I followed https://help.ubuntu.com/community/OpenVPN to generate my SSL certificates.
Code: Select all
Sun May 22 15:32:01 2011 us=334764 ***.***.***.34:55919 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Sun May 22 15:32:01 2011 us=334826 ***.***.***.34:55919 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Sun May 22 15:32:01 2011 us=334913 ***.***.***.34:55919 Local Options hash (VER=V4): '162b04de'
Sun May 22 15:32:01 2011 us=334980 ***.***.***.34:55919 Expected Remote Options hash (VER=V4): '9e7066d2'
Sun May 22 15:32:01 2011 us=335096 ***.***.***.34:55919 TLS: Initial packet from [AF_INET]***.***.***.34:55919, sid=33f0c0e1 13ae1f43
Sun May 22 15:32:01 2011 us=905300 ***.***.***.34:55919 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=**/L=***/O=**********_Enterprises/CN=**********_*****_CA/emailAddress=administrator@**********.net
Sun May 22 15:32:01 2011 us=905622 ***.***.***.34:55919 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Sun May 22 15:32:01 2011 us=905693 ***.***.***.34:55919 TLS Error: TLS object -> incoming plaintext read error
Sun May 22 15:32:01 2011 us=905693 ***.***.***.34:55919 TLS Error: TLS object -> incoming plaintext read error
Sun May 22 15:32:01 2011 us=905758 ***.***.***.34:55919 TLS Error: TLS handshake failed
Sun May 22 15:32:01 2011 us=905758 ***.***.***.34:55919 TLS Error: TLS handshake failed
Sun May 22 15:32:01 2011 us=905931 ***.***.***.34:55919 SIGUSR1[soft,tls-error] received, client-instance restarting
Code: Select all
local 0.0.0.0
port 1194
proto udp
dev tun
ca /etc/openvpn/certs/keys/01.pem
cert /etc/openvpn/certs/keys/server.crt
key /etc/openvpn/certs/keys/server.key
dh /etc/openvpn/certs/keys/dh1024.pem
tls-auth /etc/openvpn/certs/keys/ta.key 0
tls-server
;plugin /usr/lib/openvpn/openvpn-auth-pam.so login
cipher AES-256-CBC
client-to-client
comp-lzo
server 10.8.1.0 255.255.255.0
duplicate-cn
keepalive 30 120
max-clients 10
;user nobody
;group nobody
persist-key
persist-tun
log /var/log/openvpn/server.log
status /var/log/openvpn/server-status.log
verb 4
mute 20
;client-cert-not-required
;username-as-common-name
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
Code: Select all
client
dev tun
proto udp
remote ***.***.***182 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
cipher AES-256-CBC
ca /home/user/.vpn/ca.crt
comp-lzo
verb 4
;auth-user-pass
ipchange /etc/openvpn/add_default_route.sh
script-security 2
cert /home/user/.vpn/client.crt
key /home/user/.vpn/client.key
tls-auth /home/user/.vpn/ta.key 1