You are not logged in.
Pages: 1
I am having problem connecting to VPN using OpenVPN client. I have followed the WIKI several times yet I get the same issues which are evident in the log file I have coded below.
This actually is a very simple process in other Distros (Ubuntu and Fedora) where I simply, after installing OpenVPN, have to add client.conf and ca.crt files provided to /etc/openvpn and it works from terminal without any additional ado. However, as you can see in log below I am having issues.
Please help me understand the issue and guide to the solution.
Fri May 11 17:32:00 2012 OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 3 2012
Fri May 11 17:32:22 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri May 11 17:32:22 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri May 11 17:32:22 2012 LZO compression initialized
Fri May 11 17:32:22 2012 Attempting to establish TCP connection with xx.xxx.xx.xx:xxx [nonblock]
Fri May 11 17:32:23 2012 TCP connection established with xx.xxx.xx.xx:xxx
Fri May 11 17:32:23 2012 TCPv4_CLIENT link local: [undef]
Fri May 11 17:32:23 2012 TCPv4_CLIENT link remote: xx.xxx.xx.xx:xxx
Fri May 11 17:32:23 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri May 11 17:32:26 2012 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=xx/L=xxxxxx/O=xxxxxx/OU=xxx/CN=xxxxxx_CA/emailAddress=csp@xxxxxx.xx.xx
Fri May 11 17:32:26 2012 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri May 11 17:32:26 2012 NOTE: --mute triggered...
Fri May 11 17:32:26 2012 2 variation(s) on previous 2 message(s) suppressed by --mute
Fri May 11 17:32:26 2012 Fatal TLS error (check_tls_errors_co), restarting
Fri May 11 17:32:26 2012 SIGTERM[soft,tls-error] received, process exiting
P.S. if mods feel this should be in the Networking Section, please move it.
Thanks..
Last edited by fantab (2012-05-12 16:17:40)
"Evolution is the nature's way of issuing upgrades".
__________________________________________________________
Arch_x64-Gnome-Shell ~ Arch-lts_x64-Xfce ~ LMDE_x64-Cinnamon
Offline
To suppress this message:
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
put
script-security 3
in your /etc/openvpn/openvpn.conf. The following one:
VERIFY ERROR: depth=1, error=self signed certificate in certificate chain
may suggest that your client has no access to CA certificates. Ensure this part is set up as following:
ca /etc/openvpn/ca.crt
cert /etc/openvpn/user.crt
key /etc/openvpn/user.key
ns-cert-type server
Would you mind pasting the exact content of your /etc/openvpn/openvpn.conf?
Edit: is your OpenVPN instructed to update /etc/resolv.conf once the connection is established? Do you have a file with your password in your config directory and a line in the config file pointing it, like this:
auth-user-pass /etc/openvpn/password
?
Last edited by bohoomil (2012-05-11 14:09:30)
:: Registered Linux User No. 223384
:: github
:: infinality-bundle+fonts: good looking fonts made easy
Offline
I figured it out.
I had to create and execute update-resolv.conf (as instructed in the Deprecated older wiki content), however it is to be placed in /etc/openvpn and not where the WIKI told to. Just to make sure I re-downloaded and replaced ca.crt and client.conf from the my VPN provider in /etc/openvpn.
That was fun. I have my VPN working.
Thanks bhoomil for the time.
"Evolution is the nature's way of issuing upgrades".
__________________________________________________________
Arch_x64-Gnome-Shell ~ Arch-lts_x64-Xfce ~ LMDE_x64-Cinnamon
Offline
Pages: 1