LinuxQuestions.org - Openvpn problem with client-config-dir

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Openvpn problem with client-config-dir (https://www.linuxquestions.org/questions/linux-networking-3/openvpn-problem-with-client-config-dir-733112/)

Openvpn problem with client-config-dir

Hi, I have serious problem with client-config-dir in OpenVPN
Here is my server.conf file

Quote:

# server
mode server
tls-server
port 1194
proto tcp-server
dev tap0
ifconfig 85.25.228.36 255.255.255.0
push "route 85.25.228.0 255.255.255.0"
ifconfig-pool 85.25.228.37 85.25.228.62 255.255.255.0
client-config-dir /etc/openvpn/keys
client-to-client
ifconfig-pool-persist ipp.txt
persist-key
persist-tun
ccd-exclusive
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
syslog
log /var/log/openvpn.log
status /var/run/vpn.status 10
user openvpn
group openvpn
verb 11
comp-lzo
keepalive 10 30

Quote:

loft1635:/etc/openvpn# cat /etc/openvpn/keys/client1
ifconfig-push 85.25.228.39 255.255.255.0

When I try connect from client, it fails and this is from log

Quote:

loft1635:/etc/openvpn# cat /var/log/openvpn.log |grep keys
Mon Jun 15 17:42:17 2009 us=544204 keysize = 0
Mon Jun 15 17:42:17 2009 us=544931 client_config_dir = '/etc/openvpn/keys'
Mon Jun 15 17:42:21 2009 us=583094 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Jun 15 17:42:21 2009 us=583111 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jun 15 17:42:23 2009 us=611159 89.102.236.226:32804 TEST FILE '/etc/openvpn/keys/client1' [0]
Mon Jun 15 17:42:23 2009 us=611169 89.102.236.226:32804 TLS Auth Error: --client-config-dir authentication failed for common name 'client1' file='/etc/openvpn/keys/client1'

I dont understand, why it cant read the /etc/openvpn/keys/client1 file, i changed permission to 777 and it still isnt working Can someone help?

Can you post your client config file as well please?

Sure, Here is client configuration file

Quote:

remote 85.25.71.140
tls-client
port 1194
proto tcp-client
dev tap
pull
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 6
keepalive 10 30

Thank You

So is the client a Linux machine or is it a Windows machine? Just guessing from your IP's that your trying to create a tunnel between two sites and this isn't really for "road warriors"

Client is Windows machine

I maybe mistaken, but I had some issues with my Windows clients connecting due to the client keys being name incorrectly. I had one user name it "client.key" instead of leaving it "client.key." which changed the file associates on it. When you look at the files in Windows do they appear to be certificate files or just a null file with no association?. I'm wondering if the errors are from the client not providing the correct keys. Even though the error mentions the directory it sounds like the problem is the client not feeding the server the correct key its looking for. You can always try to "chown openvpn /etc/openvpn/keys/client1".

The files, which I have on the client are:
client1.ovpn
client1.crt
client1.csr
client1.key
and ca.key

Owner of the file client1 on server is openvpn, its still isnt working

Hi, I got it working. Now I need to add default getaway to clients. Howto do it? I assigned them DNS servers, but gateway isnt working

Quote:

Originally Posted by fandar (Post 3575722)

Hi, I got it working.

And how did you get it working?