TLS handshake fails after setting up keys

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
henryarroyo
OpenVpn Newbie
Posts: 1
Joined: Sun Jul 12, 2015 9:58 am

TLS handshake fails after setting up keys

Post by henryarroyo » Sun Jul 12, 2015 10:08 am

I'm trying to set up OpenVPN on dd-wrt using a windows machine to set up the certs on the client side. I go through the following to set up the certs:

Code: Select all

init-config
clean-all
build-ca
build-key
build-key-server
build-dh
I verified the certs and got an okay on them

Code: Select all

c:\Program Files\OpenVPN\config>openssl verify -CAfile ca.crt router.crt
WARNING: can't open config file: /etc/ssl/openssl.cnf
router.crt: OK

c:\Program Files\OpenVPN\config>openssl verify -CAfile ca.crt ace.crt
WARNING: can't open config file: /etc/ssl/openssl.cnf
ace.crt: OK
I coped the ca.crt ace.crt (client cert) over to the config folder, but when I try to connect to using my client cert, TLS fails as follows

Code: Select all

Sat Jul 11 23:43:35 2015 us=567623 Current Parameter Settings:
Sat Jul 11 23:43:35 2015 us=568623   config = 'client.ovpn'
Sat Jul 11 23:43:35 2015 us=568623   mode = 0
Sat Jul 11 23:43:35 2015 us=568623   show_ciphers = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   show_digests = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   show_engines = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   genkey = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   key_pass_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   show_tls_ciphers = DISABLED
Sat Jul 11 23:43:35 2015 us=568623 Connection profiles [default]:
Sat Jul 11 23:43:35 2015 us=568623   proto = tcp-client
Sat Jul 11 23:43:35 2015 us=568623   local = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   local_port = 0
Sat Jul 11 23:43:35 2015 us=568623   remote = 'gateway.arroyo.house'
Sat Jul 11 23:43:35 2015 us=568623   remote_port = 1194
Sat Jul 11 23:43:35 2015 us=568623   remote_float = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   bind_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   bind_local = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   connect_retry_seconds = 5
Sat Jul 11 23:43:35 2015 us=568623   connect_timeout = 10
Sat Jul 11 23:43:35 2015 us=568623   connect_retry_max = 0
Sat Jul 11 23:43:35 2015 us=568623   socks_proxy_server = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   socks_proxy_port = 0
Sat Jul 11 23:43:35 2015 us=568623   socks_proxy_retry = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   tun_mtu = 1500
Sat Jul 11 23:43:35 2015 us=568623   tun_mtu_defined = ENABLED
Sat Jul 11 23:43:35 2015 us=568623   link_mtu = 1500
Sat Jul 11 23:43:35 2015 us=568623   link_mtu_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   tun_mtu_extra = 0
Sat Jul 11 23:43:35 2015 us=568623   tun_mtu_extra_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   mtu_discover_type = -1
Sat Jul 11 23:43:35 2015 us=568623   fragment = 0
Sat Jul 11 23:43:35 2015 us=568623   mssfix = 1450
Sat Jul 11 23:43:35 2015 us=568623   explicit_exit_notification = 0
Sat Jul 11 23:43:35 2015 us=568623 Connection profiles END
Sat Jul 11 23:43:35 2015 us=568623   remote_random = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   ipchange = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   dev = 'tun'
Sat Jul 11 23:43:35 2015 us=568623   dev_type = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   dev_node = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   lladdr = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   topology = 1
Sat Jul 11 23:43:35 2015 us=568623   tun_ipv6 = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_local = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_remote_netmask = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_noexec = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_nowarn = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_ipv6_local = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_ipv6_netbits = 0
Sat Jul 11 23:43:35 2015 us=568623   ifconfig_ipv6_remote = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   shaper = 0
Sat Jul 11 23:43:35 2015 us=568623   mtu_test = 0
Sat Jul 11 23:43:35 2015 us=568623   mlock = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   keepalive_ping = 0
Sat Jul 11 23:43:35 2015 us=568623   keepalive_timeout = 0
Sat Jul 11 23:43:35 2015 us=568623   inactivity_timeout = 0
Sat Jul 11 23:43:35 2015 us=568623   ping_send_timeout = 0
Sat Jul 11 23:43:35 2015 us=568623   ping_rec_timeout = 0
Sat Jul 11 23:43:35 2015 us=568623   ping_rec_timeout_action = 0
Sat Jul 11 23:43:35 2015 us=568623   ping_timer_remote = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   remap_sigusr1 = 0
Sat Jul 11 23:43:35 2015 us=568623   persist_tun = ENABLED
Sat Jul 11 23:43:35 2015 us=568623   persist_local_ip = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   persist_remote_ip = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   persist_key = ENABLED
Sat Jul 11 23:43:35 2015 us=568623   passtos = DISABLED
Sat Jul 11 23:43:35 2015 us=568623   resolve_retry_seconds = 1000000000
Sat Jul 11 23:43:35 2015 us=568623   username = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   groupname = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   chroot_dir = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   cd_dir = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   writepid = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   up_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   down_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=568623   down_pre = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   up_restart = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   up_delay = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   daemon = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   inetd = 0
Sat Jul 11 23:43:35 2015 us=569623   log = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   suppress_timestamps = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   nice = 0
Sat Jul 11 23:43:35 2015 us=569623   verbosity = 4
Sat Jul 11 23:43:35 2015 us=569623   mute = 0
Sat Jul 11 23:43:35 2015 us=569623   status_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   status_file_version = 1
Sat Jul 11 23:43:35 2015 us=569623   status_file_update_freq = 60
Sat Jul 11 23:43:35 2015 us=569623   occ = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   rcvbuf = 0
Sat Jul 11 23:43:35 2015 us=569623   sndbuf = 0
Sat Jul 11 23:43:35 2015 us=569623   sockflags = 0
Sat Jul 11 23:43:35 2015 us=569623   fast_io = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   lzo = 7
Sat Jul 11 23:43:35 2015 us=569623   route_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   route_default_gateway = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   route_default_metric = 0
Sat Jul 11 23:43:35 2015 us=569623   route_noexec = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   route_delay = 5
Sat Jul 11 23:43:35 2015 us=569623   route_delay_window = 30
Sat Jul 11 23:43:35 2015 us=569623   route_delay_defined = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   route_nopull = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   route_gateway_via_dhcp = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   max_routes = 100
Sat Jul 11 23:43:35 2015 us=569623   allow_pull_fqdn = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   management_addr = '127.0.0.1'
Sat Jul 11 23:43:35 2015 us=569623   management_port = 25340
Sat Jul 11 23:43:35 2015 us=569623   management_user_pass = 'stdin'
Sat Jul 11 23:43:35 2015 us=569623   management_log_history_cache = 250
Sat Jul 11 23:43:35 2015 us=569623   management_echo_buffer_size = 100
Sat Jul 11 23:43:35 2015 us=569623   management_write_peer_info_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   management_client_user = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   management_client_group = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   management_flags = 6
Sat Jul 11 23:43:35 2015 us=569623   shared_secret_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   key_direction = 0
Sat Jul 11 23:43:35 2015 us=569623   ciphername_defined = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   ciphername = 'AES-128-CBC'
Sat Jul 11 23:43:35 2015 us=569623   authname_defined = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   authname = 'SHA1'
Sat Jul 11 23:43:35 2015 us=569623   prng_hash = 'SHA1'
Sat Jul 11 23:43:35 2015 us=569623   prng_nonce_secret_len = 16
Sat Jul 11 23:43:35 2015 us=569623   keysize = 0
Sat Jul 11 23:43:35 2015 us=569623   engine = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   replay = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   mute_replay_warnings = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   replay_window = 64
Sat Jul 11 23:43:35 2015 us=569623   replay_time = 15
Sat Jul 11 23:43:35 2015 us=569623   packet_id_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   use_iv = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   test_crypto = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   tls_server = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   tls_client = ENABLED
Sat Jul 11 23:43:35 2015 us=569623   key_method = 2
Sat Jul 11 23:43:35 2015 us=569623   ca_file = 'ca.crt'
