[Openvpn-users] Linux clients connect OK but not Mac or Windows

Tue, 11 Jun 2013 11:27:48 -0700 

Hi, OpenVPNers.

I have a basic OpenVPN server set up using these instructions:
https://www.digitalocean.com/community/articles/how-to-setup-and-configure-an-openvpn-server-on-centos-6

Everything works great when I connect from my Linux workstation (can
connect and talk on internal net) but if I try using a Mac or Windows
client (which others in the office will be using) I only see errors and
don't get connected.

In Mac, the output is:

> 2013-06-06 15:33:39 *Tunnelblick: OS X 10.6.8; Tunnelblick 3.2.9 (build
> 2891.3328)
> 2013-06-06 15:33:39 *Tunnelblick: Attempting connection with client; Set
> nameserver = 1; monitoring connection
> 2013-06-06 15:33:39 *Tunnelblick:
> /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start
> client.ovpn 1337 1 0 0 0 49 -atDASNGWrdasngw
> 2013-06-06 15:33:39 *Tunnelblick: openvpnstart status #242: Error: OpenVPN
> returned with status 1. Possible error in configuration file. See "All
> Messages" in Console for details
> 2013-06-06 15:33:39 *Tunnelblick: openvpnstart:
> /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn
> --cd /Users/username/Library/Application Support/Tunnelblick/Configurations
> --daemon --management 127.0.0.1 1337 --config
> /Users/username/Library/Application
> Support/Tunnelblick/Configurations/client.ovpn --log /Library/Application
> Support/Tunnelblick/Logs/-SUsers-Susername-SLibrary-SApplication
> Support-STunnelblick-SConfigurations-Sclient.ovpn.1_0_0_0_49.1337.openvpn.log
> --management-query-passwords --management-hold --script-security 2 --up
> /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m
> -w -d -atDASNGWrdasngw --down
> /Applications/Tunnelblick.app/Contents/Resources/
> client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart


Tunnelblick says to check the Mac OS activity 'Console' for more
information but all that's there is one entry, "13-06-06 4:22:06 PM
Tunnelblick[623] Secured configuration file
/Users/perrylo/Library/Application
Support/Tunnelblick/Configurations/new.ovpn"


With Windows clients, the output is (IPand names changed for security):

> Fri May 31 10:44:50 2013 SIGUSR1[soft,tls-error] received, process
> restarting
> Fri May 31 10:44:50 2013 Restart pause, 2 second(s)
> Fri May 31 10:44:52 2013 IMPORTANT: OpenVPN's default port number is now
> 1194, based on an official port number assignment by IANA.  OpenVPN
> 2.0-beta16 and earlier used 5000 as the default port.
> Fri May 31 10:44:52 2013 WARNING: No server certificate verification
> method has been enabled.  See http://openvpn.net/howto.html#mitm for more
> info.
> Fri May 31 10:44:52 2013 Re-using SSL/TLS context
> Fri May 31 10:44:52 2013 LZO compression initialized
> Fri May 31 10:44:52 2013 Control Channel MTU parms [ L:1542 D:138 EF:38
> EB:0 ET:0 EL:0 ]
> Fri May 31 10:44:52 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42
> EB:135 ET:0 EL:0 AF:3/1 ]
> Fri May 31 10:44:52 2013 Local Options hash (VER=V4): '41690919'
> Fri May 31 10:44:52 2013 Expected Remote Options hash (VER=V4): '530fdded'
> Fri May 31 10:44:52 2013 UDPv4 link local: [undef]
> Fri May 31 10:44:52 2013 UDPv4 link remote: 123.123.123.123:1194
> Fri May 31 10:44:52 2013 TLS: Initial packet from 123.123.123.123:1194,
> sid=27b56883 d3f9a06e
> Fri May 31 10:44:52 2013 VERIFY ERROR: depth=1, error=certificate
> signature failure:
> /C=CA/ST=BC/L=Vancouver/O=MyCompany/OU=Technology/CN=mycompany_CA/name=clientname/emailAddress=
> syst...@example.com
> Fri May 31 10:44:52 2013 TLS_ERROR: BIO read tls_read_plaintext error:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> Fri May 31 10:44:52 2013 TLS Error: TLS object -> incoming plaintext read
> error
> Fri May 31 10:44:52 2013 TLS Error: TLS handshake failed
> Fri May 31 10:44:52 2013 TCP/UDP: Closing socket


The client config file (same on all client platforms I'm using. The
instructions I'm using say to do that):

> client
> dev tun
> proto udp
> remote x.x.x.x 1194
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> comp-lzo
> verb 3
> <ca>
> Contents of ca.crt
> </ca>
> <cert>
> Contents of client.crt
> </cert>
> <key>
> Contents of client.key
> </key>


openvpn --version output:

OpenVPN 2.3.1 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL]
> [eurephia] [MH] [IPv6] built on May 6 2013



The certificate errors normally indicate a problem with certificates, of
course (at least that's the implication and what I've seen from my
googling), but when I use the same config, cert, and key files on my Linux
laptop, they work fine.


Can anyone push me in the right direction on this one? Thanks so much for
your help!


Mike

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to