----- "Giovanni Lovato" <[EMAIL PROTECTED]> wrote: > Jon Escombe wrote: > > ----- "Giovanni Lovato" <[EMAIL PROTECTED]> wrote: > >> While `openvpn --config client.conf' starts up VPN connection > >> properly, > >> NM won't: > >> > >> OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 2 > >> 2007 > >> LZO compression initialized > >> UDPv4 link local: [undef] > >> UDPv4 link remote: xx.xx.xx.xx:1194 > >> TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL > >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed > >> TLS Error: TLS object -> incoming plaintext read error > >> TLS Error: TLS handshake failed > >> SIGUSR1[soft,tls-error] received, process restarting > >> > >> I'm using the same certificates both in NM and client.conf! > >> > >> G.L. > >> -- > >> www.aldu.net/~heruan > >> [EMAIL PROTECTED] > > > > > > Could any other options be different between the configurations? > It's working for me on Fedora7 with X.509 certificates and TLS > authentication... > > I don't know which default options NM passes to openvpn. > My client.conf: > > client > dev tun > proto udp > remote vpn.xxxxx.net > resolv-retry infinite > nobind > persist-key > persist-tun > ca /etc/ssl/certs/ca-cert.pem > cert /etc/ssl/certs/client-cert.pem > key /etc/ssl/private/client-key.pem > comp-lzo > verb 5 > > My NM options: > Required: > Gateway Address: vpn.xxxxx.net > Gateway Port: 1194 > Connection Type: X.509 Certificates > CA file: /etc/ssl/certs/ca-cert.pem > Certificate: /etc/ssl/certs/client-cert.pem > Key: /etc/ssl/private/client-key.pem > Optional: > [v] Use LZO compression > > See quoted text at top for the syslog output errors... > > Thanks, > G.L.
That looks right to me.. However, I just found this in the archives - sounds like it could be your problem? http://mail.gnome.org/archives/networkmanager-list/2006-April/msg00132.html Regards, Jon. _______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
