Page 1 of 1
[SOLVED] openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Wed Mar 09, 2011 2:41 am
by samenlia
I update my OpenVPN server to 2.2RC,and I get an error:
===============================================
Options error: Unrecognized option or missing parameter(s) in OpenVPN-UDP-A1.ovpn:13: server (2.2-RC)
Use --help for more information.
===============================================
my config file :
Code: Select all
port 1194
proto udp
dev tun
dev-node OpenVPN-UDP-A
ca Common_ca.crt
cert Common_server.crt
key Common_server.key
dh Common_dh1024.pem
tun-mtu 1500
fragment 1300
mssfix
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp-OpenVPN-UDP-A.txt
push "route 10.8.2.0 255.255.255.0"
push "route 10.8.3.0 255.255.255.0"
client-config-dir OpenVPN-UDP-A
client-to-client
duplicate-cn
keepalive 10 120
script-security 3
tls-auth Common_supconit.key 0
auth-user-pass-verify Common_checkpsw.exe via-env
client-cert-not-required
username-as-common-name
comp-lzo
persist-key
persist-tun
status status-OpenVPN-UDP-A.log
verb 4
management 127.0.0.1 7505 Common_admin.dat
On the other computer ,I update the OpenVPN to 2.2RC too ,it run as client ,and it work!
If 2.2RC need some change in config file?
Re: openvpn 2.2RC can't run as server ?
Posted: Wed Mar 09, 2011 7:58 am
by janjust
nope, 2.2RC is broken ; wait for 2.2RC2 which should be available Real Soon Now
Re: openvpn 2.2RC can't run as server ?
Posted: Fri Mar 18, 2011 9:06 am
by samenlia
thank.
i wait for it
Re: openvpn 2.2RC can't run as server ?
Posted: Tue Mar 29, 2011 8:12 am
by samenlia
i upgrade my client openvpn to 2.2RC2,and it can connect to the server(2.1.4);
then i upgrade the server from 2.1.4 to 2.2RC2 ,the client connected fail,the log
just like:
======================================================
.....
Tue Mar 29 16:04:15 2011 us=722000 UDPv4 link local: [undef]
Tue Mar 29 16:04:15 2011 us=722000 UDPv4 link remote: 10.10.76.6:1194
Tue Mar 29 16:04:15 2011 us=752000 TLS: Initial packet from 10.10.76.6:1194, sid=f376b44d 73a09c3b
Tue Mar 29 16:04:15 2011 us=752000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Mar 29 16:04:15 2011 us=782000 VERIFY OK: depth=1, /C=cn/ST=zj/L=hz/O=supcon/OU=tech/CN=server/emailAddress=
mail@host.domain
Tue Mar 29 16:04:15 2011 us=782000 VERIFY OK: nsCertType=SERVER
Tue Mar 29 16:04:15 2011 us=782000 VERIFY OK: depth=0, /C=cn/ST=zj/O=supcon/OU=tech/CN=server/emailAddress=
mail@host.domain
Tue Mar 29 16:05:15 2011 us=658000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Mar 29 16:05:15 2011 us=658000 TLS Error: TLS handshake failed
Tue Mar 29 16:05:15 2011 us=658000 TCP/UDP: Closing socket
Tue Mar 29 16:05:15 2011 us=658000 SIGUSR1[soft,tls-error] received, process restarting
Tue Mar 29 16:05:15 2011 us=658000 Restart pause, 2 second(s)
=======================================================
how to solve this problem ?
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Tue Mar 29, 2011 8:33 am
by janjust
is this the server log or the client log?
the error you're getting suggests either a firewalling issue, or the openvpn server process might not be running at all.
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Tue Mar 29, 2011 9:02 am
by samenlia
it is client log;
on the server(windows 2008) , i use command: netstat -an
and can see the port 1194 and the openvpn server's address 10.8.0.1:
==================
TCP [::]:49158 [::]:0
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1194 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 10.8.0.1:137 *:*
UDP 10.8.0.1:138 *:*
==================
the server and the client are in the same LAN; on the other hand, 2.1.4 as server run well;
i just check my server(windows 2008), confirm that the system firewall is turn off.
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Tue Mar 29, 2011 9:11 am
by samenlia
i copy the server config files to another XP computer, and run as server(use 2.2RC2).
test again, and the problem same as before.
