wingcommander
Einsteiger
Registriert seit: 01.2009
Beiträge:1
| VPN Probleme TLS Error & Handshake Error
Also hab folgendes Problem:
Server: Debian Etch
Client: Windows XP SP 3
Also wenn ich connecten will bekomm ich folgende Angabe vom Proggi:
Code:
Fri Jan 02 17:11:55 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Fri Jan 02 17:11:55 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 02 17:11:56 2009 LZO compression initialized
Fri Jan 02 17:11:56 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 02 17:11:56 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 02 17:11:56 2009 Local Options hash (VER=V4): 'd79ca330'
Fri Jan 02 17:11:56 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Jan 02 17:11:56 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 02 17:11:56 2009 UDPv4 link local (bound): [undef]:1194
Fri Jan 02 17:11:56 2009 UDPv4 link remote: 83.133.123.68:1195
Fri Jan 02 17:11:56 2009 TLS: Initial packet from 83.133.123.68:1195, sid=1f3d0504 68808fcc
Fri Jan 02 17:11:57 2009 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=AT/ST=Vorarlberg/L=Dornbirn/O=Online-tutorials.net/OU=OpenVPN_Tutorial/CN=test_ca/emailAddress=public@online-tutorials.net
Fri Jan 02 17:11:57 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jan 02 17:11:57 2009 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 02 17:11:57 2009 TLS Error: TLS handshake failed
Fri Jan 02 17:11:57 2009 TCP/UDP: Closing socket
Fri Jan 02 17:11:57 2009 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 02 17:11:57 2009 Restart pause, 2 second(s)
Fri Jan 02 17:11:59 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 02 17:11:59 2009 LZO compression initialized
Fri Jan 02 17:11:59 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 02 17:11:59 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 02 17:11:59 2009 Local Options hash (VER=V4): 'd79ca330'
Fri Jan 02 17:11:59 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Jan 02 17:11:59 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 02 17:11:59 2009 UDPv4 link local (bound): [undef]:1194
Fri Jan 02 17:11:59 2009 UDPv4 link remote: 83.133.123.68:1195
Fri Jan 02 17:11:59 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:11:59 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:11:59 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:11:59 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:11:59 2009 TLS: Initial packet from 83.133.123.68:1195, sid=f32f52e9 8954b4e6
Fri Jan 02 17:12:01 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:01 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:01 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:01 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:01 2009 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=AT/ST=Vorarlberg/L=Dornbirn/O=Online-tutorials.net/OU=OpenVPN_Tutorial/CN=test_ca/emailAddress=public@online-tutorials.net
Fri Jan 02 17:12:01 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Jan 02 17:12:01 2009 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 02 17:12:01 2009 TLS Error: TLS handshake failed
Fri Jan 02 17:12:01 2009 TCP/UDP: Closing socket
Fri Jan 02 17:12:01 2009 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 02 17:12:01 2009 Restart pause, 2 second(s)
Fri Jan 02 17:12:03 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 02 17:12:03 2009 LZO compression initialized
Fri Jan 02 17:12:03 2009 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 02 17:12:03 2009 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 02 17:12:03 2009 Local Options hash (VER=V4): 'd79ca330'
Fri Jan 02 17:12:03 2009 Expected Remote Options hash (VER=V4): 'f7df56b8'
Fri Jan 02 17:12:03 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 02 17:12:03 2009 UDPv4 link local (bound): [undef]:1194
Fri Jan 02 17:12:03 2009 UDPv4 link remote: 83.133.123.68:1195
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:03 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_ACK_V1)
Fri Jan 02 17:12:05 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_ACK_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:06 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:07 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_ACK_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_CONTROL_V1)
Fri Jan 02 17:12:09 2009 TLS Error: Unroutable control packet received from 83.133.123.68:1195 (si=3 op=P_ACK_V1)
So meine Serverconfig:
Code:
# Port
port 1195
# TCP oder UDP?
#proto tcp-server
proto udp
mode server
tls-server
# tun oder tap?
# Das tun Device erstellt einen IP Tunnel,
# während das tap Device einen Ethernet Tunnel erstellt.
#tun or tap device
#tun is an IP tunnel,
#tap an ethernet tunnel
dev tap
#Our Server IP
ifconfig 10.0.0.1 255.255.255.0
#dynamic clients from 10.0.0.2-10.0.0.254
ifconfig-pool 10.0.0.2 10.0.0.254
#Die pakete werden auf dieser größe gekapselt
tun-mtu 1492
#fragment 1300
mssfix
#Paths to the certs
ca certs/vpn-ca.pem
cert certs/servercert.pem
key certs/serverkey.pem
#Clients können miteinander kommunizieren
#client-to-client
#Diffie-Hellmann Parameters
dh certs/dh1024.pem
#Same Ip in the next session
ifconfig-pool-persist ipp.txt
#Routes the packages to the intern network, you should use iptables instead of this
push "route 192.168.0.0 255.255.255.0"
#Tests the connection with a ping like paket. (wait=120sec)
keepalive 10 120
#Authenication
auth SHA1
#Our encryption algorithm
#cipher aes-256-ecb
#openvpn --show-ciphers for testing
#comp
comp-lzo
#Sets new rights after the connection
user nobody
group nogroup
#We need this because of user nobody/group nobody.
persist-key
persist-tun
#Logging 0, (testing:5)
verb 3
Client Config:
Code:
client
dev tap
proto udp
remote freeprovider.eu 1195
tls-client
ca vpn-ca.pem
cert simon_lan_cert.pem
key simon_lan_key.pem
redirect-gateway
ns-cert-type server
comp-lzo
tun-mtu 1500
mssfix
verb 3
So und zu guter Letzt die Serverantwort in der Shell:
Code:
Fri Jan 2 17:16:24 2009 Diffie-Hellman initialized with 1024 bit key
Fri Jan 2 17:16:24 2009 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Fri Jan 2 17:16:24 2009 TLS-Auth MTU parms [ L:1566 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 2 17:16:24 2009 TUN/TAP device tap1 opened
Fri Jan 2 17:16:24 2009 ifconfig tap1 10.0.0.1 netmask 255.255.255.0 mtu 1492 broadcast 10.0.0.255
Fri Jan 2 17:16:24 2009 Data Channel MTU parms [ L:1566 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 2 17:16:24 2009 GID set to nogroup
Fri Jan 2 17:16:24 2009 UID set to nobody
Fri Jan 2 17:16:24 2009 UDPv4 link local (bound): [undef]:1195
Fri Jan 2 17:16:24 2009 UDPv4 link remote: [undef]
Fri Jan 2 17:16:24 2009 MULTI: multi_init called, r=256 v=256
Fri Jan 2 17:16:24 2009 IFCONFIG POOL: base=10.0.0.2 size=253
Fri Jan 2 17:16:24 2009 IFCONFIG POOL LIST
Fri Jan 2 17:16:24 2009 Initialization Sequence Completed
Fri Jan 2 17:16:28 2009 MULTI: multi_create_instance called
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 Re-using SSL/TLS context
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 LZO compression initialized
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1492)
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 Control Channel MTU parms [ L:1566 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 Data Channel MTU parms [ L:1566 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 Local Options hash (VER=V4): '07ee0ac2'
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 Expected Remote Options hash (VER=V4): 'c69db0ac'
Fri Jan 2 17:16:28 2009 91.141.6.74:1194 TLS: Initial packet from 91.141.6.74:1194, sid=56350b45 c72602bc
Fri Jan 2 17:16:33 2009 91.141.6.74:1194 TLS: new session incoming connection from 91.141.6.74:1194
Fri Jan 2 17:16:34 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:34 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:36 2009 91.141.6.74:1194 TLS: new session incoming connection from 91.141.6.74:1194
Fri Jan 2 17:16:50 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:50 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:50 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:50 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:50 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:50 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:16:53 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:00 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:02 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:11 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:11 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:13 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:13 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:13 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:13 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:13 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Fri Jan 2 17:17:13 2009 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Ehm wo liegt der fehler?
LG
|
Archiv-Version: View only!
