[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Certificate Problems getting Linux<->Windows tunnel to work?

  • Subject: [Openvpn-users] Certificate Problems getting Linux<->Windows tunnel to work?
  • From: Carl Perry <cperry@xxxxxxxxxxxxx>
  • Date: Tue, 16 Sep 2003 10:59:40 -0500
I'm testing OpenVPN here at the office as a road-warrior solution.  I've
got a Win2k notebook and our Linux firewall on a hub connected to our T1
line.  When I try to launch the OpenVPN client on windows, I get the
following messages:

Mon Sep 15 18:26:18 2003 24: Authenticate/Decrypt packet error: bad
packet ID (may be a replay): [ #1 / time = (1063667992) Mon Sep 15
18:19:52 2003 ]
Mon Sep 15 18:26:18 2003 25: TLS Error: incoming packet authentication
failed from 67.153.25.126:500
...
Mon Sep 15 18:26:18 2003 38: Authenticate/Decrypt packet error: bad
packet ID (
may be a replay): [ #23 / time = (1063667992) Mon Sep 15 18:19:52 2003 ]
Mon Sep 15 18:26:18 2003 39: TLS Error: incoming packet authentication
failed fr
om 67.153.25.126:5000
Mon Sep 15 18:26:18 2003 40: VERIFY ERROR: depth=0, error=unsupported
certifi
cate purpose:
/C=US/ST=Texas/L=Austin/O=TICOM.Geomtaics.VPN/OU=IPSEC.VPN.Server.
Certificate/CN=dimebox.ticom-geo.com/emailAddress=cperry@xxxxxxxxxxxxx
Mon Sep 15 18:26:18 2003 41: TLS_ERROR: BIO read tls_read_plaintext
error: error
:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 15 18:26:18 2003 42: TLS Error: TLS object -> incoming plaintext
read er
ror
Mon Sep 15 18:26:18 2003 43: TLS Error: TLS handshake failed
Mon Sep 15 18:26:18 2003 44: TLS Error: Unroutable control packet
received from
 67.153.25.126:5000 (si=3 op=P_CONTROL_V1)

The linux side has less details:

Mon Sep 15 23:19:52 2003 26[0]: TLS: tls_pre_decrypt: first response to
initial
 packet from 67.153.25.80:5000, sid=5c4768a4 6890f26f
Mon Sep 15 23:19:52 2003 27[0]: Authenticate/Decrypt packet error: bad
packet I
D (may be a replay): [ #1 / time = (1063668373) Mon Sep 15 23:26:13 2003 ]
Mon Sep 15 23:19:52 2003 28[0]: TLS Error: incoming packet
authentication failed
 from 67.153.25.80:5000
Mon Sep 15 23:19:52 2003 29[0]: Authenticate/Decrypt packet error: bad
packet
ID (may be a replay): [ #2 / time = (1063668373) Mon Sep 15 23:26:13 2003 ]
Mon Sep 15 23:19:52 2003 30[0]: TLS Error: incoming packet
authentication failed
 from 67.153.25.80:5000

Is this a configuration issue, a lack of router issue, or a TLS
certificate issue?  I've tried with both UDP and TCP transport, same
results.  I have not tried going from linux to linux yet, as windows to
linux is far more valuable to me in the short term.  I am willing to
post config files and public certificates if they will be of help.  I'm
sorry if this has come up before and an answer posted to the list, but
SF's lack of search function makes it difficult to find past messages. 
I did check back about three months on the list archive manually, but
may have missed some stuff.  Any information would be appreciated.  Thanks!

    -Carl

Attachment: pgpzaPZDbZriu.pgp
Description: PGP signature