LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   openvpn error (https://www.linuxquestions.org/questions/linux-newbie-8/openvpn-error-808161/)

r_s 05-16-2010 11:53 AM
openvpn error
 
I an unable to connect to an openvpn connection in ubuntu karmic. I have installed openvpn , I added the user certificate, CA certificate , Private key and the conf file in the /etc/openvpn directory.
Also followed the steps given here https://help.ubuntu.com/community/OpenSSL under "Importing a Certificate into the System-Wide Certificate Authority Database" , but still when I try openvpn --config linux_client.conf I get the following error.


Mon May 10 21:58:57 2010 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon May 10 21:58:57 2010 LZO compression initialized
Mon May 10 21:58:57 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon May 10 21:58:57 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon May 10 21:58:57 2010 Local Options hash (VER=V4): '41690919'
Mon May 10 21:58:57 2010 Expected Remote Options hash (VER=V4): '530fdded'
Mon May 10 21:58:57 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May 10 21:58:57 2010 UDPv4 link local: [undef]
Mon May 10 21:58:57 2010 UDPv4 link remote: 121.242.23.196:1194
Mon May 10 21:58:57 2010 TLS: Initial packet from 121.242.23.196:1194, sid=52e74c97 5c79acb5
Mon May 10 21:58:57 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon May 10 21:58:57 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IN/ST=AP/L=Hyderabad/O=IIIT_Hyderabad/CN=vpn.iiit.ac.in/emailAddress=saurabh.barjatiya@iiit.ac.in
Mon May 10 21:58:57 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon May 10 21:58:57 2010 TLS Error: TLS object -> incoming plaintext read error
Mon May 10 21:58:57 2010 TLS Error: TLS handshake failed
Mon May 10 21:58:57 2010 TCP/UDP: Closing socket
Mon May 10 21:58:57 2010 SIGUSR1[soft,tls-error] received, process restarting
Mon May 10 21:58:57 2010 Restart pause, 2 second(s)

kurwongbah 05-16-2010 08:35 PM
Did you use a passphrase when you created the key pair?
Openvpn might have trouble using the certificate, because it asks for a passphrase upon use.
Try and create one without a passphrase (just hit enter when asked)

Other problems might be related to permissions. Can the openvpn client access the public certificate?

r_s 05-17-2010 04:45 AM
I don't think so that there are any such problems, because I am able to configure it successfully in fedora, only in ubuntu I get this error message.

kurwongbah 05-17-2010 05:58 PM
Anyone?

grail 05-17-2010 07:49 PM
Wel;l I am no guru on the subject but with a little searching I found a suggestion to run the following:
Code:
openssl verify -CAfile ca.crt client1.crt
Obviously replace file names with your own.

r_s 05-18-2010 06:36 AM
Found out that the ca.crt file wasn't correct in ubuntu using openssl verify , just copied it from fedora and it worked well. You don't need to import the certificate into system wide certificates.
Thanks


All times are GMT -5. The time now is 06:51 AM.