|
|
James Yonan wrote:
>Carl,
>
>Offhand, I don't see anything wrong with the configs. I personally use a
>configuration very similar to yours, i.e. tls security + tls-auth, windows to
>linux, and I've never had a problem like this.
>
>Have you tried a static key tunnel? It would be interesting to see if you
>also get the packet duplication with that.
>
>
Static keys work just fine.
>Have you tried running tcpdump on port 5000 to see if there really is packet
>duplication occurring?
>
>
No real packet duplication occuring, just retries from the server,
>You might also do a loopback test on your tls config to check that it is
>correct, independent of the networking issues.
>
>See the linux INSTALL file for more info on loopback tests.
>
>
The loopback tests work fine as well.
I'm thinking it may be some sort of issue with my CA. I'm using the
openssl CA script with a slightly tweaked openssl.cnf - nothing
exciting, just corrected default values for fields (country, locality,
etc). I just noticed that the server is running OpenSSL 0.9.6b - that
could be part of it. I'm trying to find an upgrade for RH8.0 - any
other ideas?
-Carl
Attachment:
pgpCvM4PG2EmH.pgp
Description: PGP signature
|