Hello,
I've configured an openvpn server on Ubuntu 11.10 some months ago. Everything was working perfectly, but since a couple of days, it just stopped. No client can get a succesfull connection anymore.
Server conf:
port 1194
proto udp
dev tun
ca ca.crt
cert sgbvpn.crt
key sgbvpn.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
client-config-dir ccd
push "dhcp-option DNS 172.16.16.254"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 6
plugin /etc/openvpn/openvpn-auth-pam.so /etc/pam.d/login
Client CONF
client
dev tun
proto udp
remote *.*.*.*. 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert test.crt
key test.key
comp-lzo
verb 3
auth-user-pass
auth-nocache
And when I try to connect a cient, it throws me this error in openvpn.log
Fri Jun 29 11:21:18 2012 us=646066 172.16.16.176:65310 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /OU=section/CN=test/name=test
Fri Jun 29 11:21:18 2012 us=646130 172.16.16.176:65310 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Fri Jun 29 11:21:18 2012 us=646160 172.16.16.176:65310 TLS Error: TLS object -> incoming plaintext read error
Fri Jun 29 11:21:18 2012 us=646175 172.16.16.176:65310 TLS Error: TLS handshake failed
Fri Jun 29 11:21:18 2012 us=646233 172.16.16.176:65310 SIGUSR1[soft,tls-error] received, client-instance restarting
No file have been moved or edited on the server, it just stopped working.
If I create a new set of keys, then it will work, the issue is that I have more than 100 clients, so changing all keys is not an option...
Any clue? ty!
Openvpn certificates issues
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Openvpn certificates issues
are you certificates still valid? can you test a client certificate using
? can you do a similar thing for the server cert? which error message is shown on the server when the client tries to connect? Perhaps it's sufficient to generate a new server cert, in that case you would not need to generate new client certs.
Code: Select all
openssl verify -CAfile <path-to-yourCA.crt> <client.crt>-
lyron
- OpenVpn Newbie
- Posts: 6
- Joined: Fri Dec 02, 2011 3:25 pm
Re: Openvpn certificates issues
Hello Jan, ty for your reply.
I tested the server crt and a client crt, both gave me "OK".
Im going to paste all the conversation from the server side:
Mon Jul 2 10:32:43 2012 us=897131 MULTI: multi_create_instance called
Mon Jul 2 10:32:43 2012 us=897281 172.16.16.176:57094 Re-using SSL/TLS context
Mon Jul 2 10:32:43 2012 us=897369 172.16.16.176:57094 LZO compression initialized
Mon Jul 2 10:32:43 2012 us=897745 172.16.16.176:57094 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 2 10:32:43 2012 us=897783 172.16.16.176:57094 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 2 10:32:43 2012 us=897881 172.16.16.176:57094 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Jul 2 10:32:43 2012 us=897919 172.16.16.176:57094 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jul 2 10:32:43 2012 us=897959 172.16.16.176:57094 Local Options hash (VER=V4): '530fdded'
Mon Jul 2 10:32:43 2012 us=897985 172.16.16.176:57094 Expected Remote Options hash (VER=V4): '41690919'
Mon Jul 2 10:32:43 2012 us=898080 172.16.16.176:57094 UDPv4 READ [14] from [AF_INET]172.16.16.176:57094: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Mon Jul 2 10:32:43 2012 us=898123 172.16.16.176:57094 TLS: Initial packet from [AF_INET]172.16.16.176:57094, sid=61b825a8 ee879657
Mon Jul 2 10:32:43 2012 us=898169 172.16.16.176:57094 UDPv4 WRITE [26] to [AF_INET]172.16.16.176:57094: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Mon Jul 2 10:32:43 2012 us=900301 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 0 ]
Mon Jul 2 10:32:43 2012 us=901188 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Mon Jul 2 10:32:43 2012 us=901271 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 1 ]
Mon Jul 2 10:32:43 2012 us=902663 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Mon Jul 2 10:32:43 2012 us=902731 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 2 ]
Mon Jul 2 10:32:43 2012 us=903761 172.16.16.176:57094 UDPv4 READ [24] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Mon Jul 2 10:32:43 2012 us=908758 172.16.16.176:57094 UDPv4 WRITE [126] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Mon Jul 2 10:32:43 2012 us=909171 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Mon Jul 2 10:32:43 2012 us=909398 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Mon Jul 2 10:32:43 2012 us=909553 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Mon Jul 2 10:32:43 2012 us=910788 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 1 ]
Mon Jul 2 10:32:43 2012 us=910852 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Mon Jul 2 10:32:43 2012 us=911770 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 2 ]
Mon Jul 2 10:32:43 2012 us=911834 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Mon Jul 2 10:32:43 2012 us=912959 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 3 ]
Mon Jul 2 10:32:43 2012 us=913023 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Mon Jul 2 10:32:43 2012 us=914192 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 4 ]
Mon Jul 2 10:32:43 2012 us=914257 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Mon Jul 2 10:32:43 2012 us=915521 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 5 ]
Mon Jul 2 10:32:43 2012 us=915586 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Mon Jul 2 10:32:43 2012 us=916815 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 6 ]
Mon Jul 2 10:32:43 2012 us=916879 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Mon Jul 2 10:32:43 2012 us=917896 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 7 ]
Mon Jul 2 10:32:43 2012 us=917960 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Mon Jul 2 10:32:43 2012 us=918920 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 8 ]
Mon Jul 2 10:32:43 2012 us=918985 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Mon Jul 2 10:32:43 2012 us=920093 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 9 ]
Mon Jul 2 10:32:43 2012 us=920224 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Mon Jul 2 10:32:43 2012 us=921650 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 10 ]
Mon Jul 2 10:32:43 2012 us=921713 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Mon Jul 2 10:32:43 2012 us=922665 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 11 ]
Mon Jul 2 10:32:43 2012 us=922729 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Mon Jul 2 10:32:43 2012 us=923863 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 12 ]
Mon Jul 2 10:32:43 2012 us=923926 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Mon Jul 2 10:32:43 2012 us=924639 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 13 ]
Mon Jul 2 10:32:43 2012 us=924712 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Mon Jul 2 10:32:43 2012 us=926009 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 14 ]
Mon Jul 2 10:32:43 2012 us=926072 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Mon Jul 2 10:32:43 2012 us=926322 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 15 ]
Mon Jul 2 10:32:43 2012 us=926380 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Mon Jul 2 10:32:43 2012 us=927447 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 16 ]
Mon Jul 2 10:32:43 2012 us=927512 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Mon Jul 2 10:32:43 2012 us=929092 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 17 ]
Mon Jul 2 10:32:43 2012 us=929156 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Mon Jul 2 10:32:43 2012 us=929732 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 18 ]
Mon Jul 2 10:32:43 2012 us=929795 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Mon Jul 2 10:32:43 2012 us=931236 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 19 ]
Mon Jul 2 10:32:43 2012 us=931369 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Mon Jul 2 10:32:43 2012 us=933077 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 20 ]
Mon Jul 2 10:32:43 2012 us=933141 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Mon Jul 2 10:32:43 2012 us=934303 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 21 ]
Mon Jul 2 10:32:43 2012 us=934366 172.16.16.176:57094 UDPv4 WRITE [112] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=98
Mon Jul 2 10:32:43 2012 us=935310 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 22 ]
Mon Jul 2 10:32:43 2012 us=936096 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 23 ]
Mon Jul 2 10:32:43 2012 us=936839 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 24 ]
Mon Jul 2 10:32:43 2012 us=944899 172.16.16.176:57094 UDPv4 READ [126] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ 25 ] pid=4 DATA len=100
Mon Jul 2 10:32:43 2012 us=945053 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 4 ]
Mon Jul 2 10:32:43 2012 us=945309 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Mon Jul 2 10:32:43 2012 us=945370 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 5 ]
Mon Jul 2 10:32:43 2012 us=946434 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Mon Jul 2 10:32:43 2012 us=946501 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 6 ]
Mon Jul 2 10:32:43 2012 us=947470 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Mon Jul 2 10:32:43 2012 us=947536 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 7 ]
Mon Jul 2 10:32:43 2012 us=948729 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Mon Jul 2 10:32:43 2012 us=948795 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 8 ]
Mon Jul 2 10:32:43 2012 us=949882 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Mon Jul 2 10:32:43 2012 us=949948 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 9 ]
Mon Jul 2 10:32:43 2012 us=951256 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Mon Jul 2 10:32:43 2012 us=951323 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 10 ]
Mon Jul 2 10:32:43 2012 us=952486 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Mon Jul 2 10:32:43 2012 us=952704 172.16.16.176:57094 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /OU=section/CN=test/name=test
Mon Jul 2 10:32:43 2012 us=952843 172.16.16.176:57094 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mon Jul 2 10:32:43 2012 us=952877 172.16.16.176:57094 TLS Error: TLS object -> incoming plaintext read error
Mon Jul 2 10:32:43 2012 us=952894 172.16.16.176:57094 TLS Error: TLS handshake failed
Mon Jul 2 10:32:43 2012 us=952980 172.16.16.176:57094 SIGUSR1[soft,tls-error] received, client-instance restarting
Sorry for the long post, and ty!
I tested the server crt and a client crt, both gave me "OK".
Im going to paste all the conversation from the server side:
Mon Jul 2 10:32:43 2012 us=897131 MULTI: multi_create_instance called
Mon Jul 2 10:32:43 2012 us=897281 172.16.16.176:57094 Re-using SSL/TLS context
Mon Jul 2 10:32:43 2012 us=897369 172.16.16.176:57094 LZO compression initialized
Mon Jul 2 10:32:43 2012 us=897745 172.16.16.176:57094 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Jul 2 10:32:43 2012 us=897783 172.16.16.176:57094 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 2 10:32:43 2012 us=897881 172.16.16.176:57094 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Jul 2 10:32:43 2012 us=897919 172.16.16.176:57094 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jul 2 10:32:43 2012 us=897959 172.16.16.176:57094 Local Options hash (VER=V4): '530fdded'
Mon Jul 2 10:32:43 2012 us=897985 172.16.16.176:57094 Expected Remote Options hash (VER=V4): '41690919'
Mon Jul 2 10:32:43 2012 us=898080 172.16.16.176:57094 UDPv4 READ [14] from [AF_INET]172.16.16.176:57094: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Mon Jul 2 10:32:43 2012 us=898123 172.16.16.176:57094 TLS: Initial packet from [AF_INET]172.16.16.176:57094, sid=61b825a8 ee879657
Mon Jul 2 10:32:43 2012 us=898169 172.16.16.176:57094 UDPv4 WRITE [26] to [AF_INET]172.16.16.176:57094: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Mon Jul 2 10:32:43 2012 us=900301 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 0 ]
Mon Jul 2 10:32:43 2012 us=901188 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Mon Jul 2 10:32:43 2012 us=901271 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 1 ]
Mon Jul 2 10:32:43 2012 us=902663 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Mon Jul 2 10:32:43 2012 us=902731 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 2 ]
Mon Jul 2 10:32:43 2012 us=903761 172.16.16.176:57094 UDPv4 READ [24] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Mon Jul 2 10:32:43 2012 us=908758 172.16.16.176:57094 UDPv4 WRITE [126] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Mon Jul 2 10:32:43 2012 us=909171 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Mon Jul 2 10:32:43 2012 us=909398 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Mon Jul 2 10:32:43 2012 us=909553 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Mon Jul 2 10:32:43 2012 us=910788 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 1 ]
Mon Jul 2 10:32:43 2012 us=910852 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Mon Jul 2 10:32:43 2012 us=911770 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 2 ]
Mon Jul 2 10:32:43 2012 us=911834 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Mon Jul 2 10:32:43 2012 us=912959 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 3 ]
Mon Jul 2 10:32:43 2012 us=913023 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Mon Jul 2 10:32:43 2012 us=914192 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 4 ]
Mon Jul 2 10:32:43 2012 us=914257 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Mon Jul 2 10:32:43 2012 us=915521 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 5 ]
Mon Jul 2 10:32:43 2012 us=915586 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Mon Jul 2 10:32:43 2012 us=916815 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 6 ]
Mon Jul 2 10:32:43 2012 us=916879 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Mon Jul 2 10:32:43 2012 us=917896 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 7 ]
Mon Jul 2 10:32:43 2012 us=917960 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Mon Jul 2 10:32:43 2012 us=918920 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 8 ]
Mon Jul 2 10:32:43 2012 us=918985 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Mon Jul 2 10:32:43 2012 us=920093 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 9 ]
Mon Jul 2 10:32:43 2012 us=920224 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Mon Jul 2 10:32:43 2012 us=921650 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 10 ]
Mon Jul 2 10:32:43 2012 us=921713 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Mon Jul 2 10:32:43 2012 us=922665 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 11 ]
Mon Jul 2 10:32:43 2012 us=922729 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Mon Jul 2 10:32:43 2012 us=923863 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 12 ]
Mon Jul 2 10:32:43 2012 us=923926 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Mon Jul 2 10:32:43 2012 us=924639 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 13 ]
Mon Jul 2 10:32:43 2012 us=924712 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Mon Jul 2 10:32:43 2012 us=926009 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 14 ]
Mon Jul 2 10:32:43 2012 us=926072 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Mon Jul 2 10:32:43 2012 us=926322 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 15 ]
Mon Jul 2 10:32:43 2012 us=926380 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Mon Jul 2 10:32:43 2012 us=927447 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 16 ]
Mon Jul 2 10:32:43 2012 us=927512 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Mon Jul 2 10:32:43 2012 us=929092 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 17 ]
Mon Jul 2 10:32:43 2012 us=929156 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Mon Jul 2 10:32:43 2012 us=929732 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 18 ]
Mon Jul 2 10:32:43 2012 us=929795 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Mon Jul 2 10:32:43 2012 us=931236 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 19 ]
Mon Jul 2 10:32:43 2012 us=931369 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Mon Jul 2 10:32:43 2012 us=933077 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 20 ]
Mon Jul 2 10:32:43 2012 us=933141 172.16.16.176:57094 UDPv4 WRITE [114] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Mon Jul 2 10:32:43 2012 us=934303 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 21 ]
Mon Jul 2 10:32:43 2012 us=934366 172.16.16.176:57094 UDPv4 WRITE [112] to [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=98
Mon Jul 2 10:32:43 2012 us=935310 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 22 ]
Mon Jul 2 10:32:43 2012 us=936096 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 23 ]
Mon Jul 2 10:32:43 2012 us=936839 172.16.16.176:57094 UDPv4 READ [22] from [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 24 ]
Mon Jul 2 10:32:43 2012 us=944899 172.16.16.176:57094 UDPv4 READ [126] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ 25 ] pid=4 DATA len=100
Mon Jul 2 10:32:43 2012 us=945053 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 4 ]
Mon Jul 2 10:32:43 2012 us=945309 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Mon Jul 2 10:32:43 2012 us=945370 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 5 ]
Mon Jul 2 10:32:43 2012 us=946434 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Mon Jul 2 10:32:43 2012 us=946501 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 6 ]
Mon Jul 2 10:32:43 2012 us=947470 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Mon Jul 2 10:32:43 2012 us=947536 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 7 ]
Mon Jul 2 10:32:43 2012 us=948729 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Mon Jul 2 10:32:43 2012 us=948795 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 8 ]
Mon Jul 2 10:32:43 2012 us=949882 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Mon Jul 2 10:32:43 2012 us=949948 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 9 ]
Mon Jul 2 10:32:43 2012 us=951256 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Mon Jul 2 10:32:43 2012 us=951323 172.16.16.176:57094 UDPv4 WRITE [22] to [AF_INET]172.16.16.176:57094: P_ACK_V1 kid=0 [ 10 ]
Mon Jul 2 10:32:43 2012 us=952486 172.16.16.176:57094 UDPv4 READ [114] from [AF_INET]172.16.16.176:57094: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Mon Jul 2 10:32:43 2012 us=952704 172.16.16.176:57094 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /OU=section/CN=test/name=test
Mon Jul 2 10:32:43 2012 us=952843 172.16.16.176:57094 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Mon Jul 2 10:32:43 2012 us=952877 172.16.16.176:57094 TLS Error: TLS object -> incoming plaintext read error
Mon Jul 2 10:32:43 2012 us=952894 172.16.16.176:57094 TLS Error: TLS handshake failed
Mon Jul 2 10:32:43 2012 us=952980 172.16.16.176:57094 SIGUSR1[soft,tls-error] received, client-instance restarting
Sorry for the long post, and ty!
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Openvpn certificates issues
ok , so the message was from the server side already; which error message is shown on the client side?
also, check that the ca.crt and client.crt on the client ARE what you expect them to be (i.e. verify them against your master copy).
also, check that the ca.crt and client.crt on the client ARE what you expect them to be (i.e. verify them against your master copy).
-
lyron
- OpenVpn Newbie
- Posts: 6
- Joined: Fri Dec 02, 2011 3:25 pm
Re: Openvpn certificates issues
Ok, this is what it happens when I check the test.crt:
test.crt: OU = section, CN = test, name = test
error 20 at 0 depth lookup:unable to get local issuer certificate
The ca.crt says "OK".
This is the client side log. Note that at the end it just stays adding more READ/WRITE lines forever...
Tue Jul 03 09:19:34 2012 us=765000 UDPv4 link remote: x.x.x.x:1194
Tue Jul 03 09:19:34 2012 us=765000 UDPv4 WRITE [14] to x.x.x.x:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Jul 03 09:19:34 2012 us=765000 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 READ [26] from x.x.x.x:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Tue Jul 03 09:19:34 2012 us=984000 TLS: Initial packet from x.x.x.x:1194, sid=cad60fb1 29b9c946
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 0 ]
Tue Jul 03 09:19:34 2012 us=984000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [24] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Tue Jul 03 09:19:35 2012 us=78000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 1 ]
Tue Jul 03 09:19:35 2012 us=78000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 2 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [126] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 1 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 2 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 3 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 4 ]
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 5 ]
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 6 ]
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 7 ]
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 8 ]
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 9 ]
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 10 ]
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 11 ]
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 12 ]
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 13 ]
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 14 ]
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 15 ]
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 16 ]
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 17 ]
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 18 ]
Tue Jul 03 09:19:35 2012 us=500000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Tue Jul 03 09:19:35 2012 us=500000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 19 ]
Tue Jul 03 09:19:35 2012 us=500000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Tue Jul 03 09:19:35 2012 us=500000 VERIFY OK: depth=1, /C=US/ST=MI/L=none/O=Sagat/OU=Section/CN=SGBVPN/name=SGBVPN
Tue Jul 03 09:19:35 2012 us=515000 VERIFY OK: nsCertType=SERVER
Tue Jul 03 09:19:35 2012 us=515000 VERIFY OK: depth=0, /C=US/ST=MI/L=none/O=Sagat/OU=Section/CN=sgbvpn/name=sgbvpn
Tue Jul 03 09:19:35 2012 us=515000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 20 ]
Tue Jul 03 09:19:35 2012 us=562000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Tue Jul 03 09:19:35 2012 us=562000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 21 ]
Tue Jul 03 09:19:35 2012 us=562000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Tue Jul 03 09:19:35 2012 us=578000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 22 ]
Tue Jul 03 09:19:35 2012 us=656000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Tue Jul 03 09:19:35 2012 us=656000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 23 ]
Tue Jul 03 09:19:35 2012 us=671000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Tue Jul 03 09:19:35 2012 us=671000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 24 ]
Tue Jul 03 09:19:35 2012 us=671000 UDPv4 READ [112] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=98
Tue Jul 03 09:19:35 2012 us=687000 UDPv4 WRITE [126] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ 25 ] pid=4 DATA len=100
Tue Jul 03 09:19:35 2012 us=687000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Tue Jul 03 09:19:35 2012 us=687000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Tue Jul 03 09:19:35 2012 us=703000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 4 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 5 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 6 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 7 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Tue Jul 03 09:19:35 2012 us=984000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 8 ]
Tue Jul 03 09:19:35 2012 us=984000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Tue Jul 03 09:19:35 2012 us=984000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 9 ]
Thanks again for your help.
