LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-23-2006, 02:22 AM   #1
sailershen
LQ Newbie
 
Registered: Mar 2005
Posts: 27

Rep: Reputation: 15
Error in openVPN client GUI about openssl


When I connect to openVPN server from the client GUI, it shows some
error:

Mon Jan 23 15:30:45 2006 us=693337 Restart pause, 5 second(s)
Mon Jan 23 15:30:50 2006 us=693654 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Jan 23 15:30:50 2006 us=693718 WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Mon Jan 23 15:30:50 2006 us=693763 Re-using SSL/TLS context
Mon Jan 23 15:30:50 2006 us=693843 LZO compression initialized
Mon Jan 23 15:30:50 2006 us=694053 Control Channel MTU parms [ L:1544
D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Jan 23 15:30:50 2006 us=712951 Data Channel MTU parms [ L:1544
D:1450 EF:44 EB:23 ET:0 EL:0 AF:3/1 ]
Mon Jan 23 15:30:50 2006 us=713041 Local Options String: 'V4,dev-type
tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jan 23 15:30:50 2006 us=713073 Expected Remote Options String:
'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto
TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-server'
Mon Jan 23 15:30:50 2006 us=713112 Local Options hash (VER=V4):
'69109d17'
Mon Jan 23 15:30:50 2006 us=730006 Expected Remote Options hash
(VER=V4): 'c0103fa8'
Mon Jan 23 15:30:50 2006 us=730085 Attempting to establish TCP
connection with 192.168.10.66:1194
Mon Jan 23 15:30:50 2006 us=751015 TCP connection established with
192.168.10.66:1194
Mon Jan 23 15:30:50 2006 us=751084 Socket Buffers: R=[8192->8192]
S=[8192->8192]
Mon Jan 23 15:30:50 2006 us=756566 TCPv4_CLIENT link local: [undef]
Mon Jan 23 15:30:50 2006 us=756621 TCPv4_CLIENT link remote:
192.168.10.66:1194
Mon Jan 23 15:30:50 2006 us=763689 TLS: Initial packet from
192.168.10.66:1194, sid=3095dc6b 66e321c3
Mon Jan 23 15:30:50 2006 us=808427 VERIFY ERROR: depth=1, error=self
signed certificate in certificate chain:
/C=CN/ST=SH/L=SHANGHAI/O=OpenVPN-TEST/OU=security/CN=CA/emailAddress=shentao01@snda.com
Mon Jan 23 15:30:50 2006 us=808684 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Jan 23 15:30:50 2006 us=808729 TLS Error: TLS object -> incoming
plaintext read error
Mon Jan 23 15:30:50 2006 us=808750 TLS Error: TLS handshake failed
Mon Jan 23 15:30:50 2006 us=819816 Fatal TLS error
(check_tls_errors_co), restarting
Mon Jan 23 15:30:50 2006 us=819981 TCP/UDP: Closing socket
Mon Jan 23 15:30:50 2006 us=823596 SIGUSR1[soft,tls-error] received,
process restarting
Mon Jan 23 15:30:50 2006 us=823646 Restart pause, 5 second(s)


I don't know what means "VERIFY ERROR: depth=1, error=self signed
certificate in certificate chain:"?
 
Old 01-26-2006, 07:24 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Did you copy the CA cert from the server to the client?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache 2.0.55 & openssl 0.9.8 error? ziggie216 Linux - Software 4 11-27-2005 08:37 PM
OpenVPN client cannot route to LAN TheAmazingSteve Linux - Networking 1 09-29-2005 03:40 PM
inetd and OpenVPN client rmocius@auste.e Slackware 0 10-14-2004 01:50 AM
making openvpn secure with openssl ( ? ) antken Linux - Networking 1 03-31-2004 09:14 AM
OpenSSL Error ridertech Linux - Software 0 02-06-2004 09:56 PM


All times are GMT -5. The time now is 12:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration