openvpn script pro generovani certifikatu

Jaroslav Votruba jaroslav.votruba at keytec.cz
Wed Jan 2 11:13:23 CET 2008


hraju si openvpn (po vanocni pauze) a koncim na certifikatech. Nakopcil 
jsem vsechna soubory
cp /usr/local/share/doc/openvpn/easy-rsa/2.0/* /usr/local/etc/openvpn/
prolinkoval jsem bash

ln -s /usr/local/bin/bash /bin/bash


upravil .vars a nasledujici krok ma byt
source ./vars
 nicmene vysledek je

test63# source ./vars
export: Command not found.
EASY_RSA: Undefined variable.

co je spatne?


nasel jsem i jinej navod kterej to resi primo generovanim certifikatu 
pomoci openssl
http://www.pronix.de/pronix-943.html


podle navodu vse probehlo v poradku
nicmene na rozdil od nej mi klient zarve

Wed Jan 02 09:53:56 2008 Local Options hash (VER=V4): 'c6c7c21a'
Wed Jan 02 09:53:56 2008 Expected Remote Options hash (VER=V4): '1a6d5c5d'
Wed Jan 02 09:53:56 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jan 02 09:53:56 2008 UDPv4 link local: [undef]
Wed Jan 02 09:53:56 2008 UDPv4 link remote: 192.168.0.5:1194
Wed Jan 02 09:53:56 2008 TLS: Initial packet from 192.168.0.5:1194, 
sid=77e67061 94529b31
Wed Jan 02 09:53:57 2008 VERIFY ERROR: depth=0, error=self signed 
certificate: 
/C=Cz/ST=Czech_rep./L=Ceske_Budejovice/O=Test/OU=Prace/CN=VPN/emailAddress=spravce at testmasina.cz
Wed Jan 02 09:53:57 2008 TLS_ERROR: BIO read tls_read_plaintext error: 
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate 
verify failed
Wed Jan 02 09:53:57 2008 TLS Error: TLS object -> incoming plaintext 
read error
Wed Jan 02 09:53:57 2008 TLS Error: TLS handshake failed
Wed Jan 02 09:53:57 2008 TCP/UDP: Closing socket
Wed Jan 02 09:53:57 2008 SIGUSR1[soft,tls-error] received, process 
restarting
Wed Jan 02 09:53:57 2008 Restart pause, 2 second(s)
Wed Jan 02 09:53:59 2008 WARNING: No server certificate verification 
method has been enabled.  See http://openvpn.net/howto.html#mitm for 
more info.
Wed Jan 02 09:53:59 2008 Re-using SSL/TLS context
Wed Jan 02 09:53:59 2008 LZO compression initialized
Wed Jan 02 09:53:59 2008 Control Channel MTU parms [ L:1590 D:138 EF:38 
EB:0 ET:0 EL:0 ]
Wed Jan 02 09:53:59 2008 Data Channel MTU parms [ L:1590 D:1450 EF:58 
EB:135 ET:32 EL:0 AF:3/1 ]

ten warning by se mel odstranit podle dokumentace pridanim volby
ns-cert-type server do konfigu klienta

ma nekdo nejaky funkcni navod ,jak vygenerovat certifikaty pod freebds, 
pripadne co mi kde unika a jak to napravit


More information about the Users-l mailing list