test.crt: OU = section, CN = test, name = test
error 20 at 0 depth lookup:unable to get local issuer certificate
The ca.crt says "OK".
This is the client side log. Note that at the end it just stays adding more READ/WRITE lines forever...
Tue Jul 03 09:19:34 2012 us=765000 UDPv4 link remote: x.x.x.x:1194
Tue Jul 03 09:19:34 2012 us=765000 UDPv4 WRITE [14] to x.x.x.x:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Jul 03 09:19:34 2012 us=765000 UDPv4 READ [0] from [undef]: DATA UNDEF len=-1
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 READ [26] from x.x.x.x:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Tue Jul 03 09:19:34 2012 us=984000 TLS: Initial packet from x.x.x.x:1194, sid=cad60fb1 29b9c946
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 0 ]
Tue Jul 03 09:19:34 2012 us=984000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Tue Jul 03 09:19:34 2012 us=984000 UDPv4 WRITE [24] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Tue Jul 03 09:19:35 2012 us=78000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 1 ]
Tue Jul 03 09:19:35 2012 us=78000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 2 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [126] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 1 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 2 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 3 ]
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Tue Jul 03 09:19:35 2012 us=93000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 4 ]
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 5 ]
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Tue Jul 03 09:19:35 2012 us=187000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 6 ]
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 7 ]
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Tue Jul 03 09:19:35 2012 us=203000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 8 ]
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 9 ]
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Tue Jul 03 09:19:35 2012 us=281000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 10 ]
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 11 ]
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Tue Jul 03 09:19:35 2012 us=312000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 12 ]
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 13 ]
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Tue Jul 03 09:19:35 2012 us=375000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 14 ]
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 15 ]
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Tue Jul 03 09:19:35 2012 us=406000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 16 ]
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 17 ]
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Tue Jul 03 09:19:35 2012 us=468000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 18 ]
Tue Jul 03 09:19:35 2012 us=500000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Tue Jul 03 09:19:35 2012 us=500000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 19 ]
Tue Jul 03 09:19:35 2012 us=500000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=100
Tue Jul 03 09:19:35 2012 us=500000 VERIFY OK: depth=1, /C=US/ST=MI/L=none/O=Sagat/OU=Section/CN=SGBVPN/name=SGBVPN
Tue Jul 03 09:19:35 2012 us=515000 VERIFY OK: nsCertType=SERVER
Tue Jul 03 09:19:35 2012 us=515000 VERIFY OK: depth=0, /C=US/ST=MI/L=none/O=Sagat/OU=Section/CN=sgbvpn/name=sgbvpn
Tue Jul 03 09:19:35 2012 us=515000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 20 ]
Tue Jul 03 09:19:35 2012 us=562000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=21 DATA len=100
Tue Jul 03 09:19:35 2012 us=562000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 21 ]
Tue Jul 03 09:19:35 2012 us=562000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=22 DATA len=100
Tue Jul 03 09:19:35 2012 us=578000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 22 ]
Tue Jul 03 09:19:35 2012 us=656000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=23 DATA len=100
