[SOLVED] [Newbie]How can i fix this

[ovpn2ac]

hey all
totally new to this thing
im getting stuck at generating the CA private key and certificate



Uploaded with ImageShack.us

[maikcat]

hi there,

please write us the commands you used so we can help you out.

for the record

first edit vars file
source it
then execute

build-ca
build-key-server server
build-dh
build-key user01

this is the correct order

Michael.

[janjust]

The error you're seeing is that you've not supplied the right passphrase (password) for the CA ca.key file.
Either start over and remember the password this time or type in the right password

[ovpn2ac]

thnx!
so ca and certs are done.

i encountered this

im running the server on Vmware ubuntu
and running the OpenVPN GUI on WinXP Pro SP3
both are on the same machine

Fri Jun 10 09:29:23 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Fri Jun 10 09:29:23 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jun 10 09:29:23 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jun 10 09:29:23 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jun 10 09:29:23 2011 UDPv4 link local: [undef]
Fri Jun 10 09:29:23 2011 UDPv4 link remote: 192.168.249.128:1194
Fri Jun 10 09:29:23 2011 TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194
Fri Jun 10 09:29:25 2011 TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194
Fri Jun 10 09:29:27 2011 TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194

server config

proto udp
port 1194
dev tun

server 192.168.249.128 255.255.255.0

ca /etc/openvpn/fyp/ca.crt
cert /etc/openvpn/fyp/server.crt
key /etc/openvpn/fyp/server.key
dh /etc/openvpn/fyp/dh2048.pem
tls-auth /etc/openvpn/fyp/ta.key 0

client config

client
proto udp
remote 192.168.249.128
port 1194
dev tun
nobind

ca ca.crt
cert openvpnclient1.crt
key openvpnclient1.key

tls-auth ta.key 1

[janjust]

you're re-using the vmnet subnet for your VPN subnet; that's asking for trouble. try using

Code: Select all

server 10.0.8.0 255.255.255.0

to see if that helps.

[ovpn2ac]

hmm.

Fri Jun 10 16:32:56 2011 UDPv4 link local: [undef]
Fri Jun 10 16:32:56 2011 UDPv4 link remote: 10.0.8.0:1194
Fri Jun 10 16:33:56 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jun 10 16:33:56 2011 TLS Error: TLS handshake failed

[janjust]

you changed the wrong line

use this as server config

Code: Select all

proto udp
port 1194
dev tun

server 10.0.8.0 255.255.255.0

ca /etc/openvpn/fyp/ca.crt
cert /etc/openvpn/fyp/server.crt
key /etc/openvpn/fyp/server.key
dh /etc/openvpn/fyp/dh2048.pem
tls-auth /etc/openvpn/fyp/ta.key 0

verb 4

and this as client config:

Code: Select all

client
proto udp
remote 192.168.249.128
port 1194
dev tun
nobind

ca ca.crt
cert openvpnclient1.crt
key openvpnclient1.key

tls-auth ta.key 1

[ovpn2ac]

still getting the

TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194

what does verb 4 do btw

[maikcat]

hi there,

increases verbocity...

1 less
9 more..

Michael

[janjust]

comment out

Code: Select all

tls-auth

in both server and client config to see if that helps (for troubleshooting). If it then works then the 'ta.key' files on client and server are out of sync - they MUST be identical.

[ovpn2ac]

Code: Select all

Options error: Unrecognized option or missing parameter(s) in example2-2-client.ovpn:12: ta.key (2.2.0)
Use --help for more information.

doesnt work

[janjust]

sigh; I meant , comment out the entire line

tls-auth ta.key 0

[ovpn2ac]

it worked
thanks janjust

[janjust]

Excellent, closing topic