Hi,
On Fri, Apr 17, 2015 at 11:22:12AM -0400, Chris Ross wrote:
> At this point, I now at least know what OpenSSL and crypto libraries my
> openvpn binary is linked against and can speak more correctly about them.
Just for the record - we added code in 2.3.4 or so which will actually
tell you
> On Apr 17, 2015, at 11:31, Jan Just Keijser wrote:
> this is indeed an entirely different error; I'd suggest to generate your
> certificates using the easy-rsa scripts; most likely what you're missing is
> the X509v3 purpose flag - you can verify this using
> openssl x509 -text -noout -in cl
Tunnelblick 3.5.0 is statically linked with OpenSSL 1.0.1m and LZO 2.08, as
can be seen in the OpenVPN log message:
OpenVPN 2.3.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH]
[IPv6] built on Apr 15 2015
library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08
On Fri, Apr 17,
On 17/04/15 17:22, Chris Ross wrote:
>> On Apr 17, 2015, at 07:49, Jan Just Keijser wrote:
>> I don't know - it's not really a TLS cipher that you want, but a TLSv1
>> connection - the nomenclature is overloaded, however.
>> It does look like a bug in your local openssl lib, as openvpn 2.3.6 work
> On Apr 17, 2015, at 07:49, Jan Just Keijser wrote:
> I don't know - it's not really a TLS cipher that you want, but a TLSv1
> connection - the nomenclature is overloaded, however.
> It does look like a bug in your local openssl lib, as openvpn 2.3.6 works
> fine with TLSv1 on CentOS 5, which
Hi,
On Fri, Apr 17, 2015 at 03:49:02PM +0100, debbie...@gmail.com wrote:
> Just tested .. you are correct the quotes are not required ..
> 15:44:56 $ openssl version
> OpenSSL 1.0.2a 19 Mar 2015
>
> Openvpn config directive --tls-version-min 1.2
If passed on the command line, OpenVPN will never
- Original Message -
From: "Chris Ross"
To:
Cc:
Sent: Friday, April 17, 2015 3:34 PM
Subject: Re: [Openvpn-users] Unable to establish VPN
>> On Apr 17, 2015, at 09:22, debbie...@gmail.com wrote:
>> Hi Chris
>>
>> supported). Examples for ver
> On Apr 17, 2015, at 09:22, debbie...@gmail.com wrote:
> Hi Chris
>
> sorry to but in .. I just want to clear this up:
Oh, no problem. Happy to get any sort of feedback….
>> Using “1.0" parses, but doesn’t fix the problem. Same results. Trying
>> 1.1 or 1.2 produce the same "unknown tls
Hi Chris
sorry to but in .. I just want to clear this up:
- Original Message -
From: "Jan Just Keijser"
To: "Chris Ross"
Cc:
Sent: Friday, April 17, 2015 12:49 PM
Subject: Re: [Openvpn-users] Unable to establish VPN
Hi,
On 16/04/15 17:08, Chris Ross wrote:
&g
Hi,
On 16/04/15 17:08, Chris Ross wrote:
>> On Apr 16, 2015, at 10:44, Jan Just Keijser wrote:
>> this is important info - openssl 0.9.9. is fairly old, but still supported
>> by OpenVPN; however, it seems that the default cipher chosen by your openssl
>> lib is an SSLv2 one.
>Great info!
> On Apr 16, 2015, at 10:44, Jan Just Keijser wrote:
> this is important info - openssl 0.9.9. is fairly old, but still supported by
> OpenVPN; however, it seems that the default cipher chosen by your openssl lib
> is an SSLv2 one.
Great info! Thanks again much for all of your help…
> Can
Hi Chris,
On 16/04/15 16:12, Chris Ross wrote:
>> On Apr 16, 2015, at 10:04, Chris Ross wrote:
>>> On Apr 16, 2015, at 09:51, Chris Ross wrote:
On Apr 16, 2015, at 03:01, Jan Just Keijser wrote:
One thing you could try is to run the underlying openssl command on both
client and
> On Apr 16, 2015, at 10:04, Chris Ross wrote:
>> On Apr 16, 2015, at 09:51, Chris Ross wrote:
>>> On Apr 16, 2015, at 03:01, Jan Just Keijser wrote:
>>> One thing you could try is to run the underlying openssl command on both
>>> client and server:
>>> server:
>>> openssl s_server -msg -CAfi
> On Apr 16, 2015, at 09:51, Chris Ross wrote:
>> On Apr 16, 2015, at 03:01, Jan Just Keijser wrote:
>> if no list of TLS ciphers is specified then the client will attempt the full
>> list of ciphers that you see with "--with-tls" ; with OpenSSL it is actually
>> quite hard to tell which ciphe
> On Apr 16, 2015, at 03:01, Jan Just Keijser wrote:
> if no list of TLS ciphers is specified then the client will attempt the full
> list of ciphers that you see with "--with-tls" ; with OpenSSL it is actually
> quite hard to tell which ciphers it is trying and in which order. I'm saying
> Op
On 16/04/15 08:40, Chris Ross wrote:
> On Apr 15, 2015, at 12:35 , Jan Just Keijser wrote:
>> the cipher list looks OK; I've just tried in my setup and it's definitely
>> the TLS cipher, not the "cipher" option - that would lead to a different
>> error message.
>So, it looks like the availab
On Apr 15, 2015, at 12:35 , Jan Just Keijser wrote:
> the cipher list looks OK; I've just tried in my setup and it's definitely the
> TLS cipher, not the "cipher" option - that would lead to a different error
> message.
So, it looks like the available TLS ciphers are okay between my client a
Hi Chris,
On 15/04/15 20:01, Chris Ross wrote:
>> the cipher list looks OK; I've just tried in my setup and it's definitely
>> the TLS cipher, not the "cipher" option - that would lead to a different
>> error message.
>>
>> something just popped up in my mind: what kind of certificates are you
> the cipher list looks OK; I've just tried in my setup and it's definitely the
> TLS cipher, not the "cipher" option - that would lead to a different error
> message.
>
> something just popped up in my mind: what kind of certificates are you using?
> if you're using ECDSA based certificates an
On Apr 15, 2015 9:11 PM, "Jan Just Keijser" wrote:
> Hi,
>
> On 15/04/15 17:52, Chris Ross wrote:
> > [...]
> > openvpn --show-tls
> >
> > as this is the control channel auth that is failing - that channel uses
> a different cipher method.
> > Both of those outputs look “okay”, but I’m not su
Hi,
On 15/04/15 17:52, Chris Ross wrote:
> [...]
> openvpn --show-tls
>
> as this is the control channel auth that is failing - that channel uses a
> different cipher method.
> Both of those outputs look “okay”, but I’m not sure what I should be
> looking for. I can attach the output of sho
> On Apr 15, 2015, at 11:15, Jan Just Keijser wrote:
> On 15/04/15 17:03, Jonathan K. Bullard wrote:
>> Probably nothing to do with your problem, but because Tunnelblick's copies
>> of OpenVPN are statically linked with their own copy of the OpenSSL
>> libraries, to get the ciphers you must use
Hi,
On 15/04/15 17:03, Jonathan K. Bullard wrote:
Probably nothing to do with your problem, but because Tunnelblick's
copies of OpenVPN are statically linked with their own copy of the
OpenSSL libraries, to get the ciphers you must use a command like:
$ cd
/Applications/Tunnelblick.app/Cont
Probably nothing to do with your problem, but because Tunnelblick's copies
of OpenVPN are statically linked with their own copy of the OpenSSL
libraries, to get the ciphers you must use a command like:
$ cd /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6
$ ./openvpn --show-
> On Apr 15, 2015, at 09:34, Jan Just Keijser wrote:
> it's the line
> SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
>
> which is "interesting" here: make sure you use the same set of tls-ciphers on
> both ends. What's in your server and client config ? If nothing is specified
> then it
Hi Chris,
On 15/04/15 15:18, Chris Ross wrote:
>I’m experienced with UNIX/BSD networking, but this is my first effort with
> OpenVPN. I’ve got openvpn 2.3.6 running on a NetBSD router, and ran through
> a by-hand version of the steps in easy-rsa to generate server and client
> certificates
I’m experienced with UNIX/BSD networking, but this is my first effort with
OpenVPN. I’ve got openvpn 2.3.6 running on a NetBSD router, and ran through a
by-hand version of the steps in easy-rsa to generate server and client
certificates. I have a Mac OS X client running Tunnelblick which ha
27 matches
Mail list logo