Tue Jul 03 09:19:35 2012 us=656000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 23 ]
Tue Jul 03 09:19:35 2012 us=671000 UDPv4 READ [114] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=24 DATA len=100
Tue Jul 03 09:19:35 2012 us=671000 UDPv4 WRITE [22] to x.x.x.x:1194: P_ACK_V1 kid=0 [ 24 ]
Tue Jul 03 09:19:35 2012 us=671000 UDPv4 READ [112] from x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=25 DATA len=98
Tue Jul 03 09:19:35 2012 us=687000 UDPv4 WRITE [126] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ 25 ] pid=4 DATA len=100
Tue Jul 03 09:19:35 2012 us=687000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Tue Jul 03 09:19:35 2012 us=687000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Tue Jul 03 09:19:35 2012 us=703000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 4 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 5 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 6 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 7 ]
Tue Jul 03 09:19:35 2012 us=828000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Tue Jul 03 09:19:35 2012 us=984000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 8 ]
Tue Jul 03 09:19:35 2012 us=984000 UDPv4 WRITE [114] to x.x.x.x:1194: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Tue Jul 03 09:19:35 2012 us=984000 UDPv4 READ [22] from x.x.x.x:1194: P_ACK_V1 kid=0 [ 9 ]
Thanks again for your help.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Openvpn certificates issues
this means that the 'test.crt' file was not signed by the 'ca.crt' file that you use on the server side ... what does
return? which CA signed the test.crt file?
note that you can support multiple CAs by stacking them together:
and then use
in your server config.
Code: Select all
openssl x509 -subject -issuer -noout -in test.crtnote that you can support multiple CAs by stacking them together:
Code: Select all
$ cat ca1.crt ca2.crt > stack.pemCode: Select all
ca /etc/openvpn/stack.pem-
lyron
- OpenVpn Newbie
- Posts: 6
- Joined: Fri Dec 02, 2011 3:25 pm
Re: Openvpn certificates issues
Well Jan, you are right, this is what it shows me:
subject= /OU=section/CN=test/name=test
issuer= /OU=section/CN=VPN/name=VPN
So it was certified by another ca.... mmmm weird.. Im confused, but clearly I changed it...
Well it looks that was all the problem... the others crt are workin now... no clue why...
Really thanks so much for the support...
subject= /OU=section/CN=test/name=test
issuer= /OU=section/CN=VPN/name=VPN
So it was certified by another ca.... mmmm weird.. Im confused, but clearly I changed it...
Well it looks that was all the problem... the others crt are workin now... no clue why...
Really thanks so much for the support...
-
dundacil
- OpenVpn Newbie
- Posts: 1
- Joined: Sat Jul 21, 2012 10:36 am
Re: Openvpn certificates issues
Lyron,
Perhaps I can explain the weirdness (having been through something similar myself, I was having what appears to be the same problem): I had a running openvpn service, then I had to regenerate the ca/server and clients keys, getting in the end an error message similar to yours.
Well, the problem turned out to be really stupid: I forgot that the server openvpn daemon was running with the old certificate: once I restarted it, everything worked again as expected. Too bad it took me a couple of hours before I realised it
By the way, janjust, many thanks to you too, your hints helped in tracking down the culprit!
Riccardo
Perhaps I can explain the weirdness (having been through something similar myself, I was having what appears to be the same problem): I had a running openvpn service, then I had to regenerate the ca/server and clients keys, getting in the end an error message similar to yours.
Well, the problem turned out to be really stupid: I forgot that the server openvpn daemon was running with the old certificate: once I restarted it, everything worked again as expected. Too bad it took me a couple of hours before I realised it
By the way, janjust, many thanks to you too, your hints helped in tracking down the culprit!Riccardo