Subject:
Deutschsprachige CAcert Support Liste
List archive
- From: Michael Weiller <michael AT weiller.eu>
- To: cacert-de AT lists.cacert.org
- Subject: Frage zum CaCert OpenVPN Server...
- Date: Tue, 22 Nov 2011 19:17:51 +0100
Hallo zusammen,
ich hätte mal eine Frage zum CaCert OpenVPN Server (
https://wiki.cacert.org/openVPN/CommunityTunnel)
der
Dominik George (
https://wiki.cacert.org/Community/HomePagesMembers/DominikGeorge?action="show&redirect=DominikGeorge)
für uns eingerichtet hat.
Ich hab als Betriebssystem Linux und hab nach der Wiki Anleitung
versucht den OpenVPN Server zu nutzen.
Leider bekomme ich immer einen TLS CERTIFICATE Fehler beim
Verifizieren des Zertifikats.
# openvpn --config /home/weillerm/CAcertOpenVPN.ovpn
Sun Nov 13 10:57:46 2011 OpenVPN 2.2.1 x86_64-unknown-linux-gnu
[SSL] [LZO2] [EPOLL] [eurephia] built on Aug 13 2011
Sun Nov 13 10:57:46 2011 WARNING: Make sure you understand the
semantics of --tls-remote before using it (see the man page).
Sun Nov 13 10:57:46 2011 NOTE: OpenVPN 2.1 requires
'--script-security 2' or higher to call user-defined scripts or
executables
Enter Private Key Password:
Sun Nov 13 10:57:51 2011 WARNING: this configuration may cache
passwords in memory -- use the auth-nocache option to prevent
this
Sun Nov 13 10:57:51 2011 WARNING: file
'/home/weillerm/Downloads/cacertweillereu-Cert.p12' is group or
others accessible
Sun Nov 13 10:57:51 2011 LZO compression initialized
Sun Nov 13 10:57:51 2011 Attempting to establish TCP connection
with 78.47.142.76:443 [nonblock]
Sun Nov 13 10:57:52 2011 TCP connection established with
78.47.142.76:443
Sun Nov 13 10:57:52 2011 TCPv4_CLIENT link local: [undef]
Sun Nov 13 10:57:52 2011 TCPv4_CLIENT link remote:
78.47.142.76:443
Sun Nov 13 10:57:55 2011 TLS_ERROR: BIO read tls_read_plaintext
error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Nov 13 10:57:55 2011 TLS Error: TLS object -> incoming
plaintext read error
Sun Nov 13 10:57:55 2011 TLS Error: TLS handshake failed
Sun Nov 13 10:57:55 2011 Fatal TLS error (check_tls_errors_co),
restarting
Sun Nov 13 10:57:55 2011 SIGUSR1[soft,tls-error] received,
process restarting
Sun Nov 13 10:58:00 2011 WARNING: Make sure you understand the
semantics of --tls-remote before using it (see the man page).
Sun Nov 13 10:58:00 2011 NOTE: OpenVPN 2.1 requires
'--script-security 2' or higher to call user-defined scripts or
executables
Sun Nov 13 10:58:00 2011 Re-using SSL/TLS context
Sun Nov 13 10:58:00 2011 LZO compression initialized
Sun Nov 13 10:58:00 2011 Attempting to establish TCP connection
with 78.47.142.76:443 [nonblock]
Sun Nov 13 10:58:01 2011 TCP connection established with
78.47.142.76:443
Sun Nov 13 10:58:01 2011 TCPv4_CLIENT link local: [undef]
Sun Nov 13 10:58:01 2011 TCPv4_CLIENT link remote:
78.47.142.76:443
Sun Nov 13 10:58:04 2011 TLS_ERROR: BIO read tls_read_plaintext
error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Nov 13 10:58:04 2011 TLS Error: TLS object -> incoming
plaintext read error
Sun Nov 13 10:58:04 2011 TLS Error: TLS handshake failed
Sun Nov 13 10:58:04 2011 Fatal TLS error (check_tls_errors_co),
restarting
Sun Nov 13 10:58:04 2011 SIGUSR1[soft,tls-error] received,
process restarting
Sun Nov 13 10:58:09 2011 WARNING: Make sure you understand the
semantics of --tls-remote before using it (see the man page).
