openvpn script pro generovani certifikatu
Jaroslav Votruba
jaroslav.votruba at keytec.cz
Wed Jan 2 11:13:23 CET 2008
hraju si openvpn (po vanocni pauze) a koncim na certifikatech. Nakopcil
jsem vsechna soubory
cp /usr/local/share/doc/openvpn/easy-rsa/2.0/* /usr/local/etc/openvpn/
prolinkoval jsem bash
ln -s /usr/local/bin/bash /bin/bash
upravil .vars a nasledujici krok ma byt
source ./vars
nicmene vysledek je
test63# source ./vars
export: Command not found.
EASY_RSA: Undefined variable.
co je spatne?
nasel jsem i jinej navod kterej to resi primo generovanim certifikatu
pomoci openssl
http://www.pronix.de/pronix-943.html
podle navodu vse probehlo v poradku
nicmene na rozdil od nej mi klient zarve
Wed Jan 02 09:53:56 2008 Local Options hash (VER=V4): 'c6c7c21a'
Wed Jan 02 09:53:56 2008 Expected Remote Options hash (VER=V4): '1a6d5c5d'
Wed Jan 02 09:53:56 2008 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Jan 02 09:53:56 2008 UDPv4 link local: [undef]
Wed Jan 02 09:53:56 2008 UDPv4 link remote: 192.168.0.5:1194
Wed Jan 02 09:53:56 2008 TLS: Initial packet from 192.168.0.5:1194,
sid=77e67061 94529b31
Wed Jan 02 09:53:57 2008 VERIFY ERROR: depth=0, error=self signed
certificate:
/C=Cz/ST=Czech_rep./L=Ceske_Budejovice/O=Test/OU=Prace/CN=VPN/emailAddress=spravce at testmasina.cz
Wed Jan 02 09:53:57 2008 TLS_ERROR: BIO read tls_read_plaintext error:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
Wed Jan 02 09:53:57 2008 TLS Error: TLS object -> incoming plaintext
read error
Wed Jan 02 09:53:57 2008 TLS Error: TLS handshake failed
Wed Jan 02 09:53:57 2008 TCP/UDP: Closing socket
Wed Jan 02 09:53:57 2008 SIGUSR1[soft,tls-error] received, process
restarting
Wed Jan 02 09:53:57 2008 Restart pause, 2 second(s)
Wed Jan 02 09:53:59 2008 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Wed Jan 02 09:53:59 2008 Re-using SSL/TLS context
Wed Jan 02 09:53:59 2008 LZO compression initialized
Wed Jan 02 09:53:59 2008 Control Channel MTU parms [ L:1590 D:138 EF:38
EB:0 ET:0 EL:0 ]
Wed Jan 02 09:53:59 2008 Data Channel MTU parms [ L:1590 D:1450 EF:58
EB:135 ET:32 EL:0 AF:3/1 ]
ten warning by se mel odstranit podle dokumentace pridanim volby
ns-cert-type server do konfigu klienta
ma nekdo nejaky funkcni navod ,jak vygenerovat certifikaty pod freebds,
pripadne co mi kde unika a jak to napravit
More information about the Users-l
mailing list