I’m experienced with UNIX/BSD networking, but this is my first effort with
OpenVPN. I’ve got openvpn 2.3.6 running on a NetBSD router, and ran through a
by-hand version of the steps in easy-rsa to generate server and client
certificates. I have a Mac OS X client running Tunnelblick which has openvpn
2.3.6 inside of it.
My configs are very close to the stock examples, except that I’ve set them to
use TCP instead of UDP with tun, and I set the server sides user and group to
use nobody. I’m also trying to use IPv6 inside of the VPN, but that’s a
secondary detail at this point.
I can get the TCP connection to establish, but when Tunnelblick is reporting
an attempt to authenticate, it just fails and retries over and over. The logs
on the server side show:
Apr 14 16:59:15 bifröst openvpn[10483]: TCP connection established with
[AF_INET]A.B.D.C:63007
Apr 14 16:59:16 bifröst openvpn[10483]: A.B.D.C:63007 TLS: Initial packet from
[AF_INET]A.B.D.C:63007, sid=c8fff105 88ece256
Apr 14 16:59:16 bifröst openvpn[10483]: A.B.D.C:63007 TLS_ERROR: BIO read
tls_read_plaintext error: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher
Apr 14 16:59:16 bifröst openvpn[10483]: A.B.D.C:63007 TLS Error: TLS object ->
incoming plaintext read error
Apr 14 16:59:16 bifröst openvpn[10483]: A.B.D.C:63007 TLS Error: TLS handshake
failed
Apr 14 16:59:16 bifröst openvpn[10483]: A.B.D.C:63007 Fatal TLS error
(check_tls_errors_co), restarting
Apr 14 16:59:16 bifröst openvpn[10483]: A.B.D.C:63007 SIGUSR1[soft,tls-error]
received, client-instance restarting
…and these just loop over and over until I interrupt the clients attempts.
Have I failed to set up my certificates properly? Have I failed to configure
the server and/or client properly?
I can attach configs, or client logs, if that would help. Mostly, I’m just
looking for some help, as my first pass of googling for answers haven’t yielded
anything that look like the right answer. I’ve found a few things that are
close, but not yielding any suggestions or solutions that I was able to
understand and draw a solution for myself from.
Thanks much…
- Chris
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