Sun Nov 13 10:58:09 2011 NOTE: OpenVPN 2.1 requires
'--script-security 2' or higher to call user-defined scripts or
executables
Sun Nov 13 10:58:09 2011 Re-using SSL/TLS context
Sun Nov 13 10:58:09 2011 LZO compression initialized
Sun Nov 13 10:58:09 2011 Attempting to establish TCP connection
with 78.47.142.76:443 [nonblock]
Sun Nov 13 10:58:10 2011 TCP connection established with
78.47.142.76:443
Sun Nov 13 10:58:10 2011 TCPv4_CLIENT link local: [undef]
Sun Nov 13 10:58:10 2011 TCPv4_CLIENT link remote:
78.47.142.76:443
Sun Nov 13 10:58:13 2011 TLS_ERROR: BIO read tls_read_plaintext
error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Nov 13 10:58:13 2011 TLS Error: TLS object -> incoming
plaintext read error
Sun Nov 13 10:58:13 2011 TLS Error: TLS handshake failed
Sun Nov 13 10:58:13 2011 Fatal TLS error (check_tls_errors_co),
restarting
Sun Nov 13 10:58:13 2011 SIGUSR1[soft,tls-error] received,
process restarting
Sun Nov 13 10:58:18 2011 WARNING: Make sure you understand the
semantics of --tls-remote before using it (see the man page).
Sun Nov 13 10:58:18 2011 NOTE: OpenVPN 2.1 requires
'--script-security 2' or higher to call user-defined scripts or
executables
Sun Nov 13 10:58:18 2011 Re-using SSL/TLS context
Sun Nov 13 10:58:18 2011 LZO compression initialized
Sun Nov 13 10:58:18 2011 Attempting to establish TCP connection
with 78.47.142.76:443 [nonblock]
Sun Nov 13 10:58:19 2011 TCP connection established with
78.47.142.76:443
Sun Nov 13 10:58:19 2011 TCPv4_CLIENT link local: [undef]
Sun Nov 13 10:58:19 2011 TCPv4_CLIENT link remote:
78.47.142.76:443
Sun Nov 13 10:58:21 2011 TLS_ERROR: BIO read tls_read_plaintext
error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Nov 13 10:58:21 2011 TLS Error: TLS object -> incoming
plaintext read error
Sun Nov 13 10:58:21 2011 TLS Error: TLS handshake failed
Sun Nov 13 10:58:21 2011 Fatal TLS error (check_tls_errors_co),
restarting
Sun Nov 13 10:58:21 2011 SIGUSR1[soft,tls-error] received,
process restarting
Sun Nov 13 10:58:26 2011 WARNING: Make sure you understand the
semantics of --tls-remote before using it (see the man page).
Sun Nov 13 10:58:26 2011 NOTE: OpenVPN 2.1 requires
'--script-security 2' or higher to call user-defined scripts or
executables
Sun Nov 13 10:58:26 2011 Re-using SSL/TLS context
Sun Nov 13 10:58:26 2011 LZO compression initialized
Sun Nov 13 10:58:26 2011 Attempting to establish TCP connection
with 78.47.142.76:443 [nonblock]
Sun Nov 13 10:58:27 2011 TCP connection established with
78.47.142.76:443
Sun Nov 13 10:58:27 2011 TCPv4_CLIENT link local: [undef]
Sun Nov 13 10:58:27 2011 TCPv4_CLIENT link remote:
78.47.142.76:443
Sun Nov 13 10:58:30 2011 TLS_ERROR: BIO read tls_read_plaintext
error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Nov 13 10:58:30 2011 TLS Error: TLS object -> incoming
plaintext read error
Sun Nov 13 10:58:30 2011 TLS Error: TLS handshake failed
Sun Nov 13 10:58:30 2011 Fatal TLS error (check_tls_errors_co),
restarting
Sun Nov 13 10:58:30 2011 SIGUSR1[soft,tls-error] received,
process restarting
Sun Nov 13 10:58:31 2011 SIGINT[hard,init_instance] received,
process exiting
Meine verwendete Konfig:
$ cat CAcertOpenVPN.ovpn
dev tap
client
remote community-vpn.cacert.org 443
resolv-retry infinite
nobind
proto tcp-client
persist-key
persist-tun
comp-lzo
pkcs12 /home/weillerm/Downloads/cacertweillereu-Cert.p12 #
This is the file exported from Firefox after generating your
client certificate
tls-remote "/CN=community-vpn.cacert.org"
Wäre super, wenn mir jemand einen Tip dazu geben könnte.
Gruß
Michael
|
Attachment:
smime.p7s
Description: S/MIME Kryptografische Unterschrift
- Frage zum CaCert OpenVPN Server..., Michael Weiller, 11/22/2011
Archive powered by MHonArc 2.6.16.
