Need help configuring your VPN? Just post here and you'll get that help.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
joks
- OpenVpn Newbie
- Posts: 12
- Joined: Wed Oct 06, 2021 6:45 am
Post
by joks » Wed Jan 19, 2022 4:07 pm
good morning if this option tls-crypt-v2-verify is provided only for linux ?
i use Windows Server with tls-crypt2 and i want to my server use tls-crypt-v2-verify so I add to my server config:
tls-crypt-v2-verify script
script-security 2
but when client connect in server logs i have:
Code: Select all
2022-01-19 16:50:16 us=921000 xxx TLS: Initial packet from [AF_INET]xxx, sid=5dc4852c 54679b43
2022-01-19 16:50:16 us=921000 xxx Control Channel: using tls-crypt-v2 key
2022-01-19 16:50:16 us=921000 xxx Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-01-19 16:50:16 us=921000 xxx Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-01-19 16:50:16 us=921000 xxx Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-01-19 16:50:16 us=921000 xxx Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-01-19 16:50:16 us=937000 xxx env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
2022-01-19 16:50:16 us=937000 xxx openvpn_execve: CreateProcess script failed: No such file or directory (errno=2)
2022-01-19 16:50:16 us=937000 xxx WARNING: Failed running command (--tls-crypt-v2-verify): external program did not execute -- returned error code -1
2022-01-19 16:50:16 us=937000 xxx TLS CRYPT V2 VERIFY SCRIPT ERROR
Failed running command (--tls-crypt-v2-verify): external program did not execute -- returned error code -1
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Wed Jan 19, 2022 5:31 pm
You need to read what the manual says..
-
joks
- OpenVpn Newbie
- Posts: 12
- Joined: Wed Oct 06, 2021 6:45 am
Post
by joks » Wed Jan 19, 2022 6:31 pm
if I hadn't read the manual, I wouldn't have generated the keys correctly for tls-crypt2
thanks as always for no help
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Post
by openvpn_inc » Wed Jan 19, 2022 7:29 pm
joks wrote: ↑Wed Jan 19, 2022 4:07 pm
good morning if this option tls-crypt-v2-verify is provided only for linux ?
No. It works in any OS if it is called correctly.
joks wrote: ↑Wed Jan 19, 2022 4:07 pm
i use Windows Server with tls-crypt2 and i want to my server use tls-crypt-v2-verify so I add to my server config:
tls-crypt-v2-verify script
script-security 2
"script" must be a path to a script/batch that Windows can run and can do the verification.
joks wrote: ↑Wed Jan 19, 2022 4:07 pm
but when client connect in server logs i have:
Code: Select all
(snip)
2022-01-19 16:50:16 us=937000 xxx openvpn_execve: CreateProcess script failed: No such file or directory (errno=2)
2022-01-19 16:50:16 us=937000 xxx WARNING: Failed running command (--tls-crypt-v2-verify): external program did not execute -- returned error code -1
2022-01-19 16:50:16 us=937000 xxx TLS CRYPT V2 VERIFY SCRIPT ERROR
Failed running command (--tls-crypt-v2-verify): external program did not execute -- returned error code -1
Windows could not find "script" to run it. "No such file or directory." Search for "
--tls-crypt-v2-verify" in
the manual.
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
joks
- OpenVpn Newbie
- Posts: 12
- Joined: Wed Oct 06, 2021 6:45 am
Post
by joks » Wed Jan 19, 2022 8:59 pm
thank you very much for your help. is it possible to find ready-made scripts that will verify tls-crypt-v2 connection ?
i also try add to my server --tls-crypt-v2-verify cmd like in manual but after that i have similar error
Code: Select all
2022-01-19 21:55:33 us=609000 xx.xx.xx.x:64771 TLS CRYPT V2 VERIFY SCRIPT ERROR
2022-01-19 21:55:33 us=609000 xx.xx.xx.x:64771 TLS Error: can not extract tls-crypt-v2 client key from [AF_INET]xx.xx.xx.x:64771
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 TLS: Initial packet from [AF_INET]xx.xx.xx.x:64771, sid=3138e390 d54d9151
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 Control Channel: using tls-crypt-v2 key
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 openvpn_execve: CreateProcess cmd failed: No such file or directory (errno=2)
2022-01-19 21:55:37 us=156000 xx.xx.xx.x:64771 WARNING: Failed running command (--tls-crypt-v2-verify): external program did not execute -- returned error code -1
-
Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Post
by Pippin » Thu Jan 20, 2022 8:12 am
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
-
300000
- OpenVPN Expert
- Posts: 685
- Joined: Tue May 01, 2012 9:30 pm
Post
by 300000 » Thu Jan 20, 2022 11:36 pm
on my windows I have this block in my openvpn server config and it work .
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
snip
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
-
openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Post
by openvpn_inc » Fri Jan 21, 2022 3:08 pm
300000 wrote: ↑Thu Jan 20, 2022 11:36 pm
on my windows I have this block in my openvpn server config and it work .
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
snip
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
Hi 3,
You posted a private key to the forum. Please don't do that. I edited the post so it is gone, but some might have seen it. You should change that key.
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Sat Jan 22, 2022 5:11 am
That's just gonna make it a wh
ale lot worse!
However,
Dear reader, please take a look at TLS-Crypt-V2 as above.
I hope that you find Easy-TLS to be a useful tool.