openvpn client + windows7 verzweifelung

nort

also ich habe es hinbekommen den open vpn client im windows xp hinzubekommen mit diese konfig :

client
dev tap
;dev-node MyTap
;proto tcp
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca cacert.pem
auth-user-pass
;ns-cert-type server
;tls-auth ta.key 1
;cipher x
comp-lzo
verb 3
;mute 20

aber unter windoof7 funzt das nicht kommt immer fehlermeldung

Wed Oct 06 16:03:56 2010 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Wed Oct 06 16:04:07 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 06 16:04:07 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 06 16:04:09 2010 LZO compression initialized
Wed Oct 06 16:04:09 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Oct 06 16:04:09 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Oct 06 16:04:09 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Oct 06 16:04:09 2010 Local Options hash (VER=V4): 'd79ca330'
Wed Oct 06 16:04:09 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Oct 06 16:04:09 2010 UDPv4 link local: [undef]
Wed Oct 06 16:04:09 2010 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Wed Oct 06 16:04:09 2010 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=740db08f 85ab6269
Wed Oct 06 16:04:09 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 06 16:04:10 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IT/O=efw/CN=efw_CA
Wed Oct 06 16:04:10 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Oct 06 16:04:10 2010 TLS Error: TLS object -> incoming plaintext read error
Wed Oct 06 16:04:10 2010 TLS Error: TLS handshake failed
Wed Oct 06 16:04:10 2010 TCP/UDP: Closing socket
Wed Oct 06 16:04:10 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Oct 06 16:04:10 2010 Restart pause, 2 second(s)
Wed Oct 06 16:04:12 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 06 16:04:12 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 06 16:04:12 2010 Re-using SSL/TLS context
Wed Oct 06 16:04:12 2010 LZO compression initialized
Wed Oct 06 16:04:12 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Oct 06 16:04:12 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Oct 06 16:04:24 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 06 16:04:24 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 06 16:04:24 2010 Re-using SSL/TLS context
Wed Oct 06 16:04:28 2010 TCP/UDP: Closing socket
Wed Oct 06 16:04:28 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Oct 06 16:04:28 2010 Restart pause, 2 second(s)

was mache ich falsch wie gesagt unter windows xp funzt es unter windwos7 kommt die fehlermeldung als client habe ich openvpn 2.1.3 genutzt und
mit dem securepoint vpn client habe ich es auch probiert.
securepoint client config :

client
comp-lzo
float
nobind
persist-key
persist-tun
auth-user-pass
dev tap
remote xxx.xxx.xxx.xxx 1194
proto udp
ca "efw1.pem"
cert "efw1.pem"
key "efw1.pem"
ns-cert-type server
mssfix
route-method exe
verb 3
route-delay 2
remote-random
resolv-retry infinite

gruß Alex

ffischer

Hallo,

meine Config unter Win7

client
dev tap

remote 95.91.97.999

port 443
proto tcp-client

ca gateway.cer
nobind

comp-lzo
persist-key
persist-tun
verb 3
auth-user-pass

und das funktioniert perfekt.
das exp. Zertifikat ist das richtige?

Log File meiner Verb.

Code

Thu Oct 07 07:05:30 2010 OpenVPN 2.1_rc21 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 12 2009
Thu Oct 07 07:05:36 2010 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Oct 07 07:05:36 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Oct 07 07:05:37 2010 LZO compression initialized
Thu Oct 07 07:05:37 2010 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Oct 07 07:05:37 2010 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Oct 07 07:05:37 2010 Local Options hash (VER=V4): '31fdf004'
Thu Oct 07 07:05:37 2010 Expected Remote Options hash (VER=V4): '3e6d1056'
Thu Oct 07 07:05:37 2010 Attempting to establish TCP connection with 91.55.55.55
Thu Oct 07 07:05:37 2010 TCP connection established with 91.55.55.55
Thu Oct 07 07:05:37 2010 Send to HTTP proxy: 'CONNECT 95.91.58.189:443 HTTP/1.0'
Thu Oct 07 07:05:38 2010 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Thu Oct 07 07:05:40 2010 Socket Buffers: R=[8192->8192] S=[64512->64512]
Thu Oct 07 07:05:40 2010 TCPv4_CLIENT link local: [undef]
Thu Oct 07 07:05:40 2010 TCPv4_CLIENT link remote: 91.55.55.55
Thu Oct 07 07:05:40 2010 TLS: Initial packet from 91.55.55.55, sid=8ff1d741 807c982f
Thu Oct 07 07:05:40 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Oct 07 07:05:41 2010 VERIFY OK: depth=1, /C=IT/O=efw/CN=efw_CA
Thu Oct 07 07:05:41 2010 VERIFY OK: depth=0, /C=IT/O=efw/CN=127.0.0.1
Thu Oct 07 07:05:42 2010 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 07 07:05:42 2010 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 07 07:05:42 2010 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Oct 07 07:05:42 2010 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Oct 07 07:05:42 2010 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Oct 07 07:05:42 2010 [127.0.0.1] Peer Connection Initiated with 91.55.55.55
Thu Oct 07 07:05:44 2010 SENT CONTROL [127.0.0.1]: 'PUSH_REQUEST' (status=1)
Thu Oct 07 07:05:44 2010 PUSH: Received control message: 'PUSH_REPLY,ifconfig 192.168.99.210 255.255.255.0,ping-restart 30,ping 8,route-gateway 192.168.99.1,route-gateway 192.168.99.1'
Thu Oct 07 07:05:44 2010 OPTIONS IMPORT: timers and/or timeouts modified
Thu Oct 07 07:05:44 2010 OPTIONS IMPORT: --ifconfig/up options modified
Thu Oct 07 07:05:44 2010 OPTIONS IMPORT: route-related options modified
Thu Oct 07 07:05:44 2010 TAP-WIN32 device [LAN-Verbindung 2] opened: \\.\Global\{38B88D31-EE6A-46A1-8E14-1CB59F6F54FC}.tap
Thu Oct 07 07:05:44 2010 TAP-Win32 Driver Version 9.6 
Thu Oct 07 07:05:44 2010 TAP-Win32 MTU=1500
Thu Oct 07 07:05:44 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.299.210/255.255.255.0 on interface {38B88D31-EE6A-46A1-8E14-1CB59F6F54FC} [DHCP-serv: 192.168.200.0, lease-time: 31536000]
Thu Oct 07 07:05:44 2010 NOTE: FlushIpNetTable failed on interface [14] {38B88D31-EE6A-46A1-8E14-1CB59F6F54FC} (status=5) : Zugriff verweigert  
Thu Oct 07 07:05:50 2010 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Thu Oct 07 07:05:50 2010 Initialization Sequence Completed

