*Solved* OpenVPN Client: Errors

fantab · 2012-05-11 12:37:58

I am having problem connecting to VPN using OpenVPN client. I have followed the WIKI several times yet I get the same issues which are evident in the log file I have coded below.

This actually is a very simple process in other Distros (Ubuntu and Fedora) where I simply, after installing OpenVPN, have to add client.conf and ca.crt files provided to /etc/openvpn and it works from terminal without any additional ado. However, as you can see in log below I am having issues.

Please help me understand the issue and guide to the solution.

Fri May 11 17:32:00 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan  3 2012
Fri May 11 17:32:22 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri May 11 17:32:22 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 11 17:32:22 2012 LZO compression initialized
Fri May 11 17:32:22 2012 Attempting to establish TCP connection with xx.xxx.xx.xx:xxx [nonblock]
Fri May 11 17:32:23 2012 TCP connection established with xx.xxx.xx.xx:xxx
Fri May 11 17:32:23 2012 TCPv4_CLIENT link local: [undef]
Fri May 11 17:32:23 2012 TCPv4_CLIENT link remote: xx.xxx.xx.xx:xxx
Fri May 11 17:32:23 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 11 17:32:26 2012 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=xx/L=xxxxxx/O=xxxxxx/OU=xxx/CN=xxxxxx_CA/emailAddress=csp@xxxxxx.xx.xx
Fri May 11 17:32:26 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri May 11 17:32:26 2012 NOTE: --mute triggered...
Fri May 11 17:32:26 2012 2 variation(s) on previous 2 message(s) suppressed by --mute
Fri May 11 17:32:26 2012 Fatal TLS error (check_tls_errors_co), restarting
Fri May 11 17:32:26 2012 SIGTERM[soft,tls-error] received, process exiting

P.S. if mods feel this should be in the Networking Section, please move it.

Thanks..

Last edited by fantab (2012-05-12 16:17:40)

bohoomil · 2012-05-11 14:04:09

To suppress this message:

NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

put

script-security 3

in your /etc/openvpn/openvpn.conf. The following one:

VERIFY ERROR: depth=1, error=self signed certificate in certificate chain

may suggest that your client has no access to CA certificates. Ensure this part is set up as following:

ca /etc/openvpn/ca.crt
cert /etc/openvpn/user.crt
key /etc/openvpn/user.key

ns-cert-type server

Would you mind pasting the exact content of your /etc/openvpn/openvpn.conf?

Edit: is your OpenVPN instructed to update /etc/resolv.conf once the connection is established? Do you have a file with your password in your config directory and a line in the config file pointing it, like this:

auth-user-pass /etc/openvpn/password

?

Last edited by bohoomil (2012-05-11 14:09:30)

fantab · 2012-05-12 16:17:04

I figured it out.

I had to create and execute update-resolv.conf (as instructed in the Deprecated older wiki content), however it is to be placed in /etc/openvpn and not where the WIKI told to. Just to make sure I re-downloaded and replaced ca.crt and client.conf from the my VPN provider in /etc/openvpn.

That was fun. I have my VPN working.

Thanks bhoomil for the time.

Arch Linux

#1 2012-05-11 12:37:58