[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

RE: [Openvpn-users] error in tls handshake

Subject: RE: [Openvpn-users] error in tls handshake
From: "Van Hoorenbeeck, Peter (RST/Hammerstone EMEA)" <peter.van-hoorenbeeck@xxxxxx>
Date: Fri, 2 Jul 2004 09:15:50 +0200

Hello Suela,

Did you check the system date?  I read Jan 2 2000?  If the certificate
is generated to be valid somewhere this year, your handshake will fail.

The error also states error=certificate is not _yet_ valid.

Correct me if I am wrong guys.

Regards,
Peter Van Hoorenbeeck

> -----Original Message-----
> From: openvpn-users-admin@xxxxxxxxxxxxxxxxxxxxx [mailto:openvpn-users-
> admin@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of suela
> Sent: donderdag 1 juli 2004 16:12
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Subject: [Openvpn-users] error in tls handshake
> 
> Hi!
> 
> I'm trying to setup a tunnel with openvpn-2.0_beta7 between a laptop
and
> a wrt54g ap with openwrt.
> 
> Between the two machines there is nothing, just a wireless net. Server
> ip is 192.168.1.1 and client ip 192.168.1.253.
> 
> Using the sample config file for multi-client udp server with the
sample
> keys i got the next error in the server side:
> 
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Re-using SSL/TLS
context
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Control Channel MTU
parms
> [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Data Channel MTU parms
[
> L:1541 D:1450 EF:41 EB:0 ET:0 EL:0 ]
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Local Options String:
> 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher
BF-CBC,auth
> SHA1,keysize 128,key-method 2,tls-server'
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Expected Remote
Options
> String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher
BF-
> CBC,auth SHA1,keysize 128,key-method 2,tls-client'
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Local Options hash
> (VER=V4): '239669a8'
> Sun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 Expected Remote
Options
> hash (VER=V4): '3514370b'
> RSun Jan  2 21:22:43 2000 [0] 192.168.1.253:5001 TLS: Initial packet
from
> 192.168.1.253:5001, sid=8eefa60f e0b91f12
>
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRW
RW
> RWRWRWRSun Jan  2 21:22:58 2000 [0] 192.168.1.253:5001 VERIFY ERROR:
> depth=1, error=certificate is not yet valid: /C=US/ST=CO
> /L=Denver/O=NTLP/CN=Test-CA/emailAddress=jim@xxxxxxxx
> Sun Jan  2 21:22:58 2000 [0] 192.168.1.253:5001 TLS_ERROR: BIO read
> tls_read_plaintext error: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> Sun Jan  2 21:22:58 2000 [0] 192.168.1.253:5001 TLS Error: TLS object
->
> incoming plaintext read error
> Sun Jan  2 21:22:58 2000 [0] 192.168.1.253:5001 TLS Error: TLS
handshake
> failed
> RSun Jan  2 21:23:01 2000 [0] 192.168.1.253:5001 TLS Error: Unroutable
> control packet received from 192.168.1.253:5001 (si=3 op=P_CONTROL_V1)
> RSun Jan  2 21:23:10 2000 [0] 192.168.1.253:5001 TLS Error: Unroutable
> control packet received from 192.168.1.253:5001 (si=3 op=P_CONTROL_V1)
> 
> And this one in the client side:
> 
> Thu Jul  1 15:50:48 2004 Control Channel MTU parms [ L:1541 D:138
EF:38
> EB:0 ET:0 EL:0 ]
> Thu Jul  1 15:50:48 2004 Data Channel MTU parms [ L:1541 D:1450 EF:41
EB:0
> ET:0 EL:0 ]
> Thu Jul  1 15:50:48 2004 Local Options String: 'V4,dev-type
tun,link-mtu
> 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-
> method 2,tls-client'
> Thu Jul  1 15:50:48 2004 Expected Remote Options String: 'V4,dev-type
> tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth
SHA1,keysize
> 128,key-method 2,tls-server'
> Thu Jul  1 15:50:48 2004 Local Options hash (VER=V4): '3514370b'
> Thu Jul  1 15:50:48 2004 Expected Remote Options hash (VER=V4):
'239669a8'
> Thu Jul  1 15:50:48 2004 Socket Buffers: R=[65535->131070] S=[65535-
> >131070]
> Thu Jul  1 15:50:48 2004 UDPv4 link local (bound): [undef]:5001
> Thu Jul  1 15:50:48 2004 UDPv4 link remote: 192.168.1.1:5001
> WRThu Jul  1 15:50:48 2004 TLS: Initial packet from 192.168.1.1:5001,
> sid=3433556d 408f795a
> WWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRThu Jul  1 15:50:48 2004 VERIFY OK:
> depth=1,
/C=US/ST=CO/L=Denver/O=NTLP/CN=Test-CA/emailAddress=jim@xxxxxxxx
> Thu Jul  1 15:50:48 2004 VERIFY OK: depth=0,
/C=US/ST=CO/O=NTLP/CN=Test-
> Server/emailAddress=jim@xxxxxxxx
> WRWRWRWRWRWWWWRWRWRRRWRWWWWRWRWRRRWRWWWWRWRWRRRWWWThu Jul  1 15:51:21
2004
> event_wait : Interrupted system call (code=4)
> 
> What's wrong?
> 
> Thanks,
> 
> 	Suela.

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- RE: [Openvpn-users] error in tls handshake
  - From: suela

Prev by Date: Re: [Openvpn-users] VPN thru VPN
Next by Date: Re: [Openvpn-users] Urgent: Limitation to 100 virtual tunnel devices??
Previous by thread: [Openvpn-users] error in tls handshake
Next by thread: RE: [Openvpn-users] error in tls handshake
Index(es):
- Date
- Thread