OpenVPN Support Forum

Posted: **Thu Jul 16, 2015 4:45 pm**

Hello everyone:

A couple months ago I configured an openvpn network with a raspberry pi as a server. Everything works fine, but now I want to create new certificates for new clients and I am having problems. When I create the certificates I do

Code: Select all

source ./vars

and then

Code: Select all

./build-key clientname

and everything goes well, but when I try to connect with that certificates the console gets stuck in this point

Code: Select all

Thu Jul 16 18:21:30 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Thu Jul 16 18:21:30 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jul 16 18:21:30 2015 WARNING: file '/home/gabriel/Openvpn/arduino.key' is group or others accessible
Thu Jul 16 18:21:30 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Jul 16 18:21:30 2015 UDPv4 link local: [undef]
Thu Jul 16 18:21:30 2015 UDPv4 link remote: [AF_INET]
Thu Jul 16 18:21:30 2015 TLS: Initial packet from [AF_INET], sid=95f712e7 b6852bbb
Thu Jul 16 18:21:31 2015 VERIFY OK: depth=1, C=SP, ST=MU, L=Murcia, O=Murcia, OU=gcp900, CN=Murcia CA, name=EasyRSA, emailAddress=
Thu Jul 16 18:21:31 2015 VERIFY OK: depth=0, C=SP, ST=MU, L=Murcia, O=Murcia, OU=gcp900, CN=server, name=EasyRSA, emailAddress=

I have removed information from these lines because it is a personal information, but the rest of the code is the same. After these lines of code if I wait I get this

Code: Select all

Thu Jul 16 18:22:30 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jul 16 18:22:30 2015 TLS Error: TLS handshake failed
Thu Jul 16 18:22:30 2015 SIGUSR1[soft,tls-error] received, process restarting
Thu Jul 16 18:22:30 2015 Restart pause, 2 second(s)
Thu Jul 16 18:22:32 2015 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Jul 16 18:22:32 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Jul 16 18:22:32 2015 UDPv4 link local: [undef]
Thu Jul 16 18:22:32 2015 UDPv4 link remote: [AF_INET]
Thu Jul 16 18:22:32 2015 TLS: Initial packet from [AF_INET], sid=245079ca e17b808d

And as you can see it gets restart in an endless loop. It is not a network connectivity problem because with the same computer and different certificates (the certificates I did the first time I configured the server) it connects without problems.

Where can it be the issue???

I am using linux the whole time for this.

Thanks!

Posted: **Thu Jul 16, 2015 4:54 pm**

Another thing. I touched this file

whichopensslcnf

before doing the certificates but then I left it as it was before. Anyway I am going to post the code to be sure there is nothing wrong inside.

Code: Select all

#!/bin/sh

cnf="$1/openssl.cnf"

if [ "$OPENSSL" ]; then
    if $OPENSSL version | grep -E "0\.9\.6[[:alnum:]]" > /dev/null; then
        cnf="$1/openssl-0.9.6.cnf"
    elif $OPENSSL version | grep -E "0\.9\.8[[:alnum:]]" > /dev/null; then
        cnf="$1/openssl-0.9.8.cnf"
    elif $OPENSSL version | grep -E "1\.0\.[[:digit:]][[:alnum:]]" > /dev/null; then
        cnf="$1/openssl-1.0.0.cnf"
    else
        cnf="$1/openssl.cnf"
    fi
fi

echo $cnf

if [ ! -r $cnf ]; then
    echo "**************************************************************" >&2
    echo "  No $cnf file could be found" >&2
    echo "  Further invocations will fail" >&2
    echo "**************************************************************" >&2
fi

exit 0

Thanks again

OpenVPN Support Forum

Unable to create new functional certificates for clients

Unable to create new functional certificates for clients

Re: Unable to create new functional certificates for clients