Ive seen other people get pem rather than cer certs as well,
and I dont know why.
Are you using windows? If so, right click a cert file and
select open with>, and tell me if you have the option to
open with Crypto Shell Extensions
In any case, open the cert with notepad instead, and tell me
if there is any text above -----BEGIN CERTIFICATE-----
The newest version of efw that I use is 2.1.2, which isnt a
beta. I wouldnt use a beta for anything other than testing.
Do you have the udp port for openvpn forwarded to the efw?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Pradeep Raghavan
Sent: Monday, March 24, 2008 3:57 AM
To: [email protected]
Subject: Re: [Efw-user] Road warrior configuration on
2.2Beta3
Hello compdoc,
Tried the way you have mentioned (on EFW 2.2 Beta3)but still
no success.Btw, the ca certificate what I get to download
from efw is in "pem" format and not cer format.
regards.
./pradeep
On Sun, Mar 23, 2008 at 11:27 PM, compdoc
<[EMAIL PROTECTED]> wrote:
I use the cert created on the openvpn page in efw, so I
don't use the 'pkcs12 me.p12', or 'ns-cert-type server'
lines, but this works for me:
client
float
dev tap
proto udp
port 1194
remote xx.xx.xx.xx
resolv-retry infinite
nobind
persist-key
persist-tun
ca lasvegas.cer
auth-user-pass
pull
comp-lzo
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Pradeep Raghavan
Sent: Sunday, March 23, 2008 12:55 PM
To: [email protected]
Subject: Re: [Efw-user] Road warrior configuration on
2.2Beta3
Hi,
thanks for the help, somehow the issue got solved.I removed
the "ns-cert-type client" from the server configuration by
editing the template file.But, stepped into another problem.
The server is configured to lease ip-addresses from the pool
"192.168.1.40-192.168.1.60" and for some reason the client
configured to get ip-address from the vpn server assigns
itself "192.168.1.10", and the tap interface at the client
side does not come up.The client configuration is as below
Client conf
tls-client
client
dev tap
proto udp
remote xx.xx.xx.xx 1194
#remote 192.168.1.123 1194
resolv-retry infinite
nobind
persist-key
persist-tun
keepalive 10 120
pkcs12 me.p12
ns-cert-type server
comp-lzo
verb 5
Wondering what configuration is causing the client to get
192.168.1.10 as the ipaddress. Any help would be highly
appreciated.
cheers...
./pradeep
On Sat, Mar 22, 2008 at 11:12 AM, Pradeep Raghavan
<[EMAIL PROTECTED]> wrote:
hi,
thanks for the quick reply. l tried connecting to the VPN
server (Endian 2.2beta3) and ends up with a different error.
I get a different error this time. I have selected the
"Authentication Type to be X.509 certificate."
"Error Message"
"TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Re-using SSL/TLS context
LZO compression initialized
TLS_ERROR: BIO read tls_read_plaintext error:
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
certificate returned"
Any help would be highly appreciated.
cheers...
./pradeep
On Thu, Mar 20, 2008 at 4:09 PM, André Pohl
<[EMAIL PROTECTED]> wrote:
Hi there,
my client Configuration is different, but works :-)
#OpenVPN Server conf
#don´t touch this lines
tls-client
client
dev tap
proto udp
cipher BF-CBC
comp-lzo
verb 3
ns-cert-type server
#Login-Typ Certificate + PSK
#comment it out, if you don´t wan two-way authentication
#auth-user-pass
# remote Gateway
remote tgjansen.no-ip.info 1194
# name and typo of the user-cert
pkcs12 example-cert.p12
Hope, this will help
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
------------------------------------------------------------
-------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