Alles anzeigen

nort

Hallo,

ich habe es mal mit deiner config probiert aber wieder das selbe unter windows xp geht es under win7 gehts nicht.
entweder bin ich oder windows7 zu doof

efw ist eine 2.2 community

config:

client
dev tap
remote xxxxxxxxx.dyndns.org
port 1194
proto udp
ca cacert.pem
nobind
comp-lzo
persist-key
persist-tun
verb 3
auth-user-pass

fehlermeldung:

Wed Oct 13 13:36:39 2010 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Wed Oct 13 13:36:51 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 13 13:36:51 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 13 13:36:52 2010 LZO compression initialized
Wed Oct 13 13:36:52 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Oct 13 13:36:52 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Oct 13 13:36:53 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Oct 13 13:36:53 2010 Local Options hash (VER=V4): 'd79ca330'
Wed Oct 13 13:36:53 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Oct 13 13:36:53 2010 UDPv4 link local: [undef]
Wed Oct 13 13:36:53 2010 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Wed Oct 13 13:36:53 2010 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=bdb936dc d0b4db43
Wed Oct 13 13:36:53 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 13 13:36:53 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IT/O=efw/CN=efw_CA
Wed Oct 13 13:36:53 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Oct 13 13:36:53 2010 TLS Error: TLS object -> incoming plaintext read error
Wed Oct 13 13:36:53 2010 TLS Error: TLS handshake failed
Wed Oct 13 13:36:53 2010 TCP/UDP: Closing socket
Wed Oct 13 13:36:53 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Oct 13 13:36:53 2010 Restart pause, 2 second(s)
Wed Oct 13 13:36:55 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 13 13:36:55 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 13 13:36:55 2010 Re-using SSL/TLS context
Wed Oct 13 13:36:55 2010 LZO compression initialized
Wed Oct 13 13:36:55 2010 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Oct 13 13:36:55 2010 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Oct 13 13:36:56 2010 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Oct 13 13:36:56 2010 Local Options hash (VER=V4): 'd79ca330'
Wed Oct 13 13:36:56 2010 Expected Remote Options hash (VER=V4): 'f7df56b8'
Wed Oct 13 13:36:56 2010 UDPv4 link local: [undef]
Wed Oct 13 13:36:56 2010 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Wed Oct 13 13:36:56 2010 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=049a1e0b 0557f7a2
Wed Oct 13 13:36:56 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 13 13:36:56 2010 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IT/O=efw/CN=efw_CA
Wed Oct 13 13:36:56 2010 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Oct 13 13:36:56 2010 TLS Error: TLS object -> incoming plaintext read error
Wed Oct 13 13:36:56 2010 TLS Error: TLS handshake failed
Wed Oct 13 13:36:56 2010 TCP/UDP: Closing socket
Wed Oct 13 13:36:56 2010 SIGUSR1[soft,tls-error] received, process restarting
Wed Oct 13 13:36:56 2010 Restart pause, 2 second(s)

smartiboy

evtl. blöde Frage, aber da es niemand erwähnt hat...
OpenVPN unter Windows 7 als Administrator gestartet ?

Gruss

nort

Zitat von "smartiboy"

evtl. blöde Frage, aber da es niemand erwähnt hat...
OpenVPN unter Windows 7 als Administrator gestartet ?

Gruss

ja hatte ich in den eigenschaften der exe schon irgendwo angehakt.

gruß
Alex

ffischer

Hallo,
ne da kommt dann eine andere Meldung wenn ich mich nicht irre.
Sowas wie das kein Zugriff auf die Eth. Schnittstelle ist bei Übernahme der IP Adresse.

gruß

cosmocode

Laut Fehlermeldung gibt es ja ein Problem mit dem Zertifikat. Hast du denn wirklich das Zertifikat vom Gateway als CA eingebunden ? Weil wenn man sich das vom Endian WebInterface runterläd heisst das meisten gateway.*

Benutzer online in diesem Thema