Hi,
thanks a bunch for your support.
Well, I did a new installation of EFW and applied the patched and changes as
mentioned in the change log at Mantis and used the scripts that come with
the OpenVPN to create the CA , server and clients and things work!!!. I am
still clueless on why XCA certificates are throwing errors. Will dig into
that later.
cheers...
./pradeep
On Mon, Mar 24, 2008 at 5:55 PM, compdoc <[EMAIL PROTECTED]> wrote:
> Ive seen other people get pem rather than cer certs as well, and I don't
> know why.
>
>
>
> Are you using windows? If so, right click a cert file and select open
> with>, and tell me if you have the option to open with 'Crypto Shell
> Extensions'
>
>
>
> In any case, open the cert with notepad instead, and tell me if there is
> any text above -----BEGIN CERTIFICATE-----
>
>
>
> The newest version of efw that I use is 2.1.2, which isn't a beta. I
> wouldn't use a beta for anything other than testing.
>
>
>
> Do you have the udp port for openvpn forwarded to the efw?
>
>
>
>
>
>
>
> *From:* [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] *On Behalf Of *Pradeep Raghavan
> *Sent:* Monday, March 24, 2008 3:57 AM
>
> *To:* [email protected]
> *Subject:* Re: [Efw-user] Road warrior configuration on 2.2Beta3
>
>
>
> Hello compdoc,
>
> Tried the way you have mentioned (on EFW 2.2 Beta3)but still no
> success.Btw, the ca certificate what I get to download from efw is in
> "pem" format and not cer format.
>
>
> regards.
>
> ./pradeep
>
> On Sun, Mar 23, 2008 at 11:27 PM, compdoc <[EMAIL PROTECTED]> wrote:
>
> I use the cert created on the openvpn page in efw, so I don't use the
> 'pkcs12 me.p12', or 'ns-cert-type server' lines, but this works for me:
>
>
>
> client
>
> float
>
> dev tap
>
> proto udp
>
> port 1194
>
> remote xx.xx.xx.xx
>
> resolv-retry infinite
>
> nobind
>
> persist-key
>
> persist-tun
>
> ca lasvegas.cer
>
> auth-user-pass
>
> pull
>
> comp-lzo
>
>
>
>
>
>
>
> *From:* [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] *On Behalf Of *Pradeep Raghavan
> *Sent:* Sunday, March 23, 2008 12:55 PM
> *To:* [email protected]
> *Subject:* Re: [Efw-user] Road warrior configuration on 2.2Beta3
>
>
>
> Hi,
>
> thanks for the help, somehow the issue got solved.I removed the
> "ns-cert-type client" from the server configuration by editing the template
> file.But, stepped into another problem.
> The server is configured to lease ip-addresses from the pool "
> 192.168.1.40-192.168.1.60" and for some reason the client configured to
> get ip-address from the vpn server assigns itself *"192.168.1.10", *and
> the tap interface at the client side does not come up.The client
> configuration is as below
>
> *Client conf
>
> tls-client
> client
> dev tap
> proto udp
> remote xx.xx.xx.xx 1194
> #remote 192.168.1.123 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> keepalive 10 120
> pkcs12 me.p12
> ns-cert-type server
> comp-lzo
> verb 5
>
> *Wondering what configuration is causing the client to get *192.168.1.10*
> as the ipaddress. Any help would be highly appreciated.
>
>
> cheers...
> ./pradeep
>
> On Sat, Mar 22, 2008 at 11:12 AM, Pradeep Raghavan <[EMAIL PROTECTED]>
> wrote:
>
> hi,
>
> thanks for the quick reply. l tried connecting to the VPN server (Endian
> 2.2beta3) and ends up with a different error. I get a different error this
> time. I have selected the "Authentication Type to be X.509 certificate."
>
> *"Error Message"*
>
>
>
> "TLS Error: TLS object -> incoming plaintext read error
>
> TLS Error: TLS handshake failed
>
> Re-using SSL/TLS context
>
> LZO compression initialized
> TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned"
>
>
>
>
> Any help would be highly appreciated.
>
>
> cheers...
>
> ./pradeep
>
> On Thu, Mar 20, 2008 at 4:09 PM, André Pohl <[EMAIL PROTECTED]> wrote:
>
> Hi there,
>
> my client Configuration is different, but works :-)
>
> #OpenVPN Server conf
> #don´t touch this lines
> tls-client
>
> client
> dev tap
> proto udp
>
> cipher BF-CBC
> comp-lzo
> verb 3
> ns-cert-type server
>
> #Login-Typ Certificate + PSK
> #comment it out, if you don´t wan two-way authentication
> #auth-user-pass
>
> # remote Gateway
> remote tgjansen.no-ip.info 1194
>
> # name and typo of the user-cert
> pkcs12 example-cert.p12
>
> Hope, this will help
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
>
>
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