Sat Jul 11 23:43:35 2015 us=569623   ca_path = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   dh_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   cert_file = 'ace.crt'
Sat Jul 11 23:43:35 2015 us=569623   priv_key_file = 'ace.key'
Sat Jul 11 23:43:35 2015 us=569623   pkcs12_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   cryptoapi_cert = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   cipher_list = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   tls_verify = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   tls_export_cert = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   verify_x509_type = 0
Sat Jul 11 23:43:35 2015 us=569623   verify_x509_name = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   crl_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   ns_cert_type = 1
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_ku[i] = 0
Sat Jul 11 23:43:35 2015 us=569623   remote_cert_eku = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=569623   ssl_flags = 0
Sat Jul 11 23:43:35 2015 us=569623   tls_timeout = 2
Sat Jul 11 23:43:35 2015 us=569623   renegotiate_bytes = 0
Sat Jul 11 23:43:35 2015 us=569623   renegotiate_packets = 0
Sat Jul 11 23:43:35 2015 us=569623   renegotiate_seconds = 3600
Sat Jul 11 23:43:35 2015 us=569623   handshake_window = 60
Sat Jul 11 23:43:35 2015 us=569623   transition_window = 3600
Sat Jul 11 23:43:35 2015 us=569623   single_session = DISABLED
Sat Jul 11 23:43:35 2015 us=569623   push_peer_info = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   tls_exit = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   tls_auth_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_protected_authentication = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_private_mode = 00000000
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_cert_private = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_pin_cache_period = -1
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_id = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=570623   pkcs11_id_management = DISABLED
Sat Jul 11 23:43:35 2015 us=570623   server_network = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=570623   server_netmask = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   server_network_ipv6 = ::
Sat Jul 11 23:43:35 2015 us=571623   server_netbits_ipv6 = 0
Sat Jul 11 23:43:35 2015 us=571623   server_bridge_ip = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   server_bridge_netmask = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   server_bridge_pool_start = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   server_bridge_pool_end = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_pool_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_pool_start = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_pool_end = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_pool_netmask = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_pool_persist_filename = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_pool_persist_refresh_freq = 600
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_ipv6_pool_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_ipv6_pool_base = ::
Sat Jul 11 23:43:35 2015 us=571623   ifconfig_ipv6_pool_netbits = 0
Sat Jul 11 23:43:35 2015 us=571623   n_bcast_buf = 256
Sat Jul 11 23:43:35 2015 us=571623   tcp_queue_limit = 64
Sat Jul 11 23:43:35 2015 us=571623   real_hash_size = 256
Sat Jul 11 23:43:35 2015 us=571623   virtual_hash_size = 256
Sat Jul 11 23:43:35 2015 us=571623   client_connect_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   learn_address_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   client_disconnect_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   client_config_dir = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   ccd_exclusive = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   tmp_dir = 'C:\Users\Henry\AppData\Local\Temp\'
Sat Jul 11 23:43:35 2015 us=571623   push_ifconfig_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   push_ifconfig_local = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   push_ifconfig_remote_netmask = 0.0.0.0
Sat Jul 11 23:43:35 2015 us=571623   push_ifconfig_ipv6_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   push_ifconfig_ipv6_local = ::/0
Sat Jul 11 23:43:35 2015 us=571623   push_ifconfig_ipv6_remote = ::
Sat Jul 11 23:43:35 2015 us=571623   enable_c2c = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   duplicate_cn = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   cf_max = 0
Sat Jul 11 23:43:35 2015 us=571623   cf_per = 0
Sat Jul 11 23:43:35 2015 us=571623   max_clients = 1024
Sat Jul 11 23:43:35 2015 us=571623   max_routes_per_client = 256
Sat Jul 11 23:43:35 2015 us=571623   auth_user_pass_verify_script = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   auth_user_pass_verify_script_via_file = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   client = ENABLED
Sat Jul 11 23:43:35 2015 us=571623   pull = ENABLED
Sat Jul 11 23:43:35 2015 us=571623   auth_user_pass_file = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   show_net_up = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   route_method = 0
Sat Jul 11 23:43:35 2015 us=571623   ip_win32_defined = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   ip_win32_type = 3
Sat Jul 11 23:43:35 2015 us=571623   dhcp_masq_offset = 0
Sat Jul 11 23:43:35 2015 us=571623   dhcp_lease_time = 31536000
Sat Jul 11 23:43:35 2015 us=571623   tap_sleep = 0
Sat Jul 11 23:43:35 2015 us=571623   dhcp_options = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   dhcp_renew = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   dhcp_pre_release = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   dhcp_release = DISABLED
Sat Jul 11 23:43:35 2015 us=571623   domain = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   netbios_scope = '[UNDEF]'
Sat Jul 11 23:43:35 2015 us=571623   netbios_node_type = 0
Sat Jul 11 23:43:35 2015 us=571623   disable_nbt = DISABLED
Sat Jul 11 23:43:35 2015 us=571623 OpenVPN 2.3.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Apr 14 2014
Enter Management Password:
Sat Jul 11 23:43:35 2015 us=572623 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jul 11 23:43:35 2015 us=572623 Need hold release from management interface, waiting...
Sat Jul 11 23:43:36 2015 us=44650 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jul 11 23:43:36 2015 us=144656 MANAGEMENT: CMD 'state on'
Sat Jul 11 23:43:36 2015 us=144656 MANAGEMENT: CMD 'log all on'
Sat Jul 11 23:43:36 2015 us=201659 MANAGEMENT: CMD 'hold off'
Sat Jul 11 23:43:36 2015 us=202659 MANAGEMENT: CMD 'hold release'
Sat Jul 11 23:43:36 2015 us=335667 LZO compression initialized
Sat Jul 11 23:43:36 2015 us=335667 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jul 11 23:43:36 2015 us=335667 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jul 11 23:43:36 2015 us=335667 MANAGEMENT: >STATE:1436694216,RESOLVE,,,
Sat Jul 11 23:43:36 2015 us=340667 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 11 23:43:36 2015 us=341667 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jul 11 23:43:36 2015 us=341667 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jul 11 23:43:36 2015 us=341667 Local Options hash (VER=V4): 'bc07730e'
Sat Jul 11 23:43:36 2015 us=341667 Expected Remote Options hash (VER=V4): 'b695cb4a'
Sat Jul 11 23:43:36 2015 us=341667 Attempting to establish TCP connection with [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:36 2015 us=341667 MANAGEMENT: >STATE:1436694216,TCP_CONNECT,,,
Sat Jul 11 23:43:36 2015 us=342667 TCP connection established with [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:36 2015 us=342667 TCPv4_CLIENT link local: [undef]
Sat Jul 11 23:43:36 2015 us=342667 TCPv4_CLIENT link remote: [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:36 2015 us=342667 MANAGEMENT: >STATE:1436694216,WAIT,,,
Sat Jul 11 23:43:36 2015 us=351668 MANAGEMENT: >STATE:1436694216,AUTH,,,
Sat Jul 11 23:43:36 2015 us=351668 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=14bd6226 2c2b1670
Sat Jul 11 23:43:36 2015 us=819694 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=HI, L=Wailuku, O=arroyo.house, OU=HOME, CN=gateway, name=arroyo.house, emailAddress=henryarroyo@gmail.com
Sat Jul 11 23:43:36 2015 us=819694 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jul 11 23:43:36 2015 us=820694 TLS Error: TLS object -> incoming plaintext read error
Sat Jul 11 23:43:36 2015 us=820694 TLS Error: TLS handshake failed
Sat Jul 11 23:43:36 2015 us=820694 Fatal TLS error (check_tls_errors_co), restarting
Sat Jul 11 23:43:36 2015 us=820694 TCP/UDP: Closing socket
Sat Jul 11 23:43:36 2015 us=820694 SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 11 23:43:36 2015 us=820694 MANAGEMENT: >STATE:1436694216,RECONNECTING,tls-error,,
Sat Jul 11 23:43:36 2015 us=820694 Restart pause, 5 second(s)
Sat Jul 11 23:43:41 2015 us=820980 Re-using SSL/TLS context
Sat Jul 11 23:43:41 2015 us=820980 LZO compression initialized
Sat Jul 11 23:43:41 2015 us=820980 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jul 11 23:43:41 2015 us=820980 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jul 11 23:43:41 2015 us=820980 MANAGEMENT: >STATE:1436694221,RESOLVE,,,
Sat Jul 11 23:43:41 2015 us=825981 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 11 23:43:41 2015 us=825981 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jul 11 23:43:41 2015 us=825981 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jul 11 23:43:41 2015 us=825981 Local Options hash (VER=V4): 'bc07730e'
