Title: OpenVPN Client configuration and Freedom-IP service Post by: parsifal_sk on Thursday 07 April 2016, 04:48:35 pm Hi all,
I need help to configure a VPN connection to Freedom-IP service, to browse internet with an Italian IP in Swiss. I received a .crt file, a .key file and a file with the following configuration: client # Ports availables: 443, 53, 8080, 1194, 110, 995 port 443 # Mode availables: TCP (default / safer) and UDP (faster) proto tcp dev tun remote it.freedom-ip.com resolv-retry infinite ca ca.crt tls-auth ta.key 1 auth-user-pass cipher AES-256-CBC comp-lzo verb 1 nobind ns-cert-type server If I configure my windows client, all works. I have some problems only using Endian Firewall (v. 3.0). These are my last tries: Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011 Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 LZO compression initialized Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 Connection reset, restarting Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 LZO compression initialized Apr 6 18:49:32 endian freedom-ip[4469]: Wed Apr 6 18:49:32 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 Connection reset, restarting Apr 6 18:49:41 endian freedom-ip[4469]: Wed Apr 6 18:49:41 2016 SIGTERM[hard,init_instance] received, process exiting Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011 Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 LZO compression initialized Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TLS Error: TLS object -> incoming plaintext read error Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TLS Error: TLS handshake failed Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 Fatal TLS error (check_tls_errors_co), restarting Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 SIGUSR1[soft,tls-error] received, process restarting Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 LZO compression initialized Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TLS Error: TLS object -> incoming plaintext read error Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TLS Error: TLS handshake failed Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 Fatal TLS error (check_tls_errors_co), restarting Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 SIGUSR1[soft,tls-error] received, process restarting Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 LZO compression initialized Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 TLS Error: TLS object -> incoming plaintext read error Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 TLS Error: TLS handshake failed Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 Fatal TLS error (check_tls_errors_co), restarting Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 SIGUSR1[soft,tls-error] received, process restarting Apr 6 18:50:28 endian freedom-ip[4644]: Wed Apr 6 18:50:28 2016 SIGTERM[hard,init_instance] received, process exiting Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011 Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 LZO compression initialized Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TLS Error: TLS object -> incoming plaintext read error Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TLS Error: TLS handshake failed Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 Fatal TLS error (check_tls_errors_co), restarting Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 SIGUSR1[soft,tls-error] received, process restarting Apr 6 18:52:44 endian freedom-ip[5340]: Wed Apr 6 18:52:44 2016 SIGTERM[hard,init_instance] received, process exiting Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011 Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 LZO compression initialized Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TCP connection established with 37.59.88.92:443 Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TCPv4_CLIENT link local: [undef] Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TLS Error: TLS object -> incoming plaintext read error Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TLS Error: TLS handshake failed Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 Fatal TLS error (check_tls_errors_co), restarting Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 SIGUSR1[soft,tls-error] received, process restarting Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 WARNING: No server certificate verification method has been enabled. See howto for more info. Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 LZO compression initialized Apr 6 19:00:03 endian freedom-ip[5983]: Wed Apr 6 19:00:03 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock] Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 TCP connection established with 37.59.88.92:443 Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 TCPv4_CLIENT link local: [undef] Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 TCPv4_CLIENT link remote: 37.59.88.92:443 Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 SIGTERM[hard,init_instance] received, process exiting If I well understood, I have a problem with the certificate authentication, but I don't know how to solve it. Any suggestion? ??? Thanks in advance. Cheers Title: Re: OpenVPN Client configuration and Freedom-IP service Post by: parsifal_sk on Thursday 14 April 2016, 04:30:57 pm I solved using EFW-3.0.5-beta1.
Cheers |