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Tue Mar 29, 2011 10:06 am
by janjust
please post the server log when openvpn 2.2rc2 launches ; add 'verb 5' to show more verbose output
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Wed Mar 30, 2011 1:17 am
by samenlia
Code: Select all
Wed Mar 30 09:09:48 2011 us=631000 Current Parameter Settings:
Wed Mar 30 09:09:48 2011 us=631000 config = 'OpenVPN-UDP-A.ovpn'
Wed Mar 30 09:09:48 2011 us=631000 mode = 1
Wed Mar 30 09:09:48 2011 us=631000 show_ciphers = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 show_digests = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 show_engines = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 genkey = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 key_pass_file = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 show_tls_ciphers = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 Connection profiles [default]:
Wed Mar 30 09:09:48 2011 us=631000 proto = udp
Wed Mar 30 09:09:48 2011 us=631000 local = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 local_port = 1194
Wed Mar 30 09:09:48 2011 us=631000 remote = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 remote_port = 1194
Wed Mar 30 09:09:48 2011 us=631000 remote_float = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 bind_defined = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 bind_local = ENABLED
Wed Mar 30 09:09:48 2011 us=631000 connect_retry_seconds = 5
Wed Mar 30 09:09:48 2011 us=631000 connect_timeout = 10
Wed Mar 30 09:09:48 2011 us=631000 connect_retry_max = 0
Wed Mar 30 09:09:48 2011 us=631000 socks_proxy_server = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 socks_proxy_port = 0
Wed Mar 30 09:09:48 2011 us=631000 socks_proxy_retry = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 Connection profiles END
Wed Mar 30 09:09:48 2011 us=631000 remote_random = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 ipchange = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 dev = 'tun'
Wed Mar 30 09:09:48 2011 us=631000 dev_type = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 dev_node = 'OpenVPN-UDP-A'
Wed Mar 30 09:09:48 2011 us=631000 lladdr = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 topology = 3
Wed Mar 30 09:09:48 2011 us=631000 tun_ipv6 = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 ifconfig_local = '10.8.0.1'
Wed Mar 30 09:09:48 2011 us=631000 ifconfig_remote_netmask = '255.255.255.0'
Wed Mar 30 09:09:48 2011 us=631000 ifconfig_noexec = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 ifconfig_nowarn = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 shaper = 0
Wed Mar 30 09:09:48 2011 us=631000 tun_mtu = 1500
Wed Mar 30 09:09:48 2011 us=631000 tun_mtu_defined = ENABLED
Wed Mar 30 09:09:48 2011 us=631000 link_mtu = 1500
Wed Mar 30 09:09:48 2011 us=631000 link_mtu_defined = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 tun_mtu_extra = 0
Wed Mar 30 09:09:48 2011 us=631000 tun_mtu_extra_defined = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 fragment = 1300
Wed Mar 30 09:09:48 2011 us=631000 mtu_discover_type = -1
Wed Mar 30 09:09:48 2011 us=631000 mtu_test = 0
Wed Mar 30 09:09:48 2011 us=631000 mlock = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 keepalive_ping = 10
Wed Mar 30 09:09:48 2011 us=631000 keepalive_timeout = 120
Wed Mar 30 09:09:48 2011 us=631000 inactivity_timeout = 0
Wed Mar 30 09:09:48 2011 us=631000 ping_send_timeout = 10
Wed Mar 30 09:09:48 2011 us=631000 ping_rec_timeout = 240
Wed Mar 30 09:09:48 2011 us=631000 ping_rec_timeout_action = 2
Wed Mar 30 09:09:48 2011 us=631000 ping_timer_remote = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 remap_sigusr1 = 0
Wed Mar 30 09:09:48 2011 us=631000 explicit_exit_notification = 0
Wed Mar 30 09:09:48 2011 us=631000 persist_tun = ENABLED