Sat Jul 11 23:43:41 2015 us=825981 Expected Remote Options hash (VER=V4): 'b695cb4a'
Sat Jul 11 23:43:41 2015 us=825981 Attempting to establish TCP connection with [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:41 2015 us=825981 MANAGEMENT: >STATE:1436694221,TCP_CONNECT,,,
Sat Jul 11 23:43:41 2015 us=827981 TCP connection established with [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:41 2015 us=827981 TCPv4_CLIENT link local: [undef]
Sat Jul 11 23:43:41 2015 us=827981 TCPv4_CLIENT link remote: [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:41 2015 us=827981 MANAGEMENT: >STATE:1436694221,WAIT,,,
Sat Jul 11 23:43:41 2015 us=853982 MANAGEMENT: >STATE:1436694221,AUTH,,,
Sat Jul 11 23:43:41 2015 us=854982 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=e2c6ac51 ac284575
Sat Jul 11 23:43:42 2015 us=352011 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=HI, L=Wailuku, O=arroyo.house, OU=HOME, CN=gateway, name=arroyo.house, emailAddress=henryarroyo@gmail.com
Sat Jul 11 23:43:42 2015 us=352011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jul 11 23:43:42 2015 us=353011 TLS Error: TLS object -> incoming plaintext read error
Sat Jul 11 23:43:42 2015 us=353011 TLS Error: TLS handshake failed
Sat Jul 11 23:43:42 2015 us=353011 Fatal TLS error (check_tls_errors_co), restarting
Sat Jul 11 23:43:42 2015 us=353011 TCP/UDP: Closing socket
Sat Jul 11 23:43:42 2015 us=353011 SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 11 23:43:42 2015 us=353011 MANAGEMENT: >STATE:1436694222,RECONNECTING,tls-error,,
Sat Jul 11 23:43:42 2015 us=353011 Restart pause, 5 second(s)
Sat Jul 11 23:43:47 2015 us=353297 Re-using SSL/TLS context
Sat Jul 11 23:43:47 2015 us=353297 LZO compression initialized
Sat Jul 11 23:43:47 2015 us=353297 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Jul 11 23:43:47 2015 us=353297 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jul 11 23:43:47 2015 us=353297 MANAGEMENT: >STATE:1436694227,RESOLVE,,,
Sat Jul 11 23:43:47 2015 us=364297 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Jul 11 23:43:47 2015 us=364297 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sat Jul 11 23:43:47 2015 us=364297 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sat Jul 11 23:43:47 2015 us=364297 Local Options hash (VER=V4): 'bc07730e'
Sat Jul 11 23:43:47 2015 us=364297 Expected Remote Options hash (VER=V4): 'b695cb4a'
Sat Jul 11 23:43:47 2015 us=364297 Attempting to establish TCP connection with [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:47 2015 us=364297 MANAGEMENT: >STATE:1436694227,TCP_CONNECT,,,
Sat Jul 11 23:43:47 2015 us=366298 TCP connection established with [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:47 2015 us=366298 TCPv4_CLIENT link local: [undef]
Sat Jul 11 23:43:47 2015 us=366298 TCPv4_CLIENT link remote: [AF_INET]192.168.1.1:1194
Sat Jul 11 23:43:47 2015 us=366298 MANAGEMENT: >STATE:1436694227,WAIT,,,
Sat Jul 11 23:43:47 2015 us=375298 MANAGEMENT: >STATE:1436694227,AUTH,,,
Sat Jul 11 23:43:47 2015 us=375298 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=90e14f09 2fb4b315
Sat Jul 11 23:43:47 2015 us=721318 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=HI, L=Wailuku, O=arroyo.house, OU=HOME, CN=gateway, name=arroyo.house, emailAddress=henryarroyo@gmail.com
Sat Jul 11 23:43:47 2015 us=721318 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Jul 11 23:43:47 2015 us=721318 TLS Error: TLS object -> incoming plaintext read error
Sat Jul 11 23:43:47 2015 us=721318 TLS Error: TLS handshake failed
Sat Jul 11 23:43:47 2015 us=721318 Fatal TLS error (check_tls_errors_co), restarting
Sat Jul 11 23:43:47 2015 us=721318 TCP/UDP: Closing socket
Sat Jul 11 23:43:47 2015 us=722318 SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 11 23:43:47 2015 us=722318 MANAGEMENT: >STATE:1436694227,RECONNECTING,tls-error,,
Sat Jul 11 23:43:47 2015 us=722318 Restart pause, 5 second(s)
Sat Jul 11 23:43:48 2015 us=722375 SIGTERM[hard,init_instance] received, process exiting
Sat Jul 11 23:43:48 2015 us=722375 MANAGEMENT: >STATE:1436694228,EXITING,init_instance,,
I'm stumped on this one. I have tried to wipe all of the previous certs, making sure to run init-config and clean-all before editing vars.bat, as well as removing the old cert files from the config directory and starting the process all over again.

Any ideas?

User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: TLS handshake fails after setting up keys

Post by maikcat » Sun Jul 12, 2015 3:36 pm

post configs and server side logs

Michael.

Post Reply