Error in openVPN client GUI about openssl

sailershen · 01-23-2006, 02:22 AM

When I connect to openVPN server from the client GUI, it shows some
error:

Mon Jan 23 15:30:45 2006 us=693337 Restart pause, 5 second(s)
Mon Jan 23 15:30:50 2006 us=693654 IMPORTANT: OpenVPN's default port
number is now 1194, based on an official port number assignment by
IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Jan 23 15:30:50 2006 us=693718 WARNING: No server certificate
verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Mon Jan 23 15:30:50 2006 us=693763 Re-using SSL/TLS context
Mon Jan 23 15:30:50 2006 us=693843 LZO compression initialized
Mon Jan 23 15:30:50 2006 us=694053 Control Channel MTU parms [ L:1544
D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon Jan 23 15:30:50 2006 us=712951 Data Channel MTU parms [ L:1544
D:1450 EF:44 EB:23 ET:0 EL:0 AF:3/1 ]
Mon Jan 23 15:30:50 2006 us=713041 Local Options String: 'V4,dev-type
tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher
BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Jan 23 15:30:50 2006 us=713073 Expected Remote Options String:
'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto
TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method
2,tls-server'
Mon Jan 23 15:30:50 2006 us=713112 Local Options hash (VER=V4):
'69109d17'
Mon Jan 23 15:30:50 2006 us=730006 Expected Remote Options hash
(VER=V4): 'c0103fa8'
Mon Jan 23 15:30:50 2006 us=730085 Attempting to establish TCP
connection with 192.168.10.66:1194
Mon Jan 23 15:30:50 2006 us=751015 TCP connection established with
192.168.10.66:1194
Mon Jan 23 15:30:50 2006 us=751084 Socket Buffers: R=[8192->8192]
S=[8192->8192]
Mon Jan 23 15:30:50 2006 us=756566 TCPv4_CLIENT link local: [undef]
Mon Jan 23 15:30:50 2006 us=756621 TCPv4_CLIENT link remote:
192.168.10.66:1194
Mon Jan 23 15:30:50 2006 us=763689 TLS: Initial packet from
192.168.10.66:1194, sid=3095dc6b 66e321c3
Mon Jan 23 15:30:50 2006 us=808427 VERIFY ERROR: depth=1, error=self
signed certificate in certificate chain:
/C=CN/ST=SH/L=SHANGHAI/O=OpenVPN-TEST/OU=security/CN=CA/emailAddress=shentao01@snda.com
Mon Jan 23 15:30:50 2006 us=808684 TLS_ERROR: BIO read
tls_read_plaintext error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Jan 23 15:30:50 2006 us=808729 TLS Error: TLS object -> incoming
plaintext read error
Mon Jan 23 15:30:50 2006 us=808750 TLS Error: TLS handshake failed
Mon Jan 23 15:30:50 2006 us=819816 Fatal TLS error
(check_tls_errors_co), restarting
Mon Jan 23 15:30:50 2006 us=819981 TCP/UDP: Closing socket
Mon Jan 23 15:30:50 2006 us=823596 SIGUSR1[soft,tls-error] received,
process restarting
Mon Jan 23 15:30:50 2006 us=823646 Restart pause, 5 second(s)

I don't know what means "VERIFY ERROR: depth=1, error=self signed
certificate in certificate chain:"?

unSpawn · 01-26-2006, 07:24 PM

Did you copy the CA cert from the server to the client?