_extra = 0
Fri Jun 16 11:58:28 2017 us=595807   tun_mtu_extra_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=595810   mtu_discover_type = -1
Fri Jun 16 11:58:28 2017 us=595813   fragment = 0
Fri Jun 16 11:58:28 2017 us=595817   mssfix = 1450
Fri Jun 16 11:58:28 2017 us=595820   explicit_exit_notification = 0
Fri Jun 16 11:58:28 2017 us=595824 Connection profiles END
Fri Jun 16 11:58:28 2017 us=595827   remote_random = DISABLED
Fri Jun 16 11:58:28 2017 us=595830   ipchange = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595834   dev = 'tun0'
Fri Jun 16 11:58:28 2017 us=595837   dev_type = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595841   dev_node = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595844   lladdr = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595847   topology = 1
Fri Jun 16 11:58:28 2017 us=595851   tun_ipv6 = DISABLED
Fri Jun 16 11:58:28 2017 us=595854   ifconfig_local = '192.168.3.1'
Fri Jun 16 11:58:28 2017 us=595858   ifconfig_remote_netmask = '192.168.3.2'
Fri Jun 16 11:58:28 2017 us=595861   ifconfig_noexec = DISABLED
Fri Jun 16 11:58:28 2017 us=595865   ifconfig_nowarn = DISABLED
Fri Jun 16 11:58:28 2017 us=595868   ifconfig_ipv6_local = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595871   ifconfig_ipv6_netbits = 0
Fri Jun 16 11:58:28 2017 us=595875   ifconfig_ipv6_remote = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595878   shaper = 0
Fri Jun 16 11:58:28 2017 us=595882   mtu_test = 0
Fri Jun 16 11:58:28 2017 us=595885   mlock = DISABLED
Fri Jun 16 11:58:28 2017 us=595889   keepalive_ping = 10
Fri Jun 16 11:58:28 2017 us=595892   keepalive_timeout = 120
Fri Jun 16 11:58:28 2017 us=595895   inactivity_timeout = 0
Fri Jun 16 11:58:28 2017 us=595899   ping_send_timeout = 10
Fri Jun 16 11:58:28 2017 us=595902   ping_rec_timeout = 240
Fri Jun 16 11:58:28 2017 us=595906   ping_rec_timeout_action = 2
Fri Jun 16 11:58:28 2017 us=595909   ping_timer_remote = DISABLED
Fri Jun 16 11:58:28 2017 us=595913   remap_sigusr1 = 0
Fri Jun 16 11:58:28 2017 us=595916   persist_tun = ENABLED
Fri Jun 16 11:58:28 2017 us=595919   persist_local_ip = DISABLED
Fri Jun 16 11:58:28 2017 us=595928   persist_remote_ip = DISABLED
Fri Jun 16 11:58:28 2017 us=595933   persist_key = ENABLED
Fri Jun 16 11:58:28 2017 us=595936   passtos = DISABLED
Fri Jun 16 11:58:28 2017 us=595940   resolve_retry_seconds = 1000000000
Fri Jun 16 11:58:28 2017 us=595947   username = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595951   groupname = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595955   chroot_dir = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595958   cd_dir = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595962   writepid = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595965   up_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595968   down_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=595972   down_pre = DISABLED
Fri Jun 16 11:58:28 2017 us=595975   up_restart = DISABLED
Fri Jun 16 11:58:28 2017 us=595978   up_delay = DISABLED
Fri Jun 16 11:58:28 2017 us=595982   daemon = DISABLED
Fri Jun 16 11:58:28 2017 us=595985   inetd = 0
Fri Jun 16 11:58:28 2017 us=595989   log = DISABLED
Fri Jun 16 11:58:28 2017 us=595992   suppress_timestamps = DISABLED
Fri Jun 16 11:58:28 2017 us=595996   nice = 0
Fri Jun 16 11:58:28 2017 us=595999   verbosity = 4
Fri Jun 16 11:58:28 2017 us=596002   mute = 0
Fri Jun 16 11:58:28 2017 us=596006   gremlin = 0
Fri Jun 16 11:58:28 2017 us=596009   status_file = '/var/log/openvpn-status-server.log'
Fri Jun 16 11:58:28 2017 us=596013   status_file_version = 1
Fri Jun 16 11:58:28 2017 us=596017   status_file_update_freq = 60
Fri Jun 16 11:58:28 2017 us=596020   occ = ENABLED
Fri Jun 16 11:58:28 2017 us=596023   rcvbuf = 65536
Fri Jun 16 11:58:28 2017 us=596027   sndbuf = 65536
Fri Jun 16 11:58:28 2017 us=596030   mark = 0
Fri Jun 16 11:58:28 2017 us=596034   sockflags = 0
Fri Jun 16 11:58:28 2017 us=596037   fast_io = DISABLED
Fri Jun 16 11:58:28 2017 us=596040   lzo = 0
Fri Jun 16 11:58:28 2017 us=596044   route_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596047   route_default_gateway = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596051   route_default_metric = 0
Fri Jun 16 11:58:28 2017 us=596054   route_noexec = DISABLED
Fri Jun 16 11:58:28 2017 us=596058   route_delay = 0
Fri Jun 16 11:58:28 2017 us=596062   route_delay_window = 30
Fri Jun 16 11:58:28 2017 us=596065   route_delay_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596069   route_nopull = DISABLED
Fri Jun 16 11:58:28 2017 us=596072   route_gateway_via_dhcp = DISABLED
Fri Jun 16 11:58:28 2017 us=596076   max_routes = 100
Fri Jun 16 11:58:28 2017 us=596079   allow_pull_fqdn = DISABLED
Fri Jun 16 11:58:28 2017 us=596083   route 192.168.3.0/255.255.255.0/nil/nil
Fri Jun 16 11:58:28 2017 us=596087   management_addr = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596090   management_port = 0
Fri Jun 16 11:58:28 2017 us=596094   management_user_pass = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596097   management_log_history_cache = 250
Fri Jun 16 11:58:28 2017 us=596101   management_echo_buffer_size = 100
Fri Jun 16 11:58:28 2017 us=596104   management_write_peer_info_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596127   management_client_user = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596130   management_client_group = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596134   management_flags = 0
Fri Jun 16 11:58:28 2017 us=596138   shared_secret_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596141   key_direction = 0
Fri Jun 16 11:58:28 2017 us=596145   ciphername_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=596149   ciphername = 'AES-256-CBC'
Fri Jun 16 11:58:28 2017 us=596153   authname_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=596156   authname = 'SHA1'
Fri Jun 16 11:58:28 2017 us=596160   prng_hash = 'SHA1'
Fri Jun 16 11:58:28 2017 us=596163   prng_nonce_secret_len = 16
Fri Jun 16 11:58:28 2017 us=596167   keysize = 0
Fri Jun 16 11:58:28 2017 us=596171   engine = DISABLED
Fri Jun 16 11:58:28 2017 us=596174   replay = ENABLED
Fri Jun 16 11:58:28 2017 us=596178   mute_replay_warnings = DISABLED
Fri Jun 16 11:58:28 2017 us=596181   replay_window = 64
Fri Jun 16 11:58:28 2017 us=596185   replay_time = 15
Fri Jun 16 11:58:28 2017 us=596189   packet_id_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596192   use_iv = ENABLED
Fri Jun 16 11:58:28 2017 us=596196   test_crypto = DISABLED
Fri Jun 16 11:58:28 2017 us=596199   tls_server = ENABLED
Fri Jun 16 11:58:28 2017 us=596203   tls_client = DISABLED
Fri Jun 16 11:58:28 2017 us=596213   key_method = 2
Fri Jun 16 11:58:28 2017 us=596217   ca_file = 'cert/cacert.pem'
Fri Jun 16 11:58:28 2017 us=596221   ca_path = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596225   dh_file = 'cert/dh2048.pem'
Fri Jun 16 11:58:28 2017 us=596229   cert_file = 'cert/Serveur-VPN.crt'
Fri Jun 16 11:58:28 2017 us=596233   priv_key_file = 'cert/Serveur-VPN.key'
Fri Jun 16 11:58:28 2017 us=596236   pkcs12_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596240   cipher_list = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596244   tls_verify = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596247   tls_export_cert = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596251   verify_x509_type = 0
Fri Jun 16 11:58:28 2017 us=596255   verify_x509_name = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596258   crl_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596262   ns_cert_type = 0
Fri Jun 16 11:58:28 2017 us=596266   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596269   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596273   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596276   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596280   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596283   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596287   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596290   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596294   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596297   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596301   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596304   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596307   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596311   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596314   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596318   remote_cert_ku[i] = 0
Fri Jun 16 11:58:28 2017 us=596321   remote_cert_eku = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596325   ssl_flags = 0
Fri Jun 16 11:58:28 2017 us=596329   tls_timeout = 2
Fri Jun 16 11:58:28 2017 us=596332   renegotiate_bytes = 0
Fri Jun 16 11:58:28 2017 us=596336   renegotiate_packets = 0
Fri Jun 16 11:58:28 2017 us=596339   renegotiate_seconds = 3600
Fri Jun 16 11:58:28 2017 us=596343   handshake_window = 60
Fri Jun 16 11:58:28 2017 us=596346   transition_window = 3600
Fri Jun 16 11:58:28 2017 us=596350   single_session = DISABLED
Fri Jun 16 11:58:28 2017 us=596354   push_peer_info = DISABLED
Fri Jun 16 11:58:28 2017 us=596357   tls_exit = DISABLED
Fri Jun 16 11:58:28 2017 us=596361   tls_auth_file = 'cert/ta.key'
Fri Jun 16 11:58:28 2017 us=596365   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596368   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596372   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596376   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596379   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596383   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596386   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596390   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596393   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596397   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596400   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596404   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596407   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596411   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596414   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596418   pkcs11_protected_authentication = DISABLED
Fri Jun 16 11:58:28 2017 us=596422   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596426   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596429   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596433   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596439   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596442   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596446   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596449   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596453   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596456   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596460   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596463   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596467   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596470   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596474   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596477   pkcs11_private_mode = 00000000
Fri Jun 16 11:58:28 2017 us=596481   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596484   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596488   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596491   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596494   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596498   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596501   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596505   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596508   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596511   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596515   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596518   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596522   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596525   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596529   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596532   pkcs11_cert_private = DISABLED
Fri Jun 16 11:58:28 2017 us=596553   pkcs11_pin_cache_period = -1
Fri Jun 16 11:58:28 2017 us=596556   pkcs11_id = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596560   pkcs11_id_management = DISABLED
Fri Jun 16 11:58:28 2017 us=596564   server_network = 192.168.3.0
Fri Jun 16 11:58:28 2017 us=596568   server_netmask = 255.255.255.0
Fri Jun 16 11:58:28 2017 us=596573   server_network_ipv6 = ::
Fri Jun 16 11:58:28 2017 us=596577   server_netbits_ipv6 = 0
Fri Jun 16 11:58:28 2017 us=596581   server_bridge_ip = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596585   server_bridge_netmask = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596589   server_bridge_pool_start = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596593   server_bridge_pool_end = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596596   push_entry = 'route 192.168.3.0 255.255.255.0'
Fri Jun 16 11:58:28 2017 us=596600   push_entry = 'topology net30'
Fri Jun 16 11:58:28 2017 us=596603   push_entry = 'ping 10'
Fri Jun 16 11:58:28 2017 us=596607   push_entry = 'ping-restart 120'
Fri Jun 16 11:58:28 2017 us=596610   ifconfig_pool_defined = ENABLED
Fri Jun 16 11:58:28 2017 us=596614   ifconfig_pool_start = 192.168.3.4
Fri Jun 16 11:58:28 2017 us=596621   ifconfig_pool_end = 192.168.3.251
Fri Jun 16 11:58:28 2017 us=596626   ifconfig_pool_netmask = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596630   ifconfig_pool_persist_filename = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596634   ifconfig_pool_persist_refresh_freq = 600
Fri Jun 16 11:58:28 2017 us=596638   ifconfig_ipv6_pool_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596642   ifconfig_ipv6_pool_base = ::
Fri Jun 16 11:58:28 2017 us=596645   ifconfig_ipv6_pool_netbits = 0
Fri Jun 16 11:58:28 2017 us=596649   n_bcast_buf = 256
Fri Jun 16 11:58:28 2017 us=596652   tcp_queue_limit = 64
Fri Jun 16 11:58:28 2017 us=596656   real_hash_size = 256
Fri Jun 16 11:58:28 2017 us=596659   virtual_hash_size = 256
Fri Jun 16 11:58:28 2017 us=596663   client_connect_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596666   learn_address_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596670   client_disconnect_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596673   client_config_dir = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596677   ccd_exclusive = DISABLED
Fri Jun 16 11:58:28 2017 us=596683   tmp_dir = '/tmp'
Fri Jun 16 11:58:28 2017 us=596687   push_ifconfig_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596691   push_ifconfig_local = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596695   push_ifconfig_remote_netmask = 0.0.0.0
Fri Jun 16 11:58:28 2017 us=596699   push_ifconfig_ipv6_defined = DISABLED
Fri Jun 16 11:58:28 2017 us=596703   push_ifconfig_ipv6_local = ::/0
Fri Jun 16 11:58:28 2017 us=596707   push_ifconfig_ipv6_remote = ::
Fri Jun 16 11:58:28 2017 us=596711   enable_c2c = ENABLED
Fri Jun 16 11:58:28 2017 us=596714   duplicate_cn = DISABLED
Fri Jun 16 11:58:28 2017 us=596718   cf_max = 0
Fri Jun 16 11:58:28 2017 us=596721   cf_per = 0
Fri Jun 16 11:58:28 2017 us=596725   max_clients = 5
Fri Jun 16 11:58:28 2017 us=596728   max_routes_per_client = 256
Fri Jun 16 11:58:28 2017 us=596731   auth_user_pass_verify_script = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596740   auth_user_pass_verify_script_via_file = DISABLED
Fri Jun 16 11:58:28 2017 us=596745   port_share_host = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596749   port_share_port = 0
Fri Jun 16 11:58:28 2017 us=596752   client = DISABLED
Fri Jun 16 11:58:28 2017 us=596756   pull = DISABLED
Fri Jun 16 11:58:28 2017 us=596759   auth_user_pass_file = '[UNDEF]'
Fri Jun 16 11:58:28 2017 us=596764 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Nov 12 2015
Fri Jun 16 11:58:28 2017 us=596776 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.08
Fri Jun 16 11:58:28 2017 us=596944 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Jun 16 11:58:28 2017 us=597211 Diffie-Hellman initialized with 2048 bit key
Fri Jun 16 11:58:28 2017 us=597532 Control Channel Authentication: using 'cert/ta.key' as a OpenVPN static key file
Fri Jun 16 11:58:28 2017 us=597548 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:58:28 2017 us=597553 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 11:58:28 2017 us=597559 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300)
Fri Jun 16 11:58:28 2017 us=597565 TLS-Auth MTU parms [ L:1359 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Jun 16 11:58:28 2017 us=597580 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri Jun 16 11:58:28 2017 us=597672 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:de:b9:fd
Fri Jun 16 11:58:28 2017 us=598300 TUN/TAP device tun0 opened
Fri Jun 16 11:58:28 2017 us=598321 TUN/TAP TX queue length set to 100
Fri Jun 16 11:58:28 2017 us=598330 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Jun 16 11:58:28 2017 us=598359 /sbin/ip link set dev tun0 up mtu 1300
Fri Jun 16 11:58:28 2017 us=599706 /sbin/ip addr add dev tun0 local 192.168.3.1 peer 192.168.3.2
Fri Jun 16 11:58:28 2017 us=601245 /sbin/ip route add 192.168.3.0/24 via 192.168.3.2
Fri Jun 16 11:58:28 2017 us=602285 Data Channel MTU parms [ L:1359 D:1359 EF:59 EB:4 ET:0 EL:0 ]
Fri Jun 16 11:58:28 2017 us=602309 Listening for incoming TCP connection on [undef]
Fri Jun 16 11:58:28 2017 us=602321 TCPv4_SERVER link local (bound): [undef]
Fri Jun 16 11:58:28 2017 us=602325 TCPv4_SERVER link remote: [undef]
Fri Jun 16 11:58:28 2017 us=602332 MULTI: multi_init called, r=256 v=256
Fri Jun 16 11:58:28 2017 us=602353 IFCONFIG POOL: base=192.168.3.4 size=62, ipv6=0
Fri Jun 16 11:58:28 2017 us=602362 MULTI: TCP INIT maxclients=5 maxevents=9
Fri Jun 16 11:58:28 2017 us=602372 Initialization Sequence Completed
Fri Jun 16 11:59:04 2017 us=913994 MULTI: multi_create_instance called
Fri Jun 16 11:59:04 2017 us=914156 Re-using SSL/TLS context
Fri Jun 16 11:59:04 2017 us=914174 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1300)
Fri Jun 16 11:59:04 2017 us=914321 Control Channel MTU parms [ L:1359 D:168 EF:68 EB:0 ET:0 EL:0 ]
Fri Jun 16 11:59:04 2017 us=914348 Data Channel MTU parms [ L:1359 D:1359 EF:59 EB:4 ET:0 EL:0 ]
Fri Jun 16 11:59:04 2017 us=914374 Local Options String: 'V4,dev-type tun,link-mtu 1359,tun-mtu 1300,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri Jun 16 11:59:04 2017 us=914393 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1359,tun-mtu 1300,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Fri Jun 16 11:59:04 2017 us=914412 Local Options hash (VER=V4): '311e9f19'
Fri Jun 16 11:59:04 2017 us=914421 Expected Remote Options hash (VER=V4): 'efe82be8'
Fri Jun 16 11:59:04 2017 us=914442 TCP connection established with [AF_INET] IP:Port
Fri Jun 16 11:59:04 2017 us=914448 TCPv4_SERVER link local: [undef]
Fri Jun 16 11:59:04 2017 us=914453 TCPv4_SERVER link remote: [AF_INET]  IP:Port
Fri Jun 16 11:59:06 2017 us=918321  IP:Port TLS: Initial packet from [AF_INET]  IP:Port , sid=757a0e7d 516df98c
Fri Jun 16 11:59:06 2017 us=918375  IP:Port Authenticate/Decrypt packet error: packet HMAC authentication failed
Fri Jun 16 11:59:06 2017 us=918388  IP:Port  TLS Error: incoming packet authentication failed from [AF_INET] IP:Port 
Fri Jun 16 11:59:06 2017 us=918413  IP:Port Fatal TLS error (check_tls_errors_co), restarting
Fri Jun 16 11:59:06 2017 us=918420 IP:Port  SIGUSR1[soft,tls-error] received, client-instance restarting
Fri Jun 16 11:59:06 2017 us=918481 TCP/UDP: Closing socket
Fri Jun 16 11:59:16 2017 us=244448 TCP/UDP: Closing socket
Fri Jun 16 11:59:16 2017 us=244596 /sbin/ip route del 192.168.3.0/24
Fri Jun 16 11:59:16 2017 us=246421 Closing TUN/TAP interface
Fri Jun 16 11:59:16 2017 us=246502 /sbin/ip addr del dev tun0 local 192.168.3.1 peer 192.168.3.2
Fri Jun 16 11:59:16 2017 us=257936 SIGINT[hard,] received, process exiting


Merci de votre aide.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Erreur certs OpenVPN

Post by TinCanTech » Fri Jun 16, 2017 10:48 am

Translated by google wrote:Hi everybody,

I recently wanted to remove my router pfsense to do all my routing based on iptables.
So I have to remove the openvpn service from pfsense. Instead, I re-created an OpenVPN server.

However, I can not debug this error: /

All certificates are created from the server and then signed by my intermediary pki (remote server) except the Diffie-Helman.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Erreur certs OpenVPN

Post by TinCanTech » Fri Jun 16, 2017 10:56 am

Server
Mafiew wrote:tls-auth cert/ta.key
Mafiew wrote:Authenticate/Decrypt packet error: packet HMAC authentication failed
See --tls-auth in The Manual v23x

Mafiew
OpenVpn Newbie
Posts: 7
Joined: Fri Jun 16, 2017 9:56 am

Re: Erreur certs OpenVPN

Post by Mafiew » Fri Jun 16, 2017 12:09 pm

Sorry , i forget to translate :/

i modify tls-auth cert/ta.key to tls-auth cert/ta.key 0

and now i have a new error :/


log client :

Code: Select all



Fri Jun 16 14:04:46 2017 OpenVPN 2.3.14 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec  7 2016
Fri Jun 16 14:04:46 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jun 16 14:04:46 2017 library versions: OpenSSL 1.0.2i  22 Sep 2016, LZO 2.09
Enter Management Password:
Fri Jun 16 14:04:46 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jun 16 14:04:46 2017 Need hold release from management interface, waiting...
Fri Jun 16 14:04:47 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jun 16 14:04:47 2017 MANAGEMENT: CMD 'state on'
Fri Jun 16 14:04:47 2017 MANAGEMENT: CMD 'log all on'
Fri Jun 16 14:04:47 2017 MANAGEMENT: CMD 'hold off'
Fri Jun 16 14:04:47 2017 MANAGEMENT: CMD 'hold release'
Fri Jun 16 14:04:59 2017 MANAGEMENT: CMD 'username "Auth" "Mathieu"'
Fri Jun 16 14:04:59 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 14:04:59 2017 MANAGEMENT: CMD 'proxy HTTP proxy 8000'
Fri Jun 16 14:05:05 2017 MANAGEMENT: CMD 'username "HTTP Proxy" "born"'
Fri Jun 16 14:05:05 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 14:05:09 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 14:05:09 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jun 16 14:05:09 2017 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jun 16 14:05:09 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 14:05:09 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Jun 16 14:05:09 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 16 14:05:09 2017 MANAGEMENT: >STATE:1497614709,RESOLVE,,,
Fri Jun 16 14:05:09 2017 Attempting to establish TCP connection with [AF_INET]10.223.121.30:8000 [nonblock]
Fri Jun 16 14:05:09 2017 MANAGEMENT: >STATE:1497614709,TCP_CONNECT,,,
Fri Jun 16 14:05:10 2017 TCP connection established with [AF_INET]10.223.121.30:8000
Fri Jun 16 14:05:10 2017 Send to HTTP proxy: 'CONNECT moi.fr:443 HTTP/1.0'
Fri Jun 16 14:05:10 2017 Attempting NTLM Proxy-Authorization phase 1
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'HTTP/1.1 407 Proxy Authentication Required'
Fri Jun 16 14:05:10 2017 Proxy requires authentication
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'Server: squid'
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'Mime-Version: 1.0'
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'Date: Fri, 16 Jun 2017 12:05:10 GMT'
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'Content-Type: text/html'
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'Content-Length: 3121'
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0'
Fri Jun 16 14:05:10 2017 HTTP proxy returned: 'Proxy-Authenticate: NTLM '
Fri Jun 16 14:05:10 2017 auth string: ''
Fri Jun 16 14:05:10 2017 Received NTLM Proxy-Authorization phase 2 response
Fri Jun 16 14:05:12 2017 recv_line: TCP port read timeout expired
Fri Jun 16 14:05:12 2017 Send to HTTP proxy: 'CONNECT mathieuborn.fr:443 HTTP/1.0'
Fri Jun 16 14:05:12 2017 Send to HTTP proxy: 'Host: moi.fr'
Fri Jun 16 14:05:12 2017 Attempting NTLM Proxy-Authorization phase 3
Fri Jun 16 14:05:12 2017 Send to HTTP proxy: 'Proxy-Authorization: NTLM 
Fri Jun 16 14:05:12 2017 HTTP proxy returned: 'HTTP/1.1 200 Connection established'
Fri Jun 16 14:05:14 2017 TCPv4_CLIENT link local: [undef]
Fri Jun 16 14:05:14 2017 TCPv4_CLIENT link remote: [AF_INET]10.223.121.30:8000
Fri Jun 16 14:05:14 2017 MANAGEMENT: >STATE:1497614714,WAIT,,,
Fri Jun 16 14:05:14 2017 MANAGEMENT: >STATE:1497614714,AUTH,,,
Fri Jun 16 14:05:14 2017 TLS: Initial packet from [AF_INET]10.223.121.30:8000, sid=e6b92f1c ec3edd9e
Fri Jun 16 14:05:14 2017 VERIFY ERROR: depth=1, error=unable to get issuer certificate: C=FR, ST=FRANCE, O=Moi, OU=Moi, CN=subpki.Moi.fr, emailAddress=mail?com
Fri Jun 16 14:05:14 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Fri Jun 16 14:05:14 2017 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jun 16 14:05:14 2017 TLS Error: TLS object -> incoming plaintext read error
Fri Jun 16 14:05:14 2017 TLS Error: TLS handshake failed
Fri Jun 16 14:05:14 2017 Fatal TLS error (check_tls_errors_co), restarting
Fri Jun 16 14:05:14 2017 SIGUSR1[soft,tls-error] received, process restarting
Fri Jun 16 14:05:14 2017 MANAGEMENT: >STATE:1497614714,RECONNECTING,tls-error,,
Fri Jun 16 14:05:14 2017 Restart pause, 5 second(s)
Fri Jun 16 14:05:19 2017 MANAGEMENT: CMD 'proxy HTTP proxy 8000'
Fri Jun 16 14:05:22 2017 MANAGEMENT: CMD 'username "HTTP Proxy" "f"'
Fri Jun 16 14:05:22 2017 MANAGEMENT: CMD 'password [...]'
Fri Jun 16 14:05:22 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jun 16 14:05:22 2017 MANAGEMENT: >STATE:1497614722,RESOLVE,,,
Fri Jun 16 14:05:22 2017 Attempting to establish TCP connection with [AF_INET]10.223.121.30:8000 [nonblock]
Fri Jun 16 14:05:22 2017 MANAGEMENT: >STATE:1497614722,TCP_CONNECT,,,
Fri Jun 16 14:05:23 2017 SIGTERM[hard,init_instance] received, process exiting
Fri Jun 16 14:05:23 2017 MANAGEMENT: >STATE:1497614723,EXITING,init_instance,,


Thanks:!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Erreur certs OpenVPN

Post by TinCanTech » Fri Jun 16, 2017 1:12 pm

Make sure you are using the right certs/keys etc.

Maybe create a new PKI with Easyrsa.

Mafiew
OpenVpn Newbie
Posts: 7
Joined: Fri Jun 16, 2017 9:56 am

Re: Erreur certs OpenVPN

Post by Mafiew » Fri Jun 16, 2017 1:14 pm

I check my cert clien and server with openssl verify -CAfile cacert.pem <certificate client or server> and it's okay
I use my own pki (openssl)

Mafiew
OpenVpn Newbie
Posts: 7
Joined: Fri Jun 16, 2017 9:56 am

Re: Erreur certs OpenVPN

Post by Mafiew » Fri Jun 16, 2017 1:17 pm

Only depth 1 is on log?
Depth 2 doesn't appear?

Is it normal?

Mafiew
OpenVpn Newbie
Posts: 7
Joined: Fri Jun 16, 2017 9:56 am

Re: Erreur certs OpenVPN

Post by Mafiew » Fri Jun 16, 2017 1:55 pm

I try with pk12; Same error..

Post Reply