Wed Mar 30 09:09:48 2011 us=631000 persist_local_ip = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 persist_remote_ip = DISABLED
Wed Mar 30 09:09:48 2011 us=631000 persist_key = ENABLED
Wed Mar 30 09:09:48 2011 us=631000 mssfix = 1300
Wed Mar 30 09:09:48 2011 us=631000 resolve_retry_seconds = 1000000000
Wed Mar 30 09:09:48 2011 us=631000 username = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 groupname = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 chroot_dir = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 cd_dir = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=631000 writepid = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=849000 up_script = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=849000 down_script = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=849000 down_pre = DISABLED
Wed Mar 30 09:09:48 2011 us=849000 up_restart = DISABLED
Wed Mar 30 09:09:48 2011 us=849000 up_delay = DISABLED
Wed Mar 30 09:09:48 2011 us=849000 daemon = DISABLED
Wed Mar 30 09:09:48 2011 us=849000 inetd = 0
Wed Mar 30 09:09:48 2011 us=849000 log = DISABLED
Wed Mar 30 09:09:48 2011 us=849000 suppress_timestamps = DISABLED
Wed Mar 30 09:09:48 2011 us=849000 nice = 0
Wed Mar 30 09:09:48 2011 us=849000 verbosity = 5
Wed Mar 30 09:09:48 2011 us=849000 mute = 0
Wed Mar 30 09:09:48 2011 us=849000 gremlin = 0
Wed Mar 30 09:09:48 2011 us=849000 status_file = 'status-OpenVPN-UDP-A.log'
Wed Mar 30 09:09:48 2011 us=849000 status_file_version = 1
Wed Mar 30 09:09:48 2011 us=849000 status_file_update_freq = 60
Wed Mar 30 09:09:48 2011 us=849000 occ = ENABLED
Wed Mar 30 09:09:48 2011 us=849000 rcvbuf = 0
Wed Mar 30 09:09:48 2011 us=865000 sndbuf = 0
Wed Mar 30 09:09:48 2011 us=865000 sockflags = 0
Wed Mar 30 09:09:48 2011 us=865000 fast_io = DISABLED
Wed Mar 30 09:09:48 2011 us=865000 lzo = 7
Wed Mar 30 09:09:48 2011 us=865000 route_script = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=865000 route_default_gateway = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=865000 route_default_metric = 0
Wed Mar 30 09:09:48 2011 us=865000 route_noexec = DISABLED
Wed Mar 30 09:09:48 2011 us=865000 route_delay = 0
Wed Mar 30 09:09:48 2011 us=865000 route_delay_window = 30
Wed Mar 30 09:09:48 2011 us=865000 route_delay_defined = DISABLED
Wed Mar 30 09:09:48 2011 us=865000 route_nopull = DISABLED
Wed Mar 30 09:09:48 2011 us=865000 route_gateway_via_dhcp = DISABLED
Wed Mar 30 09:09:48 2011 us=865000 max_routes = 100
Wed Mar 30 09:09:48 2011 us=865000 allow_pull_fqdn = DISABLED
Wed Mar 30 09:09:48 2011 us=865000 management_addr = '127.0.0.1'
Wed Mar 30 09:09:48 2011 us=865000 management_port = 7505
Wed Mar 30 09:09:48 2011 us=896000 management_user_pass = 'Common_admin.dat'
Wed Mar 30 09:09:48 2011 us=896000 management_log_history_cache = 250
Wed Mar 30 09:09:48 2011 us=896000 management_echo_buffer_size = 100
Wed Mar 30 09:09:48 2011 us=896000 management_write_peer_info_file = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=896000 management_client_user = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=896000 management_client_group = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=896000 management_flags = 0
Wed Mar 30 09:09:48 2011 us=896000 shared_secret_file = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=896000 key_direction = 1
Wed Mar 30 09:09:48 2011 us=896000 ciphername_defined = ENABLED
Wed Mar 30 09:09:48 2011 us=896000 ciphername = 'BF-CBC'
Wed Mar 30 09:09:48 2011 us=896000 authname_defined = ENABLED
Wed Mar 30 09:09:48 2011 us=896000 authname = 'SHA1'
Wed Mar 30 09:09:48 2011 us=896000 prng_hash = 'SHA1'
Wed Mar 30 09:09:48 2011 us=943000 prng_nonce_secret_len = 16
Wed Mar 30 09:09:48 2011 us=943000 keysize = 0
Wed Mar 30 09:09:48 2011 us=943000 engine = DISABLED
Wed Mar 30 09:09:48 2011 us=943000 replay = ENABLED
Wed Mar 30 09:09:48 2011 us=943000 mute_replay_warnings = DISABLED
Wed Mar 30 09:09:48 2011 us=943000 replay_window = 64
Wed Mar 30 09:09:48 2011 us=943000 replay_time = 15
Wed Mar 30 09:09:48 2011 us=943000 packet_id_file = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=943000 use_iv = ENABLED
Wed Mar 30 09:09:48 2011 us=943000 test_crypto = DISABLED
Wed Mar 30 09:09:48 2011 us=943000 tls_server = ENABLED
Wed Mar 30 09:09:48 2011 us=943000 tls_client = DISABLED
Wed Mar 30 09:09:48 2011 us=943000 key_method = 2
Wed Mar 30 09:09:48 2011 us=943000 ca_file = 'Common_ca.crt'
Wed Mar 30 09:09:48 2011 us=943000 ca_path = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=943000 dh_file = 'Common_dh1024.pem'
Wed Mar 30 09:09:48 2011 us=958000 cert_file = 'Common_server.crt'
Wed Mar 30 09:09:48 2011 us=958000 priv_key_file = 'Common_server.key'
Wed Mar 30 09:09:48 2011 us=958000 pkcs12_file = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 cryptoapi_cert = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 cipher_list = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 tls_verify = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 tls_export_cert = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 tls_remote = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 crl_file = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=958000 ns_cert_type = 0
Wed Mar 30 09:09:48 2011 us=958000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=958000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=958000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=958000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=958000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=958000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_ku[i] = 0
Wed Mar 30 09:09:48 2011 us=974000 remote_cert_eku = '[UNDEF]'
Wed Mar 30 09:09:48 2011 us=974000 tls_timeout = 2
Wed Mar 30 09:09:48 2011 us=974000 renegotiate_bytes = 0
Wed Mar 30 09:09:48 2011 us=974000 renegotiate_packets = 0
Wed Mar 30 09:09:48 2011 us=974000 renegotiate_seconds = 3600
Wed Mar 30 09:09:48 2011 us=974000 handshake_window = 60
Wed Mar 30 09:09:48 2011 us=974000 transition_window = 3600
Wed Mar 30 09:09:49 2011 us=5000 single_session = DISABLED
Wed Mar 30 09:09:49 2011 us=5000 push_peer_info = DISABLED
Wed Mar 30 09:09:49 2011 us=5000 tls_exit = DISABLED
Wed Mar 30 09:09:49 2011 us=5000 tls_auth_file = 'Common_supconit.key'
Wed Mar 30 09:09:49 2011 us=5000 server_network = 10.8.0.0
Wed Mar 30 09:09:49 2011 us=5000 server_netmask = 255.255.255.0
Wed Mar 30 09:09:49 2011 us=5000 server_bridge_ip = 0.0.0.0
Wed Mar 30 09:09:49 2011 us=5000 server_bridge_netmask = 0.0.0.0
Wed Mar 30 09:09:49 2011 us=5000 server_bridge_pool_start = 0.0.0.0
Wed Mar 30 09:09:49 2011 us=5000 server_bridge_pool_end = 0.0.0.0
Wed Mar 30 09:09:49 2011 us=5000 push_entry = 'route 10.8.2.0 255.255.255.0'
Wed Mar 30 09:09:49 2011 us=5000 push_entry = 'route 10.8.3.0 255.255.255.0'
Wed Mar 30 09:09:49 2011 us=5000 push_entry = 'route-gateway 10.8.0.1'
Wed Mar 30 09:09:49 2011 us=5000 push_entry = 'topology subnet'
Wed Mar 30 09:09:49 2011 us=21000 push_entry = 'ping 10'
Wed Mar 30 09:09:49 2011 us=21000 push_entry = 'ping-restart 120'
Wed Mar 30 09:09:49 2011 us=21000 ifconfig_pool_defined = ENABLED
Wed Mar 30 09:09:49 2011 us=21000 ifconfig_pool_start = 10.8.0.2
Wed Mar 30 09:09:49 2011 us=21000 ifconfig_pool_end = 10.8.0.253
Wed Mar 30 09:09:49 2011 us=21000 ifconfig_pool_netmask = 255.255.255.0
Wed Mar 30 09:09:49 2011 us=21000 ifconfig_pool_persist_filename = 'ipp-OpenVPN-UDP-A.txt'
Wed Mar 30 09:09:49 2011 us=21000 ifconfig_pool_persist_refresh_freq = 600
Wed Mar 30 09:09:49 2011 us=21000 n_bcast_buf = 256
Wed Mar 30 09:09:49 2011 us=21000 tcp_queue_limit = 64
Wed Mar 30 09:09:49 2011 us=21000 real_hash_size = 256
Wed Mar 30 09:09:49 2011 us=21000 virtual_hash_size = 256
Wed Mar 30 09:09:49 2011 us=21000 client_connect_script = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=21000 learn_address_script = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=21000 client_disconnect_script = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=36000 client_config_dir = 'OpenVPN-UDP-A'
Wed Mar 30 09:09:49 2011 us=36000 ccd_exclusive = DISABLED
Wed Mar 30 09:09:49 2011 us=36000 tmp_dir = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=36000 push_ifconfig_defined = DISABLED
Wed Mar 30 09:09:49 2011 us=36000 push_ifconfig_local = 0.0.0.0
Wed Mar 30 09:09:49 2011 us=36000 push_ifconfig_remote_netmask = 0.0.0.0
Wed Mar 30 09:09:49 2011 us=36000 enable_c2c = ENABLED
Wed Mar 30 09:09:49 2011 us=36000 duplicate_cn = ENABLED
Wed Mar 30 09:09:49 2011 us=36000 cf_max = 0
Wed Mar 30 09:09:49 2011 us=36000 cf_per = 0
Wed Mar 30 09:09:49 2011 us=36000 max_clients = 1024
Wed Mar 30 09:09:49 2011 us=36000 max_routes_per_client = 256
Wed Mar 30 09:09:49 2011 us=36000 auth_user_pass_verify_script = 'Common_checkpsw.exe'
Wed Mar 30 09:09:49 2011 us=36000 auth_user_pass_verify_script_via_file = DISABLED
Wed Mar 30 09:09:49 2011 us=36000 ssl_flags = 3
Wed Mar 30 09:09:49 2011 us=36000 client = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 pull = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 auth_user_pass_file = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=52000 show_net_up = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 route_method = 0
Wed Mar 30 09:09:49 2011 us=52000 ip_win32_defined = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 ip_win32_type = 3
Wed Mar 30 09:09:49 2011 us=52000 dhcp_masq_offset = 0
Wed Mar 30 09:09:49 2011 us=52000 dhcp_lease_time = 31536000
Wed Mar 30 09:09:49 2011 us=52000 tap_sleep = 10
Wed Mar 30 09:09:49 2011 us=52000 dhcp_options = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 dhcp_renew = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 dhcp_pre_release = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 dhcp_release = DISABLED
Wed Mar 30 09:09:49 2011 us=52000 domain = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=52000 netbios_scope = '[UNDEF]'
Wed Mar 30 09:09:49 2011 us=52000 netbios_node_type = 0
Wed Mar 30 09:09:49 2011 us=52000 disable_nbt = DISABLED
Wed Mar 30 09:09:49 2011 us=67000 OpenVPN 2.2-RC2 Win32-MSVC++ [SSL] [LZO2] built on Mar 25 2011
Wed Mar 30 09:09:49 2011 us=83000 MANAGEMENT: TCP Socket listening on 127.0.0.1:7505
Wed Mar 30 09:09:49 2011 us=83000 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Wed Mar 30 09:09:49 2011 us=83000 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Wed Mar 30 09:09:49 2011 us=99000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Mar 30 09:09:49 2011 us=457000 Diffie-Hellman initialized with 1024 bit key
Wed Mar 30 09:09:49 2011 us=457000 WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificate
Wed Mar 30 09:09:49 2011 us=457000 Control Channel Authentication: using 'Common_supconit.key' as a OpenVPN static key file
Wed Mar 30 09:09:49 2011 us=457000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 30 09:09:49 2011 us=457000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 30 09:09:49 2011 us=457000 TLS-Auth MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 30 09:09:49 2011 us=457000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Mar 30 09:09:49 2011 us=457000 TAP-WIN32 device [OpenVPN-UDP-A] opened: \\.\Global\{AEB11F0D-95A3-4D9A-A1D0-1F54A3F4679C}.tap
Wed Mar 30 09:09:49 2011 us=457000 TAP-Win32 Driver Version 9.8
Wed Mar 30 09:09:49 2011 us=457000 TAP-Win32 MTU=1500
Wed Mar 30 09:09:49 2011 us=473000 Set TAP-Win32 TUN subnet mode network/local/netmask = 10.8.0.0/10.8.0.1/255.255.255.0 [SUCCEEDED]
Wed Mar 30 09:09:49 2011 us=473000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.0 on interface {AEB11F0D-95A3-4D9A-A1D0-1F54A3F4679C} [DHCP-serv: 10.8.0.254, lease-time: 31536000]
Wed Mar 30 09:09:49 2011 us=473000 Sleeping for 10 seconds...
Wed Mar 30 09:09:59 2011 us=473000 Successful ARP Flush on interface [22] {AEB11F0D-95A3-4D9A-A1D0-1F54A3F4679C}
Wed Mar 30 09:09:59 2011 us=473000 Data Channel MTU parms [ L:1542 D:1300 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 30 09:09:59 2011 us=473000 UDPv4 link local (bound): [undef]:1194
Wed Mar 30 09:09:59 2011 us=473000 UDPv4 link remote: [undef]
Wed Mar 30 09:09:59 2011 us=473000 MULTI: multi_init called, r=256 v=256
Wed Mar 30 09:09:59 2011 us=473000 IFCONFIG POOL: base=10.8.0.2 size=252
Wed Mar 30 09:09:59 2011 us=473000 IFCONFIG POOL LIST
Wed Mar 30 09:09:59 2011 us=473000 Initialization Sequence Completed
Wed Mar 30 09:11:33 2011 us=884000 MULTI: multi_create_instance called
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Re-using SSL/TLS context
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 LZO compression initialized
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Control Channel MTU parms [ L:1546 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Data Channel MTU parms [ L:1546 D:1300 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Fragmentation MTU parms [ L:1546 D:1300 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Local Options String: 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Local Options hash (VER=V4): 'e34c1722'
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 Expected Remote Options hash (VER=V4): '551868c6'
Wed Mar 30 09:11:33 2011 us=884000 10.10.77.153:1040 TLS: Initial packet from 10.10.77.153:1040, sid=448e2e6e c07c68b7
Wed Mar 30 09:11:33 2011 us=962000 10.10.77.153:1040 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Wed Mar 30 09:11:33 2011 us=962000 10.10.77.153:1040 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 30 09:11:33 2011 us=962000 10.10.77.153:1040 TLS Error: TLS handshake failed
Wed Mar 30 09:11:33 2011 us=962000 10.10.77.153:1040 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Mar 30 09:12:35 2011 us=520000 MULTI: multi_create_instance called
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Re-using SSL/TLS context
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 LZO compression initialized
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Control Channel MTU parms [ L:1546 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Data Channel MTU parms [ L:1546 D:1300 EF:46 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Fragmentation MTU parms [ L:1546 D:1300 EF:45 EB:135 ET:1 EL:0 AF:3/1 ]
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Local Options String: 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1546,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Local Options hash (VER=V4): 'e34c1722'
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 Expected Remote Options hash (VER=V4): '551868c6'
Wed Mar 30 09:12:35 2011 us=520000 10.10.77.153:1086 TLS: Initial packet from 10.10.77.153:1086, sid=36c286d3 49642f6b
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 TLS Error: TLS handshake failed
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 SIGUSR1[soft,tls-error] received, client-instance restarting
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Wed Mar 30, 2011 6:20 am
by janjust
hmmmm you're using 'client-cert-not-required' yet the server refuses to accept a connection from a client (which does not present one):
Code: Select all
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 TLS Error: TLS object -> incoming plaintext read error
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 TLS Error: TLS handshake failed
Wed Mar 30 09:12:35 2011 us=614000 10.10.77.153:1086 SIGUSR1[soft,tls-error] received, client-instance restarting
this is probably a bug but I cannot confirm it right now - to be continued.
[edit]
Confirmed as a bug , also with a linux-based server. Trac ticket
https://community.openvpn.net/openvpn/ticket/108
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Wed Mar 30, 2011 4:15 pm
by dazo
First of all, thank you for testing the 2.2-RC2 release!
A fix has been proposed for this bug in the Trac ticket, awaiting review on openvpn-devel mailing list. This will be fixed in the final OpenVPN 2.2 release.
http://thread.gmane.org/gmane.network.o ... devel/4555
https://community.openvpn.net/openvpn/ticket/108
Re: openvpn 2.2RC(now is 2.2RC2) can't run as server ?
Posted: Fri Apr 29, 2011 9:02 am
by samenlia
today i update to 2.2.0 ,and it work.