Konfigurace klienta pro OpenVPN

Ahoj,
pokousim se prave rozbehat vpn pomoci openvpn. Podarilo se mi nakonfigurovat server (debian sarge) a ted potrebuji nakofigurovat klienta. Na klientovi pouzivam winXP. Kdyz se pokusim pripojit na server tak se mi vrati tato chyba:



Tue May 16 10:47:31 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006

Tue May 16 10:47:31 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Tue May 16 10:47:31 2006 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Tue May 16 10:47:32 2006 Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib

Tue May 16 10:47:32 2006 Exiting

Konfiguracni soubor klienta:


remote server.madomena.cz

tls-client

dev tap

pull



mute 10

ca cacert.crt

cert client.crt

key client.key



comp-lzo

verb 3

Mohl by mi nekdo poradit v cem by ohl byt problem ?

Diky

Odpovědi

Myslím, že je to jasné:

Tue May 16 10:47:32 2006 Cannot load certificate file client.crt: error:02001002:system library:fopen:No such file or directory: error:20074002:BIO routines:FILE_CTRL:system lib: error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib

Skús zadať úplnú cestu.

16.5.2006 12:18 Lemmy
Rozbalit Rozbalit vše Re: Konfigurace klienta pro OpenVPN

Diky pomohlo to.
Ale ted nasleduje jeste jeden problem. Kdyz se pokusim pripojit tak server odpovi, ale samotne pripojeni se neuskutecni. Vypis z logu klienta:


Tue May 16 12:09:31 2006 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006

Tue May 16 12:09:31 2006 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

Tue May 16 12:09:31 2006 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

Tue May 16 12:09:31 2006 LZO compression initialized

Tue May 16 12:09:31 2006 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Tue May 16 12:09:31 2006 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

Tue May 16 12:09:31 2006 Local Options hash (VER=V4): 'd79ca330'

Tue May 16 12:09:31 2006 Expected Remote Options hash (VER=V4): 'f7df56b8'

Tue May 16 12:09:31 2006 UDPv4 link local (bound): [undef]:1194

Tue May 16 12:09:31 2006 UDPv4 link remote: 195.113.101.210:1194

Tue May 16 12:09:31 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_ACK_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:32 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:33 2006 TLS Error: Unroutable control packet received from 195.113.101.210:1194 (si=3 op=P_CONTROL_V1)

Tue May 16 12:09:33 2006 NOTE: --mute triggered...

Tue May 16 12:09:44 2006 45 variation(s) on previous 10 message(s) suppressed by --mute

Vypis z logu serveru:


Tue May 16 12:15:38 2006 MULTI: multi_create_instance called

Tue May 16 12:15:38 2006 172.16.0.14:1194 Re-using SSL/TLS context

Tue May 16 12:15:38 2006 172.16.0.14:1194 LZO compression initialized

Tue May 16 12:15:38 2006 172.16.0.14:1194 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

Tue May 16 12:15:38 2006 172.16.0.14:1194 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:23 ET:32 EL:0 AF:3/1 ]

Tue May 16 12:15:38 2006 172.16.0.14:1194 Local Options hash (VER=V4): 'f7df56b8'

Tue May 16 12:15:38 2006 172.16.0.14:1194 Expected Remote Options hash (VER=V4): 'd79ca330'

Tue May 16 12:15:38 2006 172.16.0.14:1194 TLS: Initial packet from 172.16.0.14:1194, sid=0bd9350b feab330e

Tue May 16 12:15:40 2006 172.16.0.14:1194 TLS: new session incoming connection from 172.16.0.14:1194

Tue May 16 12:15:42 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:42 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:42 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:42 2006 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:42 2006 172.16.0.14:1194 TLS: new session incoming connection from 172.16.0.14:1194

Tue May 16 12:15:51 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:51 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:53 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:53 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:53 2006 read UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:55 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:55 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:55 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:57 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED|ECONNREFUSED]: Connection refused (code=111)

Tue May 16 12:15:57 2006 172.16.0.14:1194 write UDPv4 [ECONNREFUSED]: Connection refused (code=111)

V cem by mohl byt problem ted ?

nemas na klientovi specifikovanej port, zatimco openvpn pro linux pouziva defaultne port 5000, openvpn gui klient pouziva defaultne port 1194. Dej si tam specifikaci portu.

Vaše řeč budiž ano, ano, ne, ne. Co je nad to, je od ďábla.

16.5.2006 12:25 Lemmy
Rozbalit Rozbalit vše Re: Konfigurace klienta pro OpenVPN

Timto neni, openvpn server posloucha na portu 1194 (zjisteno netstatem) a klient ma nastaveno, aby se na tento port pripojil.

16.5.2006 12:32 Lemmy
Rozbalit Rozbalit vše Re: Konfigurace klienta pro OpenVPN

Tak chyba bude nejspis v tomhle:


Tue May 16 12:25:46 2006 TLS: Initial packet from 195.113.101.210:1194, sid=4ef77e41 40f0e8b8

Tue May 16 12:25:47 2006 VERIFY ERROR: depth=0, error=self signed certificate: /C=CS/ST=Czech_republic/L=Mesto/O=SKOLA/OU=operativ/CN=Certifikacni_autorita/emailAddress=mujmail@madomena.cz
Tue May 16 12:25:47 2006 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Tue May 16 12:25:47 2006 TLS Error: TLS object -> incoming plaintext read error

Tue May 16 12:25:47 2006 TLS Error: TLS handshake failed

Tue May 16 12:25:47 2006 TCP/UDP: Closing socket

Tue May 16 12:25:47 2006 SIGUSR1[soft,tls-error] received, process restarting

Tue May 16 12:25:47 2006 Restart pause, 2 second(s)

Nejspis sem udelal nekde chybu pri generovani certifikatu. Byl by nekdo tak hodny blbuvzdorne, krok za krokem popsal generovani certifikatu pro rozchozeni vpn? Pripadne mne odkazal na dokument kde je vse popsano. Diky za rady.

16.5.2006 17:16 pantera | skóre: 17 | blog: Bl0g
Rozbalit Rozbalit vše Re: Konfigurace klienta pro OpenVPN

Ze by v how-to? :)

Dotaz: Konfigurace klienta pro OpenVPN

Odpovědi