fabioholliday
(usa Debian)
Enviado em 27/08/2015 - 00:57h
OLá pessoal faz muito tempo que não posto nada pora qui, vamos lá.. hj trabalho cocmo admin em redes em um grande orgão federal, e estou implantando uma vpn. no entando já fiz e refiz tudo certdinho e não conecta de forma alguma.. gero as chaves no servidor, copior as chaves para o clientes e continua o mesmo erro, mas se eu criar a VPN com chave estatica funciona. vou postar aqui o erro que dá no cliente ao tentar conectar.
sudo openvpn --config cliente.conf
Wed Aug 26 22:18:13 2015 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Wed Aug 26 22:18:13 2015 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Wed Aug 26 22:18:13 2015 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Wed Aug 26 22:18:13 2015 TUN/TAP device tun0 opened
Wed Aug 26 22:18:13 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 26 22:18:13 2015 /sbin/ip link set dev tun0 up mtu 1500
Wed Aug 26 22:18:13 2015 /sbin/ip addr add dev tun0 local 10.0.5.2 peer 255.255.255.0
Wed Aug 26 22:18:13 2015 UDPv4 link local (bound): [undef]
Wed Aug 26 22:18:13 2015 UDPv4 link remote: [AF_INET]189.43.181.34:1194
Wed Aug 26 22:18:14 2015 VERIFY ERROR: depth=1, error=certificate has expired: C=BR, ST=MA, L=SaoLuis, O=NUTELMA, CN=NUTELMA CA, emailAddress=suporte@linuxf5.com.br
Wed Aug 26 22:18:14 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Aug 26 22:18:14 2015 TLS Error: TLS object -> incoming plaintext read error
Wed Aug 26 22:18:14 2015 TLS Error: TLS handshake failed
Wed Aug 26 22:18:14 2015 /sbin/ip addr del dev tun0 local 10.0.5.2 peer 255.255.255.0
Wed Aug 26 22:18:14 2015 SIGUSR1[soft,tls-error] received, process restarting
Wed Aug 26 22:18:16 2015 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Wed Aug 26 22:18:16 2015 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
Wed Aug 26 22:18:16 2015 TUN/TAP device tun0 opened
Wed Aug 26 22:18:16 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Aug 26 22:18:16 2015 /sbin/ip link set dev tun0 up mtu 1500
Wed Aug 26 22:18:16 2015 /sbin/ip addr add dev tun0 local 10.0.5.2 peer 255.255.255.0
Wed Aug 26 22:18:16 2015 UDPv4 link local (bound): [undef]
Wed Aug 26 22:18:16 2015 UDPv4 link remote: [AF_INET]xx.xx.xx.xx.:1194
Wed Aug 26 22:18:16 2015 TLS Error: Unroutable control packet received from [AF_INET]189.43.181.34:1194 (si=3 op=P_CONTROL_V1)
Wed Aug 26 22:18:17 2015 TLS Error: Unroutable control packet received from [AF_INET]189.43.181.34:1194 (si=3 op=P_CONTROL_V1)
Wed Aug 26 22:18:17 2015 VERIFY ERROR: depth=1, error=certificate has expired: C=BR, ST=MA, L=SaoLuis, O=NUTELMA, CN=NUTELMA CA, emailAddress=suporte@linuxf5.com.br
Wed Aug 26 22:18:17 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Aug 26 22:18:17 2015 TLS Error: TLS object -> incoming plaintext read error
Wed Aug 26 22:18:17 2015 TLS Error: TLS handshake failed
Wed Aug 26 22:18:17 2015 /sbin/ip addr del dev tun0 local 10.0.5.2 peer 255.255.255.0
Wed Aug 26 22:18:17 2015 SIGUSR1[soft,tls-error] received, process restarting
^CWed Aug 26 22:18:18 2015 SIGINT[hard,init_instance] received, process exiting