Hi All, any clue what is wrong?! :(
Rgds On Sun, 25 Sep 2011 18:38:39 +0200, <busin...@reebs.org> wrote: > Hello All, > > Currently I am having troubles to get the latest build (32bit) of > prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These are found > here: > > http://www.opensc-project.org/files/build.old/ > > (btw the link to the "builds" if any newer shall be available from > this > page is corrupt: http://www.opensc-project.org/opensc/wiki/build). > > When I use the 009 build then every thing is fine. However I'd like > to > use the latest version, and Alon had a few month ago made a newer > build > which I could not test until now. > > When trying the build 010 OpenVPN fails to connect. > > I get asked twice for PIN before it does something and then fails to > connect and tries again/ask for PIN. > > By the way here: > http://sites.google.com/site/alonbarlev/openssh-pkcs11 > I found some info about PKCS11 and OpenSSL don't know if it may be > related... > > Regards, > PR > > Here is the OpenVPN log (did not find any OpenSC/OpenSSL log...?!): > > Sat Sep 24 14:52:10 2011 us=515000 Current Parameter Settings: > Sat Sep 24 14:52:10 2011 us=515000 config = 'C:Program > FilesOpenVPNshareopenvpn-win32configConfig.ovpn' > Sat Sep 24 14:52:10 2011 us=515000 mode = 0 > Sat Sep 24 14:52:10 2011 us=515000 show_ciphers = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 show_digests = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 show_engines = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 genkey = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 key_pass_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 show_tls_ciphers = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 Connection profiles [default]: > Sat Sep 24 14:52:10 2011 us=515000 proto = udp > Sat Sep 24 14:52:10 2011 us=515000 local = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 local_port = 0 > Sat Sep 24 14:52:10 2011 us=515000 remote = 'vpn.reebs.org' > Sat Sep 24 14:52:10 2011 us=515000 remote_port = 1194 > Sat Sep 24 14:52:10 2011 us=515000 remote_float = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 bind_defined = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 bind_local = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 connect_retry_seconds = 5 > Sat Sep 24 14:52:10 2011 us=515000 connect_timeout = 10 > Sat Sep 24 14:52:10 2011 us=515000 connect_retry_max = 0 > Sat Sep 24 14:52:10 2011 us=515000 socks_proxy_server = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 socks_proxy_port = 0 > Sat Sep 24 14:52:10 2011 us=515000 socks_proxy_retry = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 Connection profiles END > Sat Sep 24 14:52:10 2011 us=515000 remote_random = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 ipchange = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 dev = 'tap' > Sat Sep 24 14:52:10 2011 us=515000 dev_type = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 dev_node = 'OpenVPN' > Sat Sep 24 14:52:10 2011 us=515000 lladdr = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 topology = 1 > Sat Sep 24 14:52:10 2011 us=515000 tun_ipv6 = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_local = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_remote_netmask = > '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_noexec = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_nowarn = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 shaper = 0 > Sat Sep 24 14:52:10 2011 us=515000 tun_mtu = 1500 > Sat Sep 24 14:52:10 2011 us=515000 tun_mtu_defined = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 link_mtu = 1500 > Sat Sep 24 14:52:10 2011 us=515000 link_mtu_defined = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 tun_mtu_extra = 32 > Sat Sep 24 14:52:10 2011 us=515000 tun_mtu_extra_defined = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 fragment = 0 > Sat Sep 24 14:52:10 2011 us=515000 mtu_discover_type = -1 > Sat Sep 24 14:52:10 2011 us=515000 mtu_test = 0 > Sat Sep 24 14:52:10 2011 us=515000 mlock = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 keepalive_ping = 0 > Sat Sep 24 14:52:10 2011 us=515000 keepalive_timeout = 0 > Sat Sep 24 14:52:10 2011 us=515000 inactivity_timeout = 0 > Sat Sep 24 14:52:10 2011 us=515000 ping_send_timeout = 0 > Sat Sep 24 14:52:10 2011 us=515000 ping_rec_timeout = 0 > Sat Sep 24 14:52:10 2011 us=515000 ping_rec_timeout_action = 0 > Sat Sep 24 14:52:10 2011 us=515000 ping_timer_remote = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 remap_sigusr1 = 0 > Sat Sep 24 14:52:10 2011 us=515000 explicit_exit_notification = 0 > Sat Sep 24 14:52:10 2011 us=515000 persist_tun = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 persist_local_ip = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 persist_remote_ip = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 persist_key = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 mssfix = 1450 > Sat Sep 24 14:52:10 2011 us=515000 resolve_retry_seconds = 1000000000 > Sat Sep 24 14:52:10 2011 us=515000 username = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 groupname = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 chroot_dir = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 cd_dir = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 writepid = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 up_script = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 down_script = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 down_pre = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 up_restart = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 up_delay = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 daemon = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 inetd = 0 > Sat Sep 24 14:52:10 2011 us=515000 log = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 suppress_timestamps = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 nice = 0 > Sat Sep 24 14:52:10 2011 us=515000 verbosity = 4 > Sat Sep 24 14:52:10 2011 us=515000 mute = 0 > Sat Sep 24 14:52:10 2011 us=515000 gremlin = 0 > Sat Sep 24 14:52:10 2011 us=515000 status_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 status_file_version = 1 > Sat Sep 24 14:52:10 2011 us=515000 status_file_update_freq = 60 > Sat Sep 24 14:52:10 2011 us=515000 occ = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 rcvbuf = 0 > Sat Sep 24 14:52:10 2011 us=515000 sndbuf = 0 > Sat Sep 24 14:52:10 2011 us=515000 sockflags = 0 > Sat Sep 24 14:52:10 2011 us=515000 fast_io = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 lzo = 7 > Sat Sep 24 14:52:10 2011 us=515000 route_script = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 route_default_gateway = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 route_default_metric = 0 > Sat Sep 24 14:52:10 2011 us=515000 route_noexec = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 route_delay = 5 > Sat Sep 24 14:52:10 2011 us=515000 route_delay_window = 30 > Sat Sep 24 14:52:10 2011 us=515000 route_delay_defined = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 route_nopull = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 route_gateway_via_dhcp = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 max_routes = 100 > Sat Sep 24 14:52:10 2011 us=515000 allow_pull_fqdn = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 management_addr = '127.0.0.1' > Sat Sep 24 14:52:10 2011 us=515000 management_port = 11196 > Sat Sep 24 14:52:10 2011 us=515000 management_user_pass = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 management_log_history_cache = 250 > Sat Sep 24 14:52:10 2011 us=515000 management_echo_buffer_size = 100 > Sat Sep 24 14:52:10 2011 us=515000 management_write_peer_info_file = > '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 management_client_user = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 management_client_group = > '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 management_flags = 30 > Sat Sep 24 14:52:10 2011 us=515000 shared_secret_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 key_direction = 2 > Sat Sep 24 14:52:10 2011 us=515000 ciphername_defined = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 ciphername = 'AES-256-CBC' > Sat Sep 24 14:52:10 2011 us=515000 authname_defined = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 authname = 'SHA' > Sat Sep 24 14:52:10 2011 us=515000 prng_hash = 'SHA1' > Sat Sep 24 14:52:10 2011 us=515000 prng_nonce_secret_len = 16 > Sat Sep 24 14:52:10 2011 us=515000 keysize = 0 > Sat Sep 24 14:52:10 2011 us=515000 engine = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 replay = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 mute_replay_warnings = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 replay_window = 64 > Sat Sep 24 14:52:10 2011 us=515000 replay_time = 15 > Sat Sep 24 14:52:10 2011 us=515000 packet_id_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 use_iv = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 test_crypto = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 tls_server = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 tls_client = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 key_method = 2 > Sat Sep 24 14:52:10 2011 us=515000 ca_file = 'ca.crt' > Sat Sep 24 14:52:10 2011 us=515000 ca_path = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 dh_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 cert_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 priv_key_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 pkcs12_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 cryptoapi_cert = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 cipher_list = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 tls_verify = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 tls_export_cert = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 tls_remote = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 crl_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 ns_cert_type = 0 > Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 160 > Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 136 > Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 0 > Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 0 > Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 0 > Sat Sep 24 14:52:10 2011 us=515000 remote_cert_eku = 'TLS Web Server > Authentication' > Sat Sep 24 14:52:10 2011 us=515000 tls_timeout = 2 > Sat Sep 24 14:52:10 2011 us=515000 renegotiate_bytes = 0 > Sat Sep 24 14:52:10 2011 us=515000 renegotiate_packets = 0 > Sat Sep 24 14:52:10 2011 us=515000 renegotiate_seconds = 3600 > Sat Sep 24 14:52:10 2011 us=515000 handshake_window = 60 > Sat Sep 24 14:52:10 2011 us=515000 transition_window = 3600 > Sat Sep 24 14:52:10 2011 us=515000 single_session = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 push_peer_info = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 tls_exit = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 tls_auth_file = 'ta.key' > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_providers = C:Program > FilesOpenVPNbinopensc-pkcs11.dll > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_protected_authentication = > DISABLED > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_protected_authentication = > DISABLED > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_private_mode = 00000000 > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_private_mode = 00000000 > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_cert_private = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_cert_private = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_pin_cache_period = -1 > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_id = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 pkcs11_id_management = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 server_network = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 server_netmask = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 server_bridge_ip = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 server_bridge_netmask = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 server_bridge_pool_start = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 server_bridge_pool_end = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_defined = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_start = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_end = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_netmask = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_persist_filename = > '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_persist_refresh_freq > = > 600 > Sat Sep 24 14:52:10 2011 us=515000 n_bcast_buf = 256 > Sat Sep 24 14:52:10 2011 us=515000 tcp_queue_limit = 64 > Sat Sep 24 14:52:10 2011 us=515000 real_hash_size = 256 > Sat Sep 24 14:52:10 2011 us=515000 virtual_hash_size = 256 > Sat Sep 24 14:52:10 2011 us=515000 client_connect_script = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 learn_address_script = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 client_disconnect_script = > '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 client_config_dir = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 ccd_exclusive = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 tmp_dir = > 'C:DOCUME~1reeb000pLOCALS~1Temp' > Sat Sep 24 14:52:10 2011 us=515000 push_ifconfig_defined = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 push_ifconfig_local = 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 push_ifconfig_remote_netmask = > 0.0.0.0 > Sat Sep 24 14:52:10 2011 us=515000 enable_c2c = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 duplicate_cn = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 cf_max = 0 > Sat Sep 24 14:52:10 2011 us=515000 cf_per = 0 > Sat Sep 24 14:52:10 2011 us=515000 max_clients = 1024 > Sat Sep 24 14:52:10 2011 us=515000 max_routes_per_client = 256 > Sat Sep 24 14:52:10 2011 us=515000 auth_user_pass_verify_script = > '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 > auth_user_pass_verify_script_via_file = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 ssl_flags = 0 > Sat Sep 24 14:52:10 2011 us=515000 client = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 pull = ENABLED > Sat Sep 24 14:52:10 2011 us=515000 auth_user_pass_file = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 show_net_up = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 route_method = 0 > Sat Sep 24 14:52:10 2011 us=515000 ip_win32_defined = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 ip_win32_type = 3 > Sat Sep 24 14:52:10 2011 us=515000 dhcp_masq_offset = 0 > Sat Sep 24 14:52:10 2011 us=515000 dhcp_lease_time = 31536000 > Sat Sep 24 14:52:10 2011 us=515000 tap_sleep = 0 > Sat Sep 24 14:52:10 2011 us=515000 dhcp_options = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 dhcp_renew = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 dhcp_pre_release = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 dhcp_release = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 domain = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 netbios_scope = '[UNDEF]' > Sat Sep 24 14:52:10 2011 us=515000 netbios_node_type = 0 > Sat Sep 24 14:52:10 2011 us=515000 disable_nbt = DISABLED > Sat Sep 24 14:52:10 2011 us=515000 OpenVPN 2.2.1 i686-w64-mingw32 > [SSL] > [LZO2] [PKCS11] built on Jul 13 2011 > Sat Sep 24 14:52:10 2011 us=562000 MANAGEMENT: TCP Socket listening > on > 127.0.0.1:11196 > Sat Sep 24 14:52:10 2011 us=562000 Need hold release from management > interface, waiting... > Sat Sep 24 14:52:11 2011 us=93000 MANAGEMENT: Client connected from > 127.0.0.1:11196 > Sat Sep 24 14:52:11 2011 us=93000 MANAGEMENT: CMD 'log on all' > Sat Sep 24 14:52:11 2011 us=656000 MANAGEMENT: CMD 'state on' > Sat Sep 24 14:52:11 2011 us=671000 MANAGEMENT: CMD 'hold release' > Sat Sep 24 14:52:11 2011 us=718000 PKCS#11: Adding PKCS#11 provider > 'C:Program FilesOpenVPNbinopensc-pkcs11.dll' > Sat Sep 24 14:52:14 2011 us=375000 NOTE: OpenVPN 2.1 requires > '--script-security 2' or higher to call user-defined scripts or > executables > Sat Sep 24 14:52:14 2011 us=625000 MANAGEMENT: CMD 'pkcs11-id-count' > Sat Sep 24 14:52:14 2011 us=640000 MANAGEMENT: CMD 'pkcs11-id-get 0' > Sat Sep 24 14:52:14 2011 us=656000 MANAGEMENT: CMD 'needstr > 'pkcs11-id-request' > 'OpenSCx20Project/PKCSx2315/0001D049FFFF0000/OpenSCx20Cardx20x28xxxx20xxxx29/45'' > Sat Sep 24 14:52:14 2011 us=718000 Control Channel Authentication: > using 'ta.key' as a OpenVPN static key file > Sat Sep 24 14:52:14 2011 us=734000 Outgoing Control Channel > Authentication: Using 160 bit message hash 'SHA' for HMAC > authentication > Sat Sep 24 14:52:14 2011 us=734000 Incoming Control Channel > Authentication: Using 160 bit message hash 'SHA' for HMAC > authentication > Sat Sep 24 14:52:14 2011 us=734000 LZO compression initialized > Sat Sep 24 14:52:14 2011 us=734000 Control Channel MTU parms [ L:1590 > D:166 EF:66 EB:0 ET:0 EL:0 ] > Sat Sep 24 14:52:14 2011 us=734000 Socket Buffers: R=[128000->128000] > S=[49152->49152] > Sat Sep 24 14:52:14 2011 us=734000 MANAGEMENT: >>STATE:1316868734,RESOLVE,,, > Sat Sep 24 14:52:15 2011 us=625000 Data Channel MTU parms [ L:1590 > D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ] > Sat Sep 24 14:52:15 2011 us=625000 Local Options String: 'V4,dev-type > tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher > AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method 2,tls-client' > Sat Sep 24 14:52:15 2011 us=625000 Expected Remote Options String: > 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto > UDPv4,comp-lzo,keydir > 0,cipher AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method > 2,tls-server' > Sat Sep 24 14:52:15 2011 us=625000 Local Options hash (VER=V4): > 'cabf0c6d' > Sat Sep 24 14:52:15 2011 us=625000 Expected Remote Options hash > (VER=V4): '3a7a252b' > Sat Sep 24 14:52:15 2011 us=625000 UDPv4 link local: [undef] > Sat Sep 24 14:52:15 2011 us=625000 UDPv4 link remote: > 84.168.255.68:1194 > Sat Sep 24 14:52:15 2011 us=625000 MANAGEMENT: >>STATE:1316868735,WAIT,,, > Sat Sep 24 14:52:16 2011 us=687000 MANAGEMENT: >>STATE:1316868736,AUTH,,, > Sat Sep 24 14:52:16 2011 us=687000 TLS: Initial packet from > 84.168.255.68:1194, sid=36c89d30 585b28cf > Sat Sep 24 14:52:27 2011 us=421000 VERIFY OK: depth=1, /C=xxxxx > Sat Sep 24 14:52:27 2011 us=437000 Validating certificate key usage > Sat Sep 24 14:52:27 2011 us=437000 ++ Certificate has key usage 00a0, > expects 00a0 > Sat Sep 24 14:52:27 2011 us=437000 VERIFY KU OK > Sat Sep 24 14:52:27 2011 us=437000 Validating certificate extended > key > usage > Sat Sep 24 14:52:27 2011 us=437000 ++ Certificate has EKU (str) TLS > Web > Server Authentication, expects TLS Web Server Authentication > Sat Sep 24 14:52:27 2011 us=437000 VERIFY EKU OK > Sat Sep 24 14:52:27 2011 us=437000 VERIFY OK: depth=0, /C=xxxxxx >>>>>> SAT SEP 24 14:52:44 2011 US=218000 MANAGEMENT: CMD 'PASSWORD > [...]' >>>>>> FIRST REQUEST FOR PASSWORD >>>>>> SAT SEP 24 14:52:49 2011 US=515000 MANAGEMENT: CMD 'PASSWORD > [...]' >>>>>> SECOND REQUEST FOR PASSWORD > Sat Sep 24 14:53:15 2011 us=15000 TLS Error: TLS key negotiation > failed > to occur within 60 seconds (check your network connectivity) > Sat Sep 24 14:53:15 2011 us=15000 TLS Error: TLS handshake failed > Sat Sep 24 14:53:15 2011 us=31000 TCP/UDP: Closing socket > Sat Sep 24 14:53:15 2011 us=62000 SIGUSR1[soft,tls-error] received, > process restarting > Sat Sep 24 14:53:15 2011 us=62000 MANAGEMENT: >>STATE:1316868795,RECONNECTING,tls-error,, > Sat Sep 24 14:53:15 2011 us=78000 MANAGEMENT: CMD 'log on all' > Sat Sep 24 14:53:15 2011 us=906000 MANAGEMENT: CMD 'state on' > Sat Sep 24 14:53:15 2011 us=921000 MANAGEMENT: CMD 'hold release' > Sat Sep 24 14:53:15 2011 us=937000 NOTE: OpenVPN 2.1 requires > '--script-security 2' or higher to call user-defined scripts or > executables > Sat Sep 24 14:53:15 2011 us=937000 Re-using SSL/TLS context > Sat Sep 24 14:53:15 2011 us=937000 LZO compression initialized > Sat Sep 24 14:53:15 2011 us=937000 Control Channel MTU parms [ L:1590 > D:166 EF:66 EB:0 ET:0 EL:0 ] > Sat Sep 24 14:53:15 2011 us=937000 Socket Buffers: R=[128000->128000] > S=[49152->49152] > Sat Sep 24 14:53:15 2011 us=937000 MANAGEMENT: >>STATE:1316868795,RESOLVE,,, > Sat Sep 24 14:53:17 2011 us=265000 Data Channel MTU parms [ L:1590 > D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ] > Sat Sep 24 14:53:17 2011 us=265000 Local Options String: 'V4,dev-type > tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher > AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method 2,tls-client' > Sat Sep 24 14:53:17 2011 us=265000 Expected Remote Options String: > 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto > UDPv4,comp-lzo,keydir > 0,cipher AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method > 2,tls-server' > Sat Sep 24 14:53:17 2011 us=265000 Local Options hash (VER=V4): > 'cabf0c6d' > Sat Sep 24 14:53:17 2011 us=265000 Expected Remote Options hash > (VER=V4): '3a7a252b' > Sat Sep 24 14:53:17 2011 us=265000 UDPv4 link local: [undef] > Sat Sep 24 14:53:17 2011 us=265000 UDPv4 link remote: > 84.168.255.68:1194 > Sat Sep 24 14:53:17 2011 us=265000 MANAGEMENT: >>STATE:1316868797,WAIT,,, > Sat Sep 24 14:53:18 2011 us=500000 MANAGEMENT: >>STATE:1316868798,AUTH,,, > Sat Sep 24 14:53:18 2011 us=500000 TLS: Initial packet from > 84.168.255.68:1194, sid=dacee84d acb2e16e > Sat Sep 24 14:53:29 2011 us=93000 VERIFY OK: depth=1, /C=xxxx > Sat Sep 24 14:53:29 2011 us=93000 Validating certificate key usage > Sat Sep 24 14:53:29 2011 us=93000 ++ Certificate has key usage 00a0, > expects 00a0 > Sat Sep 24 14:53:29 2011 us=93000 VERIFY KU OK > Sat Sep 24 14:53:29 2011 us=93000 Validating certificate extended key > usage > Sat Sep 24 14:53:29 2011 us=93000 ++ Certificate has EKU (str) TLS > Web > Server Authentication, expects TLS Web Server Authentication > Sat Sep 24 14:53:29 2011 us=93000 VERIFY EKU OK > Sat Sep 24 14:53:29 2011 us=93000 VERIFY OK: depth=0, /C=xxxx >>>>>> HERE ASK FOR PASSWORD AGAIN > Sat Sep 24 14:53:45 2011 us=250000 MANAGEMENT: CMD 'signal SIGTERM' _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
