|
|
1. I have received this message in an openvpn client when a. the openvpn server is down; b. there is no internet connection either in the server or the client; c. the bandwidth of the connection has dropped (maybe someone is downloading music???).
2. Yes, you just have to run the var script ($. ./var). The .pem file is created just once.
3. I don't understand what you're trying to say!!! sorry...
Hope it helps
Marco
On 7/31/07, Bonno Bloksma <b.bloksma@xxxxxx> wrote:
Hi,
Maybe I wans't cleas as to what I wanto to know as I haven't received any
answer. If someone knows the answer to any one of the questions... please
answer
1)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS key negotiation failed
to occur within 60 seconds (check your network connectivity)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS handshake failed
Is this indeed a network error or is something else going on?
2)
Can I simply create extra client certificates using:
. vars
./build-key client-next1
./build-key client-next2
./build-key client-next3
etc.
Ready?
Do I need to do anything with the dh1024.pem file?
Or any of the other *.pem files?
3)
Can I use the same CN for the "ein" site as before making use the previous
certificate is never used?
I control ALL *.key and *.crt files, nothing is at a place where I cannot
access it. I can simply delete all instances of the old ein.* files.
Bonno Bloksma
----------<original mail>-----------------------
A while ago I created several certificates with easy-rsa. At the time I even
created two server certificates when I thought I was going to create a
network with redundant hubs. The second hub (ein) was never launched but I
have a problem getting that site up in the air as a client.
>From the log:
----------<quote>--------------------
.....
Jul 26 15:17:55 linein openvpn[3506]: VERIFY OK: depth=0,
/C=NL/ST=NB/O=OpenVPN-TIO/CN=lola/emailAddress=
postmaster@xxxxxx
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS key negotiation failed
to occur within 60 seconds (check your network connectivity)
Jul 26 15:18:55 linein openvpn[3506]: TLS Error: TLS handshake failed
Jul 26 15:18:55 linein openvpn[3506]: TCP/UDP: Closing socket
Jul 26 15:18:55 linein openvpn[3506]: SIGUSR1[soft,tls-error] received,
process restarting
.....
----------<quote>--------------------
Is this indeed a network error or is something else going on?
Also, I need a few extra certificates for some new sites.
The HOWTO is great for first time use but it could need a little extra info
which commands to use when needing extra certificates.
According to the HOWTO I first need to create the server(s) certificate,
then the clients. After that I need to create a Diffie Hellman file.
Can I simply create extra client certificates using:
. vars
./build-key client-next1
./build-key client-next2
./build-key client-next3
etc.
Ready?
Do I need to do anything with the dh1024.pem file?
Or any of the other *.pem files?
Can I use the same CN for the "ein" site as before making use the previous
certificate is never used?
I control ALL *.key and *.crt files, nothing is at a place where I cannot
access it. I can simply delete all instances of the old ein.* files.
What are the xx.pem files for?
Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer
tio hogeschool hotelmanagement en toerisme
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
b.bloksma@xxxxxx / www.tio.nl
--------------------------------------------------------------------------------
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>
http://get.splunk.com/
--------------------------------------------------------------------------------
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|