LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-16-2010, 12:53 PM   #1
r_s
Member
 
Registered: May 2009
Distribution: slackware, fedora, ubuntu
Posts: 98

Rep: Reputation: 21
openvpn error


I an unable to connect to an openvpn connection in ubuntu karmic. I have installed openvpn , I added the user certificate, CA certificate , Private key and the conf file in the /etc/openvpn directory.
Also followed the steps given here https://help.ubuntu.com/community/OpenSSL under "Importing a Certificate into the System-Wide Certificate Authority Database" , but still when I try openvpn --config linux_client.conf I get the following error.


Mon May 10 21:58:57 2010 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted>
Mon May 10 21:58:57 2010 LZO compression initialized
Mon May 10 21:58:57 2010 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon May 10 21:58:57 2010 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon May 10 21:58:57 2010 Local Options hash (VER=V4): '41690919'
Mon May 10 21:58:57 2010 Expected Remote Options hash (VER=V4): '530fdded'
Mon May 10 21:58:57 2010 Socket Buffers: R=[114688->131072] S=[114688->131072]
Mon May 10 21:58:57 2010 UDPv4 link local: [undef]
Mon May 10 21:58:57 2010 UDPv4 link remote: 121.242.23.196:1194
Mon May 10 21:58:57 2010 TLS: Initial packet from 121.242.23.196:1194, sid=52e74c97 5c79acb5
Mon May 10 21:58:57 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon May 10 21:58:57 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IN/ST=AP/L=Hyderabad/O=IIIT_Hyderabad/CN=vpn.iiit.ac.in/emailAddress=saurabh.barjatiya@iiit.ac.in
Mon May 10 21:58:57 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon May 10 21:58:57 2010 TLS Error: TLS object -> incoming plaintext read error
Mon May 10 21:58:57 2010 TLS Error: TLS handshake failed
Mon May 10 21:58:57 2010 TCP/UDP: Closing socket
Mon May 10 21:58:57 2010 SIGUSR1[soft,tls-error] received, process restarting
Mon May 10 21:58:57 2010 Restart pause, 2 second(s)
 
Old 05-16-2010, 09:35 PM   #2
kurwongbah
Member
 
Registered: Apr 2010
Posts: 82

Rep: Reputation: 23
Did you use a passphrase when you created the key pair?
Openvpn might have trouble using the certificate, because it asks for a passphrase upon use.
Try and create one without a passphrase (just hit enter when asked)

Other problems might be related to permissions. Can the openvpn client access the public certificate?
 
Old 05-17-2010, 05:45 AM   #3
r_s
Member
 
Registered: May 2009
Distribution: slackware, fedora, ubuntu
Posts: 98

Original Poster
Rep: Reputation: 21
I don't think so that there are any such problems, because I am able to configure it successfully in fedora, only in ubuntu I get this error message.
 
Old 05-17-2010, 06:58 PM   #4
kurwongbah
Member
 
Registered: Apr 2010
Posts: 82

Rep: Reputation: 23
Anyone?
 
Old 05-17-2010, 08:49 PM   #5
grail
LQ Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 9,550

Rep: Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898Reputation: 2898
Wel;l I am no guru on the subject but with a little searching I found a suggestion to run the following:
Code:
openssl verify -CAfile ca.crt client1.crt
Obviously replace file names with your own.
 
Old 05-18-2010, 07:36 AM   #6
r_s
Member
 
Registered: May 2009
Distribution: slackware, fedora, ubuntu
Posts: 98

Original Poster
Rep: Reputation: 21
Found out that the ca.crt file wasn't correct in ubuntu using openssl verify , just copied it from fedora and it worked well. You don't need to import the certificate into system wide certificates.
Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN revoke error qwertyjjj Linux - Server 1 01-15-2010 05:24 PM
How does OpenVPN Linux server issues IP and netmask to OpenVPN clients on Windows XP pssompura Linux - Networking 0 12-24-2009 03:42 AM
Error When converting Routing OpenVPN to bridge mode openvpn danmartinj Linux - Software 0 11-06-2009 10:23 AM
Openvpn error or routing error? tkt Linux - Newbie 0 11-02-2006 02:37 AM
dh error in openvpn jbinc1 Linux - Software 5 08-23-2006 08:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 12:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration