OpenVPN + SSL

Tomas MACOUREK konference na microware.cz
Neděle Únor 6 09:23:53 CET 2005 

Tomas MACOUREK wrote:
> Dobry den,
> 
> opet se po case vracim k OpenVPN. Routovani jsme uz pred casem 
> rozebehli, ted zase resim neco jineho, tedy certifikaty.
> 
> Pokud vygeneruji certifikaty od ca až po klientsky pomoci easy-rsa 
> skriptu, koncim neustale s podobnou hlaskou viz nize. Jelikoz je mi 
> jasne ze je to na 99% rukama :( obracim se na Vas zda nemate nekde krok 
> za krokem popis navod ci neco jak SPRAVNE vygenerovat resp. mozna co 
> nastavit.
> 
> S testovacimi certifikaty prilozenymi k distribuci to chodi ok!
> 
> ===========
> Sat Feb 05 20:07:01 2005 us=669880 Current Parameter Settings:
> Sat Feb 05 20:07:01 2005 us=670128   config = 'C:\Program 
> Files\OpenVPN\config\test.ovpn'
> Sat Feb 05 20:07:01 2005 us=670212   mode = 0
> Sat Feb 05 20:07:01 2005 us=670249   show_ciphers = DISABLED
> Sat Feb 05 20:07:01 2005 us=670332   show_digests = DISABLED
> Sat Feb 05 20:07:01 2005 us=670370   show_engines = DISABLED
> Sat Feb 05 20:07:01 2005 us=670402   genkey = DISABLED
> Sat Feb 05 20:07:01 2005 us=670438   key_pass_file = '[UNDEF]'
> Sat Feb 05 20:07:01 2005 us=670476   show_tls_ciphers = DISABLED
> Sat Feb 05 20:07:01 2005 us=670507   proto = 0
> Sat Feb 05 20:07:01 2005 us=670538 NOTE: --mute triggered...
> Sat Feb 05 20:07:01 2005 us=670597 177 variation(s) on previous 10 
> message(s) su
> ppressed by --mute
> Sat Feb 05 20:07:01 2005 us=670648 OpenVPN 2.0_rc6 Win32-MinGW [SSL] 
> [LZO] built
>  on Dec 20 2004
> Sat Feb 05 20:07:01 2005 us=670951 WARNING: No server certificate 
> verification m
> ethod has been enabled.  See 
> http://openvpn.sourceforge.net/howto.html#mitm for
> more info.
> Sat Feb 05 20:07:01 2005 us=674490 LZO compression initialized
> Sat Feb 05 20:07:01 2005 us=674697 Control Channel MTU parms [ L:1574 
> D:138 EF:3
> 8 EB:0 ET:0 EL:0 ]
> Sat Feb 05 20:07:01 2005 us=681234 Data Channel MTU parms [ L:1574 
> D:1450 EF:42
> EB:23 ET:32 EL:0 AF:3/1 ]
> Sat Feb 05 20:07:01 2005 us=681442 Local Options String: 'V4,dev-type 
> tap,link-m
> tu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth 
> SHA1,keysize 128,ke
> y-method 2,tls-client'
> Sat Feb 05 20:07:01 2005 us=681610 Expected Remote Options String: 
> 'V4,dev-type
> tap,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher BF-CBC,auth 
> SHA1,keys
> ize 128,key-method 2,tls-server'
> Sat Feb 05 20:07:01 2005 us=681771 Local Options hash (VER=V4): 'd79ca330'
> Sat Feb 05 20:07:01 2005 us=681978 Expected Remote Options hash 
> (VER=V4): 'f7df5
> 6b8'
> Sat Feb 05 20:07:01 2005 us=682157 Socket Buffers: R=[8192->8192] 
> S=[8192->8192]
> 
> Sat Feb 05 20:07:01 2005 us=682265 UDPv4 link local (bound): [undef]:5021
> Sat Feb 05 20:07:01 2005 us=682326 UDPv4 link remote: 82.142.79.161:5021
> Sat Feb 05 20:07:01 2005 us=696812 TLS: Initial packet from 
> 82.142.79.161:5021,
> sid=90e5c1ee a7c967c8
> Sat Feb 05 20:07:01 2005 us=828861 VERIFY ERROR: depth=1, 
> error=certificate is n
> ot yet valid: /C=CZ/ST=NA/L=PRAGUE/O=Test_SRV/CN=SERVER/emailAddress=secur---

------------------------------

Tak to se picnu, ted rano jsem prisela jede to s temi samými certifikáty 
:) co dělám špatně, co je krom openvpn třeba restartnout?



Tomas

Další informace o konferenci Linux