https://bugs.kde.org/show_bug.cgi?id=381797
Bug ID: 381797
Summary: KVpnc try to use diffie hellman certificate
'dh1024.pem' with TLS on client side with openVPN
(should be on server side only)
Product: kvpnc
Version: unspecified
Platform: openSUSE RPMs
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
after importing this openvpn config file from UnblockVPN (unblockvpn.com):
proto tcp-client
remote eu.iphone-vpn.com 443 # non-stadard port for OpenVPN
dev tap
nobind
persist-key
tls-client
ca unblockvpn-ca.pem # Root certificate in the same directory as this
configuration file.
ns-cert-type server
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
#if connection is terminated, it will attempt to connect without promting
username and pass
auth-retry nointeract
redirect-gateway def1
dhcp-option DNS 8.8.8.8
the connection gives:
debug: Some passwords which were needed were obtained from a password dialog.
debug: Default interface: "eth0".
debug: IP address of default interface: "192.168.1.103".
debug: Default route backup process started.
info: Trying to connect to server "eu.iphone-vpn.com" with ...
debug: Setting DNS_UPDATE "NO".
debug: Openvpn Version: 2.3.8
debug: Starting Openvpn management handler...
debug: OpenvpnManagementHandler: start
debug: OpenvpnManagementHandler: Connecting to the OpenVPN manage port
(2222)...
debug: OpenvpnManagementHandler: Connecting to the OpenVPN manage port
(2222)... host found
debug: OpenvpnManagementHandler Management greeting timer started.
error: OpenvpnManagementHandler: Connection refused
debug: [openvpn] Options error: --dh fails with 'dh1024.pem': No such file or
directory
debug: [openvpn] Options error: Please correct these errors.
debug: [openvpn] Use --help for more information.
debug: [openvpn]
KVpn try to use a DH certificate witch does not exist on a client side with CA
certificate and UID/psw authentication.
the export openVPN profile from KVpnc gives:
# generated by kvpnc
# profile: _home_hvi_unblockvpn-openvpn_eu_czech_republic
# verbosity
verb 3
# change to prefix
cd /etc/openvpn
# use tap device
dev tap
# do not listen
nobind
# try to resolve names infinite
resolv-retry infinite
# client cert
cert
# client private key
key
# ca
ca /home/hvi/unblockvpn-openvpn/unblockvpn-ca.pem
# client side
tls-client
pull
# diffie hellman parameters
dh dh1024.pem
# use tcp
proto tcp-client
# remote side
remote eu.iphone-vpn.com
# port
443
# port
port 1194
# don't re-read key files across SIGUSR1 or --ping-restart
persist-key
# don't close and reopen TUN/TAP device across SIGUSR1 or --ping-restart
restarts
persist-tun
# Require that peer certificate was signed with an explicit nsCertType
designation of "server"
ns-cert-type server
# disable ping restart
ping-restart 0
# we want to authenticate with username and password
auth-user-pass
# Automatically execute routing commands to cause all outgoing IP traffic to be
redirected over the VPN
redirect-gateway
up
/root/.kde4/share/apps/kvpnc/openvpn._home_hvi_unblockvpn-openvpn_eu_czech_republic.up
down
/root/.kde4/share/apps/kvpnc/openvpn._home_hvi_unblockvpn-openvpn_eu_czech_republic.down
the 'dh dh1024.pem' is the problem
--
You are receiving this mail because:
You are watching all bug changes.
