LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-15-2009, 12:43 PM   #1
fandar
Member
 
Registered: Oct 2006
Posts: 61

Rep: Reputation: 15
Openvpn problem with client-config-dir


Hi, I have serious problem with client-config-dir in OpenVPN
Here is my server.conf file
Quote:
# server
mode server
tls-server
port 1194
proto tcp-server
dev tap0
ifconfig 85.25.228.36 255.255.255.0
push "route 85.25.228.0 255.255.255.0"
ifconfig-pool 85.25.228.37 85.25.228.62 255.255.255.0
client-config-dir /etc/openvpn/keys
client-to-client
ifconfig-pool-persist ipp.txt
persist-key
persist-tun
ccd-exclusive
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh2048.pem
syslog
log /var/log/openvpn.log
status /var/run/vpn.status 10
user openvpn
group openvpn
verb 11
comp-lzo
keepalive 10 30
Quote:
loft1635:/etc/openvpn# cat /etc/openvpn/keys/client1
ifconfig-push 85.25.228.39 255.255.255.0
When I try connect from client, it fails and this is from log

Quote:
loft1635:/etc/openvpn# cat /var/log/openvpn.log |grep keys
Mon Jun 15 17:42:17 2009 us=544204 keysize = 0
Mon Jun 15 17:42:17 2009 us=544931 client_config_dir = '/etc/openvpn/keys'
Mon Jun 15 17:42:21 2009 us=583094 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Jun 15 17:42:21 2009 us=583111 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jun 15 17:42:23 2009 us=611159 89.102.236.226:32804 TEST FILE '/etc/openvpn/keys/client1' [0]
Mon Jun 15 17:42:23 2009 us=611169 89.102.236.226:32804 TLS Auth Error: --client-config-dir authentication failed for common name 'client1' file='/etc/openvpn/keys/client1'
I dont understand, why it cant read the /etc/openvpn/keys/client1 file, i changed permission to 777 and it still isnt working Can someone help?
 
Old 06-15-2009, 01:19 PM   #2
tekhead2
Member
 
Registered: Apr 2004
Distribution: slackware/FreeBSD/Vector
Posts: 291

Rep: Reputation: 52
Can you post your client config file as well please?
 
Old 06-15-2009, 01:26 PM   #3
fandar
Member
 
Registered: Oct 2006
Posts: 61

Original Poster
Rep: Reputation: 15
Sure, Here is client configuration file
Quote:
remote 85.25.71.140
tls-client
port 1194
proto tcp-client
dev tap
pull
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 6
keepalive 10 30
Thank You
 
Old 06-15-2009, 01:34 PM   #4
tekhead2
Member
 
Registered: Apr 2004
Distribution: slackware/FreeBSD/Vector
Posts: 291

Rep: Reputation: 52
So is the client a Linux machine or is it a Windows machine? Just guessing from your IP's that your trying to create a tunnel between two sites and this isn't really for "road warriors"
 
Old 06-15-2009, 01:37 PM   #5
fandar
Member
 
Registered: Oct 2006
Posts: 61

Original Poster
Rep: Reputation: 15
Client is Windows machine
 
Old 06-15-2009, 01:56 PM   #6
tekhead2
Member
 
Registered: Apr 2004
Distribution: slackware/FreeBSD/Vector
Posts: 291

Rep: Reputation: 52
I maybe mistaken, but I had some issues with my Windows clients connecting due to the client keys being name incorrectly. I had one user name it "client.key" instead of leaving it "client.key." which changed the file associates on it. When you look at the files in Windows do they appear to be certificate files or just a null file with no association?. I'm wondering if the errors are from the client not providing the correct keys. Even though the error mentions the directory it sounds like the problem is the client not feeding the server the correct key its looking for. You can always try to "chown openvpn /etc/openvpn/keys/client1".
 
Old 06-15-2009, 02:14 PM   #7
fandar
Member
 
Registered: Oct 2006
Posts: 61

Original Poster
Rep: Reputation: 15
The files, which I have on the client are:
client1.ovpn
client1.crt
client1.csr
client1.key
and ca.key

Owner of the file client1 on server is openvpn, its still isnt working
 
Old 06-16-2009, 06:28 AM   #8
fandar
Member
 
Registered: Oct 2006
Posts: 61

Original Poster
Rep: Reputation: 15
Hi, I got it working. Now I need to add default getaway to clients. Howto do it? I assigned them DNS servers, but gateway isnt working
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
openvpn bridge client-to-client and iptables zashone Linux - Networking 0 02-24-2009 09:40 AM
OpenVPN client.conf problem priyadarshan Linux - Networking 5 02-19-2009 02:08 AM
Openvpn: connecting from windows client problem blckspder Linux - Networking 0 09-26-2008 08:54 AM
OpenVPN config problem linuxpyro Linux - Networking 7 10-07-2005 07:12 PM


All times are GMT -5. The time now is 03:27 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration