Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 10 December 2024, 12:46:28 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  OpenVPN Client configuration and Freedom-IP service
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: OpenVPN Client configuration and Freedom-IP service  (Read 14263 times)
parsifal_sk
Jr. Member
*
Offline Offline

Posts: 2


« on: Thursday 07 April 2016, 04:48:35 pm »

Hi all,
I need help to configure a VPN connection to Freedom-IP service, to browse internet with an Italian IP in Swiss.
I received a .crt file, a .key file and a file with the following configuration:

client
# Ports availables: 443, 53, 8080, 1194, 110, 995
port 443
# Mode availables: TCP (default / safer) and UDP (faster)
proto tcp
dev tun
remote it.freedom-ip.com
resolv-retry infinite
ca ca.crt
tls-auth ta.key 1
auth-user-pass
cipher AES-256-CBC
comp-lzo
verb 1
nobind
ns-cert-type server

If I configure my windows client, all works.
I have some problems only using Endian Firewall (v. 3.0).
These are my last tries:

Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011
Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 LZO compression initialized
Apr 6 18:49:20 endian freedom-ip[4469]: Wed Apr 6 18:49:20 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 Connection reset, restarting
Apr 6 18:49:21 endian freedom-ip[4469]: Wed Apr 6 18:49:21 2016 SIGUSR1[soft,connection-reset] received, process restarting
Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:49:31 endian freedom-ip[4469]: Wed Apr 6 18:49:31 2016 LZO compression initialized
Apr 6 18:49:32 endian freedom-ip[4469]: Wed Apr 6 18:49:32 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 Connection reset, restarting
Apr 6 18:49:33 endian freedom-ip[4469]: Wed Apr 6 18:49:33 2016 SIGUSR1[soft,connection-reset] received, process restarting
Apr 6 18:49:41 endian freedom-ip[4469]: Wed Apr 6 18:49:41 2016 SIGTERM[hard,init_instance] received, process exiting
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 LZO compression initialized
Apr 6 18:49:59 endian freedom-ip[4644]: Wed Apr 6 18:49:59 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TLS Error: TLS object -> incoming plaintext read error
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 TLS Error: TLS handshake failed
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 Fatal TLS error (check_tls_errors_co), restarting
Apr 6 18:50:00 endian freedom-ip[4644]: Wed Apr 6 18:50:00 2016 SIGUSR1[soft,tls-error] received, process restarting
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 LZO compression initialized
Apr 6 18:50:10 endian freedom-ip[4644]: Wed Apr 6 18:50:10 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TLS Error: TLS object -> incoming plaintext read error
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 TLS Error: TLS handshake failed
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 Fatal TLS error (check_tls_errors_co), restarting
Apr 6 18:50:11 endian freedom-ip[4644]: Wed Apr 6 18:50:11 2016 SIGUSR1[soft,tls-error] received, process restarting
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 LZO compression initialized
Apr 6 18:50:21 endian freedom-ip[4644]: Wed Apr 6 18:50:21 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:50:22 endian freedom-ip[4644]: Wed Apr 6 18:50:22 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com
Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 TLS Error: TLS object -> incoming plaintext read error
Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 TLS Error: TLS handshake failed
Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 Fatal TLS error (check_tls_errors_co), restarting
Apr 6 18:50:23 endian freedom-ip[4644]: Wed Apr 6 18:50:23 2016 SIGUSR1[soft,tls-error] received, process restarting
Apr 6 18:50:28 endian freedom-ip[4644]: Wed Apr 6 18:50:28 2016 SIGTERM[hard,init_instance] received, process exiting
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 LZO compression initialized
Apr 6 18:52:34 endian freedom-ip[5340]: Wed Apr 6 18:52:34 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TLS Error: TLS object -> incoming plaintext read error
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 TLS Error: TLS handshake failed
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 Fatal TLS error (check_tls_errors_co), restarting
Apr 6 18:52:35 endian freedom-ip[5340]: Wed Apr 6 18:52:35 2016 SIGUSR1[soft,tls-error] received, process restarting
Apr 6 18:52:44 endian freedom-ip[5340]: Wed Apr 6 18:52:44 2016 SIGTERM[hard,init_instance] received, process exiting
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 OpenVPN 2.1.4 i586-pc-linux [SSL] [LZO2] [EPOLL] built on Jan 28 2011
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 LZO compression initialized
Apr 6 18:59:50 endian freedom-ip[5983]: Wed Apr 6 18:59:50 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TCP connection established with 37.59.88.92:443
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TCPv4_CLIENT link local: [undef]
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 VERIFY ERROR: depth=1, error=certificate signature failure: /C=FR/ST=FR/L=Paris/O=Freedom-IP/OU=Freedom-IP/CN=Freedom-IP/name=Freedom-IP/emailAddress=freedom@freedom-ip.com
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TLS Error: TLS object -> incoming plaintext read error
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 TLS Error: TLS handshake failed
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 Fatal TLS error (check_tls_errors_co), restarting
Apr 6 18:59:51 endian freedom-ip[5983]: Wed Apr 6 18:59:51 2016 SIGUSR1[soft,tls-error] received, process restarting
Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 WARNING: No server certificate verification method has been enabled. See howto for more info.
Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 WARNING: file '/var/efw/openvpnclients/freedom-ip/tls.key' is group or others accessible
Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 Control Channel Authentication: using '/var/efw/openvpnclients/freedom-ip/tls.key' as a OpenVPN static key file
Apr 6 19:00:01 endian freedom-ip[5983]: Wed Apr 6 19:00:01 2016 LZO compression initialized
Apr 6 19:00:03 endian freedom-ip[5983]: Wed Apr 6 19:00:03 2016 Attempting to establish TCP connection with 37.59.88.92:443 [nonblock]
Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 TCP connection established with 37.59.88.92:443
Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 TCPv4_CLIENT link local: [undef]
Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 TCPv4_CLIENT link remote: 37.59.88.92:443
Apr 6 19:00:04 endian freedom-ip[5983]: Wed Apr 6 19:00:04 2016 SIGTERM[hard,init_instance] received, process exiting

If I well understood, I have a problem with the certificate authentication, but I don't know how to solve it.
Any suggestion? Huh
Thanks in advance.

Cheers
Logged
parsifal_sk
Jr. Member
*
Offline Offline

Posts: 2


« Reply #1 on: Thursday 14 April 2016, 04:30:57 pm »

I solved using EFW-3.0.5-beta1.
Cheers
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com