OpenVPN 2.2 Branch and OpenSC with pkcs#11

[Patator]

Hello,

Since some time I have no success in running OpenVPN and OpenSC on windows to connect to my server.
The last working association of OpenVPN and OpenSC is an old build from OpenSC website that can be found here: http://www.opensc-project.org/files/build/ (the 009 builds) allmost one year old!!!

I tried desparately to get OpenVPN 2.2 to work with OpenSC but nothing does.

Can someone please tell me at least where I can find up to date information on running latest OpenVPN and OpenSC?!

Also I noticed that since OpenVPN beta 5 PKCS#11 support is not build in?! Has in been dropped?!

EDIT: I'm running on windows xp. Server is linux.

[janjust]

pkcs11 support in openvpn 2.2 on windows is indeed missing; I've filed a bug for it; as you're using windows XP as the client I'd recommend to downgrade to openvpn 2.1.4 for now.

[Patator]

I wonder how this can be missing!?

However even with Oepnvpn 2.1.4 I cannot get a working version of OpenSC that is compabitle. with latest 12.1 build I don't get the nasty Libeay32 entry point error, but then after entering PIN, it returns a CRK_something error. That seems (not sure though) to be linked to missing support in OpenSC for a couple of functions.

Did OpenVPN change something in its use of OpenSSL which definitively breaks OpenSC compatibility?!
this indeed looks pretty similar to this issue with C_SignRecover and C_SignRecover Init as stated here in 2005!:

http://osdir.com/ml/network.openvpn.dev ... 00037.html

I must say it is kind of frustrating that it is so difficult to have both work seemlesly together! Many people will give up...

[janjust]

it is quite hard to get opensc working in the first place, or more specifically, to get it working right with your hardware device; make sure that all opensc functions are available, using both 'pkcs11-tool', 'opensc-explorer' and 'openssl -engine engine_pkcs11' .

I've used openvpn 2.1 with opensc 0.11.13 without any issues, using both an Aladdin eToken and a Feitian ePass.
I must add that I have not played with the 0.12 branches that much.

[Patator]

Well when it comes to the hardware I have no issues at all (lucky to get hold on some gemalto cards ).

The question remains: is there a good turorial on how to get OpsnSC and OpenVPN in their last versions work together?! It seems both projects are not taking care of each other allthough they should as each will gain alot from enhanced compatibility...

BTW if you know of a good tutorial on how to setup OpenVPN and OpenSC (let say they are working) for use with JavaCards, and which are thes Javacards nkow to be working?!