VPN connection problems

[gjc1000]

Starting to feel like a pest to you guys, but I am having a installation problem with openvpn on the HDA side of the things. After following the wiki, I get the following:

Mon Feb 2 20:58:22 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Feb 2 20:58:22 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Feb 2 20:58:22 2009 Cannot load certificate file AmahiHDAClient.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Mon Feb 2 20:58:22 2009 Exiting

FYI: You have been very helpful and understanding, thank you. There are bright spots: samba shares work great, been 24/7 for a while using DNS/DCHP, two out of three web apps installed and working (gallery still escapes me), learning linux.......slowly, 200 + dvd's copied to server, family is happy, I am happy and having fun. Thank you so much! gjc1000

[cpg]

not a problem gjc. thanks for your persistance!

Cannot load certificate file AmahiHDAClient.crt

looks like your VPN client is linux?
(remember, always put details about your context)

searching for this error seems to indicate that there may be an issue with the certificate.

note that the way the certificate is attached to the amahi wiki vpn page, one has to click twice to get to the direct link to the certificate. you may have to "save link as ..." to save it to disk.

so, make sure the certificate is correct on that ground. incidentally, the md5sum of that file is

Code: Select all

0d8d483d41cb582ccc107a6440526fc8

you may also check the capitalization is correct.

[gjc1000]

OK, so I screwed up and figured out I was trying to VPN into the Server from the server. So now I am trying to VPN into the server from work and I am getting two different messages, Try1 and then Try2. I am using the HDAConnect client on XP pro machine. Any ideas?
Try 1
Wed Feb 11 16:08:54 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Feb 11 16:08:54 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Feb 11 16:08:54 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Feb 11 16:08:54 2009 LZO compression initialized
Wed Feb 11 16:08:54 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Feb 11 16:08:54 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 11 16:08:54 2009 Local Options hash (VER=V4): '41690919'
Wed Feb 11 16:08:54 2009 Expected Remote Options hash (VER=V4): '530fdded'
Wed Feb 11 16:08:54 2009 UDPv4 link local: [undef]
Wed Feb 11 16:08:54 2009 UDPv4 link remote: 67.169.53.19:1194
Wed Feb 11 16:08:54 2009 TLS: Initial packet from 67.169.53.19:1194, sid=18183915 4a0875d6
Wed Feb 11 16:08:55 2009 VERIFY OK: depth=1, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=yourhda.com/emailAddress=info@homehda.com
Wed Feb 11 16:08:55 2009 VERIFY OK: depth=0, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=server/emailAddress=info@homehda.com
Wed Feb 11 16:08:58 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 16:08:58 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 16:08:58 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 16:08:58 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 16:08:58 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 11 16:08:58 2009 [server] Peer Connection Initiated with 67.169.53.19:1194
Wed Feb 11 16:08:59 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Feb 11 16:08:59 2009 AUTH: Received AUTH_FAILED control message
Wed Feb 11 16:08:59 2009 TCP/UDP: Closing socket
Wed Feb 11 16:08:59 2009 SIGTERM[soft,auth-failure] received, process exiting
Wed Feb 11 16:09:20 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Wed Feb 11 16:09:20 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Feb 11 16:09:20 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Feb 11 16:09:20 2009 LZO compression initialized
Wed Feb 11 16:09:20 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Feb 11 16:09:20 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 11 16:09:20 2009 Local Options hash (VER=V4): '41690919'
Wed Feb 11 16:09:20 2009 Expected Remote Options hash (VER=V4): '530fdded'
Wed Feb 11 16:09:20 2009 UDPv4 link local: [undef]
Wed Feb 11 16:09:20 2009 UDPv4 link remote: 67.169.53.19:1194
Wed Feb 11 16:09:21 2009 TLS: Initial packet from 67.169.53.19:1194, sid=91368ebb 3e903ef8
Wed Feb 11 16:09:22 2009 VERIFY OK: depth=1, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=yourhda.com/emailAddress=info@homehda.com
Wed Feb 11 16:09:22 2009 VERIFY OK: depth=0, /C=US/ST=CA/L=SanJose/O=HomeHDA/OU=VPN/CN=server/emailAddress=info@homehda.com
Wed Feb 11 16:09:26 2009 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 16:09:26 2009 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 16:09:26 2009 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 16:09:26 2009 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 16:09:26 2009 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 11 16:09:26 2009 [server] Peer Connection Initiated with 67.169.53.19:1194
Wed Feb 11 16:09:27 2009 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Feb 11 16:09:27 2009 AUTH: Received AUTH_FAILED control message
Wed Feb 11 16:09:27 2009 TCP/UDP: Closing socket
Wed Feb 11 16:09:27 2009 SIGTERM[soft,auth-failure] received, process exiting

Try 2
Mon Feb 16 09:33:47 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Feb 16 09:33:47 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Feb 16 09:33:47 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Feb 16 09:33:47 2009 LZO compression initialized
Mon Feb 16 09:33:47 2009 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Feb 16 09:33:47 2009 RESOLVE: Cannot resolve host address: gcj10002.yourhda.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Feb 16 09:33:47 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Feb 16 09:33:47 2009 Local Options hash (VER=V4): '41690919'
Mon Feb 16 09:33:47 2009 Expected Remote Options hash (VER=V4): '530fdded'
Mon Feb 16 09:33:47 2009 RESOLVE: Cannot resolve host address: gcj10002.yourhda.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Feb 16 09:33:52 2009 RESOLVE: Cannot resolve host address: gcj10002.yourhda.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Feb 16 09:33:57 2009 RESOLVE: Cannot resolve host address: gcj10002.yourhda.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Feb 16 09:34:02 2009 RESOLVE: Cannot resolve host address: gcj10002.yourhda.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Feb 16 09:34:07 2009 RESOLVE: Cannot resolve host address: gcj10002.yourhda.com: [NO_DATA] The requested name is valid but does not have an IP address.


On a differnt note, I tried to upload the two tries using a windows notepad (.txt) and an word (.doc) but both times the "post a reply" screen said that these extensions are not allowed. What am I doing wrong?

[moredruid]

not sure why the attachments don't work, but my guess is that cpg only enable gif, jpg and jpeg attachments. Text can be copied and pasted between the "code" and "/code" brackets in a post so it won't toss up the layout or information you're trying to give.

Sorry to be of no help regarding the VPN part, it's not something that I use (SSH works fine for me and is configured very strict)

[gjc1000]

would ssh be a better alternative than VPN.

[moredruid]

uhm, for me it is

however, you don't get your normal "network neighbourhood" as you would with vpn.
I don't care about other systems on my network and for the visual part I can just have all X-applications forwarded to the system I'm working on at that time. I don't like VNC, X11 was designed to work over a network so why introduce another layer?
If you easily want to transfer files for instance then the best way is to use vpn, SSH won't help you, it's only meant to be a terminal emulator although most programs can do a whole lot more (secure copy, tunneling, etc.)

[gjc1000]

so I will stick with VPN , I'll play with SSH later

[cpg]

so, the VPN is working for you gjc1000?

[gjc1000]

no. I got side tracked with moredruid

[cpg]

ok, try 1 fails with an authentication failure.

try 2 fails because the dynamic dns host name used (the "nickname") does not resolve.

if you are open to someone getting in temporarily, we often help people in the irc channel.

also, it's not clear if these are the server logs or the client logs.

looking at the server logs may help (/var/log/messages).