OpenVPN Help Plz

mvyvoda · Post by **mvyvoda** » Wed Oct 10, 2012 3:44 am

Greetings, I am using DD-WRT with my Buffalo G300NH. I notice in my log files:

Oct  9 16:36:06 DD-WRT daemon.warn openvpn[4130]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

can someone, knowledgeable, of this error kindly help? i have been going on a couple days, trying to sort it out. i like all nighters though!!

Post by **xauen** » Wed Oct 10, 2012 4:36 am

mvyvoda wrote:Greetings, I am using DD-WRT with my Buffalo G300NH. I notice in my log files:
Code: Select all
Oct  9 16:36:06 DD-WRT daemon.warn openvpn[4130]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
can someone, knowledgeable, of this error kindly help? i have been going on a couple days, trying to sort it out. i like all nighters though!!

Thats not a error its a warning message.
Can you tell me what are you trying to achieve? what errors are you experiencing?
Please post your logs, server & client configs so we can check your setup.

mvyvoda · Post by **mvyvoda** » Wed Oct 10, 2012 4:49 am

yes, you're right. I have moved on from that. The real problem is my dh.pem file location? here is the error:

Code: Select all

Tue Oct 09 23:33:31 2012 us=281000 Cannot open /tmp/openvpn/dh.pem for DH parameters: error:02001003:system library:fopen:No such process: error:2006D080:BIO routines:BIO_new_file:no such file
Tue Oct 09 23:33:31 2012 us=281000 Exiting

Can you tell me what are you trying to achieve? I am trying to set up OpenVPN at my person residence. I am using a BuffaloTech router with DD-WRT running OVPN 2.0, I think.
what errors are you experiencing? I am not sure my authentication is correct. Also, see above error.
Please post your logs, server & client configs so we can check your setup.: here are the following:
Server Config:

Code: Select all

push "route 192.168.11.1 255.255.255.0"
push "dhcp-option DNS 10.8.0.1"
server 10.8.0.0 255.255.255.0

port 1194
proto udp
dev tun0
ifconfig 10.8.0.1 10.8.0.2
#secret static.key

ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
dh /tmp/openvpn/dh.pem

keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 5

management localhost 5001

Client Config:

Code: Select all

remote ******.chickenkiller.com 1194

client
remote-cert-tls server
ns-cert-type server

dev tun0
ifconfig 10.8.0.2 10.8.0.1
#secret static.key

proto udp
resolv-retry infinite
nobind
persist-key
persist-tun

float
route-delay 30

ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"
cert "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.crt"
key "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\client1.key"
comp-lzo
verb 5

Server Log File:

Code: Select all

Tue Oct 09 23:33:30 2012 us=250000 Current Parameter Settings:
Tue Oct 09 23:33:30 2012 us=250000   config = 'server.ovpn'
Tue Oct 09 23:33:30 2012 us=250000   mode = 1
Tue Oct 09 23:33:30 2012 us=250000   show_ciphers = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   show_digests = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   show_engines = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   genkey = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   key_pass_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   show_tls_ciphers = DISABLED
Tue Oct 09 23:33:30 2012 us=250000 Connection profiles [default]:
Tue Oct 09 23:33:30 2012 us=250000   proto = udp
Tue Oct 09 23:33:30 2012 us=250000   local = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   local_port = 1194
Tue Oct 09 23:33:30 2012 us=250000   remote = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   remote_port = 1194
Tue Oct 09 23:33:30 2012 us=250000   remote_float = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   bind_defined = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   bind_local = ENABLED
Tue Oct 09 23:33:30 2012 us=250000   connect_retry_seconds = 5
Tue Oct 09 23:33:30 2012 us=250000   connect_timeout = 10
Tue Oct 09 23:33:30 2012 us=250000   connect_retry_max = 0
Tue Oct 09 23:33:30 2012 us=250000   socks_proxy_server = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   socks_proxy_port = 0
Tue Oct 09 23:33:30 2012 us=250000   socks_proxy_retry = DISABLED
Tue Oct 09 23:33:30 2012 us=250000 Connection profiles END
Tue Oct 09 23:33:30 2012 us=250000   remote_random = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   ipchange = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   dev = 'tun0'
Tue Oct 09 23:33:30 2012 us=250000   dev_type = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   dev_node = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   lladdr = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   topology = 1
Tue Oct 09 23:33:30 2012 us=250000   tun_ipv6 = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   ifconfig_local = '10.8.0.1'
Tue Oct 09 23:33:30 2012 us=250000   ifconfig_remote_netmask = '10.8.0.2'
Tue Oct 09 23:33:30 2012 us=250000   ifconfig_noexec = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   ifconfig_nowarn = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   shaper = 0
Tue Oct 09 23:33:30 2012 us=250000   tun_mtu = 1500
Tue Oct 09 23:33:30 2012 us=250000   tun_mtu_defined = ENABLED
Tue Oct 09 23:33:30 2012 us=250000   link_mtu = 1500
Tue Oct 09 23:33:30 2012 us=250000   link_mtu_defined = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   tun_mtu_extra = 0
Tue Oct 09 23:33:30 2012 us=250000   tun_mtu_extra_defined = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   fragment = 0
Tue Oct 09 23:33:30 2012 us=250000   mtu_discover_type = -1
Tue Oct 09 23:33:30 2012 us=250000   mtu_test = 0
Tue Oct 09 23:33:30 2012 us=250000   mlock = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   keepalive_ping = 10
Tue Oct 09 23:33:30 2012 us=250000   keepalive_timeout = 120
Tue Oct 09 23:33:30 2012 us=250000   inactivity_timeout = 0
Tue Oct 09 23:33:30 2012 us=250000   ping_send_timeout = 10
Tue Oct 09 23:33:30 2012 us=250000   ping_rec_timeout = 240
Tue Oct 09 23:33:30 2012 us=250000   ping_rec_timeout_action = 2
Tue Oct 09 23:33:30 2012 us=250000   ping_timer_remote = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   remap_sigusr1 = 0
Tue Oct 09 23:33:30 2012 us=250000   explicit_exit_notification = 0
Tue Oct 09 23:33:30 2012 us=250000   persist_tun = ENABLED
Tue Oct 09 23:33:30 2012 us=250000   persist_local_ip = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   persist_remote_ip = DISABLED
Tue Oct 09 23:33:30 2012 us=250000   persist_key = ENABLED
Tue Oct 09 23:33:30 2012 us=250000   mssfix = 1450
Tue Oct 09 23:33:30 2012 us=250000   resolve_retry_seconds = 1000000000
Tue Oct 09 23:33:30 2012 us=250000   username = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   groupname = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   chroot_dir = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   cd_dir = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=250000   writepid = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=437000   up_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=437000   down_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=437000   down_pre = DISABLED
Tue Oct 09 23:33:30 2012 us=437000   up_restart = DISABLED
Tue Oct 09 23:33:30 2012 us=437000   up_delay = DISABLED
Tue Oct 09 23:33:30 2012 us=437000   daemon = DISABLED
Tue Oct 09 23:33:30 2012 us=437000   inetd = 0
Tue Oct 09 23:33:30 2012 us=437000   log = DISABLED
Tue Oct 09 23:33:30 2012 us=437000   suppress_timestamps = DISABLED
Tue Oct 09 23:33:30 2012 us=437000   nice = 0
Tue Oct 09 23:33:30 2012 us=437000   verbosity = 5
Tue Oct 09 23:33:30 2012 us=437000   mute = 0
Tue Oct 09 23:33:30 2012 us=437000   gremlin = 0
Tue Oct 09 23:33:30 2012 us=437000   status_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=437000   status_file_version = 1
Tue Oct 09 23:33:30 2012 us=437000   status_file_update_freq = 60
Tue Oct 09 23:33:30 2012 us=437000   occ = ENABLED
Tue Oct 09 23:33:30 2012 us=437000   rcvbuf = 0
Tue Oct 09 23:33:30 2012 us=437000   sndbuf = 0
Tue Oct 09 23:33:30 2012 us=453000   sockflags = 0
Tue Oct 09 23:33:30 2012 us=453000   fast_io = DISABLED
Tue Oct 09 23:33:30 2012 us=453000   lzo = 7
Tue Oct 09 23:33:30 2012 us=453000   route_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=453000   route_default_gateway = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=453000   route_default_metric = 0
Tue Oct 09 23:33:30 2012 us=453000   route_noexec = DISABLED
Tue Oct 09 23:33:30 2012 us=453000   route_delay = 0
Tue Oct 09 23:33:30 2012 us=453000   route_delay_window = 30
Tue Oct 09 23:33:30 2012 us=453000   route_delay_defined = DISABLED
Tue Oct 09 23:33:30 2012 us=453000   route_nopull = DISABLED
Tue Oct 09 23:33:30 2012 us=453000   route_gateway_via_dhcp = DISABLED
Tue Oct 09 23:33:30 2012 us=453000   max_routes = 100
Tue Oct 09 23:33:30 2012 us=453000   allow_pull_fqdn = DISABLED
Tue Oct 09 23:33:30 2012 us=453000   route 10.8.0.0/255.255.255.0/nil/nil
Tue Oct 09 23:33:30 2012 us=453000   management_addr = 'localhost'
Tue Oct 09 23:33:30 2012 us=484000   management_port = 5001
Tue Oct 09 23:33:30 2012 us=484000   management_user_pass = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=484000   management_log_history_cache = 250
Tue Oct 09 23:33:30 2012 us=484000   management_echo_buffer_size = 100
Tue Oct 09 23:33:30 2012 us=484000   management_write_peer_info_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=484000   management_client_user = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=484000   management_client_group = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=484000   management_flags = 0
Tue Oct 09 23:33:30 2012 us=484000   shared_secret_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=484000   key_direction = 0
Tue Oct 09 23:33:30 2012 us=484000   ciphername_defined = ENABLED
Tue Oct 09 23:33:30 2012 us=484000   ciphername = 'BF-CBC'
Tue Oct 09 23:33:30 2012 us=484000   authname_defined = ENABLED
Tue Oct 09 23:33:30 2012 us=484000   authname = 'SHA1'
Tue Oct 09 23:33:30 2012 us=484000   prng_hash = 'SHA1'
Tue Oct 09 23:33:30 2012 us=562000   prng_nonce_secret_len = 16
Tue Oct 09 23:33:30 2012 us=562000   keysize = 0
Tue Oct 09 23:33:30 2012 us=562000   engine = DISABLED
Tue Oct 09 23:33:30 2012 us=562000   replay = ENABLED
Tue Oct 09 23:33:30 2012 us=562000   mute_replay_warnings = DISABLED
Tue Oct 09 23:33:30 2012 us=562000   replay_window = 64
Tue Oct 09 23:33:30 2012 us=562000   replay_time = 15
Tue Oct 09 23:33:30 2012 us=562000   packet_id_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=562000   use_iv = ENABLED
Tue Oct 09 23:33:30 2012 us=562000   test_crypto = DISABLED
Tue Oct 09 23:33:30 2012 us=562000   tls_server = ENABLED
Tue Oct 09 23:33:30 2012 us=562000   tls_client = DISABLED
Tue Oct 09 23:33:30 2012 us=562000   key_method = 2
Tue Oct 09 23:33:30 2012 us=562000   ca_file = '/tmp/openvpn/ca.crt'
Tue Oct 09 23:33:30 2012 us=562000   ca_path = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=562000   dh_file = '/tmp/openvpn/dh.pem'
Tue Oct 09 23:33:30 2012 us=562000   cert_file = '/tmp/openvpn/cert.pem'
Tue Oct 09 23:33:30 2012 us=593000   priv_key_file = '/tmp/openvpn/key.pem'
Tue Oct 09 23:33:30 2012 us=593000   pkcs12_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   cryptoapi_cert = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   cipher_list = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   tls_verify = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   tls_export_cert = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   tls_remote = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   crl_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=593000   ns_cert_type = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=593000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_ku[i] = 0
Tue Oct 09 23:33:30 2012 us=625000   remote_cert_eku = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=625000   tls_timeout = 2
Tue Oct 09 23:33:30 2012 us=625000   renegotiate_bytes = 0
Tue Oct 09 23:33:30 2012 us=625000   renegotiate_packets = 0
Tue Oct 09 23:33:30 2012 us=625000   renegotiate_seconds = 3600
Tue Oct 09 23:33:30 2012 us=625000   handshake_window = 60
Tue Oct 09 23:33:30 2012 us=625000   transition_window = 3600
Tue Oct 09 23:33:30 2012 us=625000   single_session = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   push_peer_info = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   tls_exit = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   tls_auth_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=671000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_protected_authentication = DISABLED
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=703000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_private_mode = 00000000
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=734000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_cert_private = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_pin_cache_period = -1
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_id = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=781000   pkcs11_id_management = DISABLED
Tue Oct 09 23:33:30 2012 us=781000   server_network = 10.8.0.0
Tue Oct 09 23:33:30 2012 us=828000   server_netmask = 255.255.255.0
Tue Oct 09 23:33:30 2012 us=828000   server_bridge_ip = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=828000   server_bridge_netmask = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=828000   server_bridge_pool_start = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=828000   server_bridge_pool_end = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=828000   push_entry = 'route 192.168.11.1 255.255.255.0'
Tue Oct 09 23:33:30 2012 us=828000   push_entry = 'dhcp-option DNS 10.8.0.1'
Tue Oct 09 23:33:30 2012 us=828000   push_entry = 'route 10.8.0.1'
Tue Oct 09 23:33:30 2012 us=828000   push_entry = 'topology net30'
Tue Oct 09 23:33:30 2012 us=828000   push_entry = 'ping 10'
Tue Oct 09 23:33:30 2012 us=828000   push_entry = 'ping-restart 120'
Tue Oct 09 23:33:30 2012 us=828000   ifconfig_pool_defined = ENABLED
Tue Oct 09 23:33:30 2012 us=828000   ifconfig_pool_start = 10.8.0.4
Tue Oct 09 23:33:30 2012 us=859000   ifconfig_pool_end = 10.8.0.251
Tue Oct 09 23:33:30 2012 us=859000   ifconfig_pool_netmask = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=859000   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=859000   ifconfig_pool_persist_refresh_freq = 600
Tue Oct 09 23:33:30 2012 us=859000   n_bcast_buf = 256
Tue Oct 09 23:33:30 2012 us=859000   tcp_queue_limit = 64
Tue Oct 09 23:33:30 2012 us=859000   real_hash_size = 256
Tue Oct 09 23:33:30 2012 us=859000   virtual_hash_size = 256
Tue Oct 09 23:33:30 2012 us=859000   client_connect_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=859000   learn_address_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=859000   client_disconnect_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=859000   client_config_dir = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=859000   ccd_exclusive = DISABLED
Tue Oct 09 23:33:30 2012 us=859000   tmp_dir = 'C:\DOCUME~1\mvyvoda\LOCALS~1\Temp\'
Tue Oct 09 23:33:30 2012 us=859000   push_ifconfig_defined = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   push_ifconfig_local = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=890000   push_ifconfig_remote_netmask = 0.0.0.0
Tue Oct 09 23:33:30 2012 us=890000   enable_c2c = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   duplicate_cn = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   cf_max = 0
Tue Oct 09 23:33:30 2012 us=890000   cf_per = 0
Tue Oct 09 23:33:30 2012 us=890000   max_clients = 1024
Tue Oct 09 23:33:30 2012 us=890000   max_routes_per_client = 256
Tue Oct 09 23:33:30 2012 us=890000   auth_user_pass_verify_script = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=890000   auth_user_pass_verify_script_via_file = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   ssl_flags = 0
Tue Oct 09 23:33:30 2012 us=890000   client = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   pull = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   auth_user_pass_file = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=890000   show_net_up = DISABLED
Tue Oct 09 23:33:30 2012 us=890000   route_method = 0
Tue Oct 09 23:33:30 2012 us=906000   ip_win32_defined = DISABLED
Tue Oct 09 23:33:30 2012 us=906000   ip_win32_type = 3
Tue Oct 09 23:33:30 2012 us=906000   dhcp_masq_offset = 0
Tue Oct 09 23:33:30 2012 us=906000   dhcp_lease_time = 31536000
Tue Oct 09 23:33:30 2012 us=906000   tap_sleep = 10
Tue Oct 09 23:33:30 2012 us=906000   dhcp_options = DISABLED
Tue Oct 09 23:33:30 2012 us=906000   dhcp_renew = DISABLED
Tue Oct 09 23:33:30 2012 us=906000   dhcp_pre_release = DISABLED
Tue Oct 09 23:33:30 2012 us=906000   dhcp_release = DISABLED
Tue Oct 09 23:33:30 2012 us=906000   domain = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=906000   netbios_scope = '[UNDEF]'
Tue Oct 09 23:33:30 2012 us=906000   netbios_node_type = 0
Tue Oct 09 23:33:30 2012 us=906000   disable_nbt = DISABLED
Tue Oct 09 23:33:30 2012 us=906000 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Oct 09 23:33:30 2012 us=921000 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
Tue Oct 09 23:33:30 2012 us=968000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Oct 09 23:33:31 2012 us=281000 Cannot open /tmp/openvpn/dh.pem for DH parameters: error:02001003:system library:fopen:No such process: error:2006D080:BIO routines:BIO_new_file:no such file
Tue Oct 09 23:33:31 2012 us=281000 Exiting

Thanks for the help!!!!!

Post by **xauen** » Thu Oct 11, 2012 12:46 pm

mvyvoda wrote:yes, you're right. I have moved on from that. The real problem is my dh.pem file location? here is the error:
Code: Select all
Tue Oct 09 23:33:31 2012 us=281000 Cannot open /tmp/openvpn/dh.pem for DH parameters: error:02001003:system library:fopen:No such process: error:2006D080:BIO routines:BIO_new_file:no such file
Tue Oct 09 23:33:31 2012 us=281000 Exiting

Make sure dh.pem exists otherwise you can just make another dh.pem file just make sure you backup the certificates.

mvyvoda · Post by **mvyvoda** » Thu Oct 11, 2012 10:20 pm

xauen wrote:
mvyvoda wrote:yes, you're right. I have moved on from that. The real problem is my dh.pem file location? here is the error:
Code: Select all
Tue Oct 09 23:33:31 2012 us=281000 Cannot open /tmp/openvpn/dh.pem for DH parameters: error:02001003:system library:fopen:No such process: error:2006D080:BIO routines:BIO_new_file:no such file
Tue Oct 09 23:33:31 2012 us=281000 Exiting
Make sure dh.pem exists otherwise you can just make another dh.pem file just make sure you backup the certificates.

dh.pem exists via the DD-WRT gui. I verified via telnet sh#. i did recreate it and reenter it into the gui. i also backed up my certs. i did verify openvpn was running:

Code: Select all

root@DD-WRT:~# ps | grep vpn
 1698 root      2484 S    openvpn --config /tmp/openvpn/openvpn.conf --route-up

however, the problem still exists. it has to be something with dh.pem on the server. when I am outside my LAN, and connecting on my laptop with OpenVPN, should I be connecting to the "server" or "client?" or, should i fully start over, and reinstall openvpn and my certs? thx

mvyvoda · Post by **mvyvoda** » Fri Oct 12, 2012 5:23 am

I found a link that settled the file location problems: http://community.openvpn.net/openvpn/wi ... curityTips - on your helpful site, no less.

once i changed my cert. file directories to ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt", etc. i now have other issues, you might be able to help with. when i try to connect via my Windows OpenVPN "server" config, here is my log:

Code: Select all

Fri Oct 12 00:13:27 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Oct 12 00:13:27 2012 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001
Fri Oct 12 00:13:27 2012 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Fri Oct 12 00:13:27 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Oct 12 00:13:27 2012 Diffie-Hellman initialized with 1024 bit key
Fri Oct 12 00:13:27 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Oct 12 00:13:27 2012 Socket Buffers: R=[8192->8192] S=[64512->64512]
Fri Oct 12 00:13:27 2012 ROUTE default_gateway=192.168.1.1
Fri Oct 12 00:13:27 2012 CreateFile failed on TAP device: \\.\Global\{E9D61C84-301A-4D44-BB99-6FE1C1CD43AF}.tap
Fri Oct 12 00:13:27 2012 All TAP-Win32 adapters on this system are currently in use.
Fri Oct 12 00:13:27 2012 Exiting

whatcha think?

mvyvoda · Post by **mvyvoda** » Fri Oct 12, 2012 5:42 am

I did end up solving the TAP adapter problem. I read this discussion: http://forum.pfsense.org/index.php?topi ... #msg144030

I was able to enable some TAP adapters and connect outside my LAN to my new OpenVPN server! w00t!!

Once I have this set up, aren't I able to see my network? files, router ip address (192.168.11.1), etc?

thanks for all the help, thus far.

OpenVPN Support Forum

OpenVPN Help Plz

OpenVPN Help Plz

Re: OpenVPN Help Plz

Re: OpenVPN Help Plz

Re: OpenVPN Help Plz

Re: OpenVPN Help Plz

Re: OpenVPN Help Plz

Re: OpenVPN Help Plz