Hi,
On 15/04/15 17:03, Jonathan K. Bullard wrote:
Probably nothing to do with your problem, but because Tunnelblick's
copies of OpenVPN are statically linked with their own copy of the
OpenSSL libraries, to get the ciphers you must use a command like:
$ cd
/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6
$ ./openvpn --show-ciphers
actually, use
openvpn --show-tls
as this is the control channel auth that is failing - that channel uses
a different cipher method.
HTH,
JJK
On Wed, Apr 15, 2015 at 10:29 AM, Chris Ross <cross+open...@distal.com
<mailto:cross+open...@distal.com>> wrote:
> On Apr 15, 2015, at 09:34, Jan Just Keijser <janj...@nikhef.nl
<mailto:janj...@nikhef.nl>> wrote:
> it's the line
> SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
>
> which is "interesting" here: make sure you use the same set of
tls-ciphers on both ends. What's in your server and client config
? If nothing is specified then it should "just work” .
Right. That’s the line I was noting as well, of course. I
followed the “openvpn --show-ciphers” advice, and see the same on
both. I also tried a couple ciphers in both the client and server
config files, with no change. But the above was with neither file
specifying a cipher specifically, thus defaulting to BF-CBC.
> Better yet, post your entire (sanitized) server config so we can
take a look at it. That will help greatly in troubleshooting the
issue.
Can do. Hash comments and most of the semi-colon comments
removed, my main server-side network obscured, this is the
server-side config. Thanks for your help…
- Chris
————
;local a.b.c.d
port 1194
proto tcp
;proto udp
;dev tap
dev tun
ca cert/distal-ca.crt
cert cert/distalvpn.crt
key private/distalvpn.key # This file should be kept secret
dh cert/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
push "route AA.BB.CC.0 255.255.255.0"
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live
exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
<mailto:Openvpn-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
