Page 1 of 1
[SOLVED] [Newbie]How can i fix this
Posted: Wed Jun 08, 2011 3:50 am
by ovpn2ac
hey all
totally new to this thing
im getting stuck at generating the CA private key and certificate
Uploaded with
ImageShack.us
Re: [Newbie]How can i fix this
Posted: Wed Jun 08, 2011 7:01 am
by maikcat
hi there,
please write us the commands you used so we can help you out.
for the record
first edit vars file
source it
then execute
build-ca
build-key-server server
build-dh
build-key user01
this is the correct order
Michael.
Re: [Newbie]How can i fix this
Posted: Wed Jun 08, 2011 7:38 am
by janjust
The error you're seeing is that you've not supplied the right passphrase (password) for the CA ca.key file.
Either start over and remember the password this time or type in the right password

Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 1:39 am
by ovpn2ac
thnx!
so ca and certs are done.
i encountered this
im running the server on Vmware ubuntu
and running the OpenVPN GUI on WinXP Pro SP3
both are on the same machine
Fri Jun 10 09:29:23 2011 OpenVPN 2.2.0 Win32-MSVC++ [SSL] [LZO2] built on Apr 26 2011
Fri Jun 10 09:29:23 2011 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Fri Jun 10 09:29:23 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jun 10 09:29:23 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Jun 10 09:29:23 2011 UDPv4 link local: [undef]
Fri Jun 10 09:29:23 2011 UDPv4 link remote: 192.168.249.128:1194
Fri Jun 10 09:29:23 2011 TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194
Fri Jun 10 09:29:25 2011 TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194
Fri Jun 10 09:29:27 2011 TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194
server config
proto udp
port 1194
dev tun
server 192.168.249.128 255.255.255.0
ca /etc/openvpn/fyp/ca.crt
cert /etc/openvpn/fyp/server.crt
key /etc/openvpn/fyp/server.key
dh /etc/openvpn/fyp/dh2048.pem
tls-auth /etc/openvpn/fyp/ta.key 0
client config
client
proto udp
remote 192.168.249.128
port 1194
dev tun
nobind
ca ca.crt
cert openvpnclient1.crt
key openvpnclient1.key
tls-auth ta.key 1
Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 8:21 am
by janjust
you're re-using the vmnet subnet for your VPN subnet; that's asking for trouble. try using
to see if that helps.
Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 8:43 am
by ovpn2ac
hmm.
Fri Jun 10 16:32:56 2011 UDPv4 link local: [undef]
Fri Jun 10 16:32:56 2011 UDPv4 link remote: 10.0.8.0:1194
Fri Jun 10 16:33:56 2011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jun 10 16:33:56 2011 TLS Error: TLS handshake failed
Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 8:58 am
by janjust
you changed the wrong line
use this as server config
Code: Select all
proto udp
port 1194
dev tun
server 10.0.8.0 255.255.255.0
ca /etc/openvpn/fyp/ca.crt
cert /etc/openvpn/fyp/server.crt
key /etc/openvpn/fyp/server.key
dh /etc/openvpn/fyp/dh2048.pem
tls-auth /etc/openvpn/fyp/ta.key 0
verb 4
and this as client config:
Code: Select all
client
proto udp
remote 192.168.249.128
port 1194
dev tun
nobind
ca ca.crt
cert openvpnclient1.crt
key openvpnclient1.key
tls-auth ta.key 1
Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 9:08 am
by ovpn2ac
still getting the
TLS Error: cannot locate HMAC in incoming packet from 192.168.249.128:1194
what does verb 4 do btw
Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 9:10 am
by maikcat
hi there,
increases verbocity...
1 less
9 more..
Michael
Re: [Newbie]How can i fix this
Posted: Fri Jun 10, 2011 9:23 am
by janjust
comment out
in both server and client config to see if that helps (for troubleshooting). If it then works then the 'ta.key' files on client and server are out of sync - they
MUST be identical.
Re: [Newbie]How can i fix this
Posted: Mon Jun 13, 2011 12:49 am
by ovpn2ac
Code: Select all
Options error: Unrecognized option or missing parameter(s) in example2-2-client.ovpn:12: ta.key (2.2.0)
Use --help for more information.
doesnt work

Re: [Newbie]How can i fix this
Posted: Tue Jun 14, 2011 6:19 am
by janjust
sigh; I meant , comment out the entire line
tls-auth ta.key 0
Re: [Newbie]How can i fix this
Posted: Thu Jun 16, 2011 8:13 am
by ovpn2ac
it worked
thanks janjust

Re: [Newbie]How can i fix this
Posted: Thu Jun 16, 2011 12:17 pm
by janjust
Excellent, closing topic