Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- C:\Program Files\OpenVPN\config\dvr>openvpn --config dvr.ovpn
- Fri Apr 03 23:01:53 2015 OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014
- Fri Apr 03 23:01:53 2015 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
- Enter Auth Username:owner
- Enter Auth Password:
- Fri Apr 03 23:01:59 2015 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
- Fri Apr 03 23:01:59 2015 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
- Fri Apr 03 23:01:59 2015 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
- Fri Apr 03 23:01:59 2015 UDPv4 link local: [undef]
- Fri Apr 03 23:01:59 2015 UDPv4 link remote: [AF_INET]23.122.x.x:1194
- Fri Apr 03 23:02:00 2015 VERIFY ERROR: depth=0, error=unsupported certificate purpose: (removed)
- Fri Apr 03 23:02:00 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
- Fri Apr 03 23:02:00 2015 TLS Error: TLS object -> incoming plaintext read error
- Fri Apr 03 23:02:00 2015 TLS Error: TLS handshake failed
- Fri Apr 03 23:02:00 2015 SIGUSR1[soft,tls-error] received, process restarting
- Fri Apr 03 23:02:02 2015 UDPv4 link local: [undef]
- Fri Apr 03 23:02:02 2015 UDPv4 link remote: [AF_INET]23.x.x.x:1194
- =======================================
- cert permissions
- root@linux-a51:/etc# ls -l openvpn/certs/
- total 28
- -rw-r--r-- 1 root root 1708 Apr 3 22:21 ca.crt
- -rw------- 1 root root 1704 Apr 3 22:21 ca.key
- -rw-r--r-- 1 root root 424 Apr 3 22:22 dh2048.pem
- -rw-r--r-- 1 root root 5438 Apr 3 22:23 dvr.crt
- -rw------- 1 root root 1704 Apr 3 22:23 dvr.key
- -rw------- 1 root root 636 Apr 3 22:30 ta.key
- All keys look correct:
- cat /etc/openvpn/certs/ca.crt
- cat /etc/openvpn/certs/ca.key
- cat /etc/openvpn/certs/dvr.crt
- cat /etc/openvpn/certs/dvr.key
- cat /etc/openvpn/certs/dh2048.pem
- =======================================
- server.conf file
- nano /etc/openvpn/server.conf
- port 1194
- proto udp
- dev tun
- ca /etc/openvpn/certs/ca.crt
- cert /etc/openvpn/certs/dvr.crt
- key /etc/openvpn/certs/dvr.key
- dh /etc/openvpn/certs/dh2048.pem
- tls-auth /etc/openvpn/certs/ta.key 0
- server 192.168.88.0 255.255.255.0
- ifconfig-pool-persist ipp.txt
- push "redirect-gateway def1 bypass-dhcp"
- push "dhcp-option DNS 8.8.8.8"
- push "dhcp-option DNS 8.8.4.4"
- client-to-client
- keepalive 1800 4000
- cipher DES-EDE3-CBC # Triple-DES
- comp-lzo
- max-clients 10
- user nobody
- group nogroup
- persist-key
- persist-tun
- #log openvpn.log
- #status openvpn-status.log
- verb 5
- mute 20
- #
- #
- =======================================
- client.conf on windows box
- client
- dev tun
- proto udp
- auth-user-pass
- ns-cert-type server
- remote dvr.owner.com 1194
- ca ca.crt
- cert dvr.crt
- key dvr.key
- tls-auth ta.key 1
- ca c:\\PROGRA~1\\OpenVPN\\config\\dvr\\ca.crt
- cert c:\\PROGRA~1\\OpenVPN\\config\\dvr\\dvr.crt
- key c:\\PROGRA~1\\OpenVPN\\config\\dvr\\dvr.key
- tls-auth c:\\PROGRA~1\\OpenVPN\\config\\dvr\\ta.key 1
- cipher DES-EDE3-CBC
- comp-lzo
- resolv-retry infinite
- nobind
- auth-nocache
- script-security 2
- persist-key
- persist-tun
- verb 2
- =======================================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement