[Eisfair_dev] openvpn2 1.0.6 testing für eisfair1 released

Sa Okt 28 12:41:30 CEST 2017

Hi Ihr beiden,

nachdem nichts ging, habe ich es jetzt mal wie unten geschrieben
durchgeführt.

> 
> ich hab die 1.0.5 deinstalliert, um komplett neu zu beginnen:
> 
> 1.0.6    testing  openvpn2          http://ojaehrling.de/eis/cmd
> 
>   1 package(s) using approx. 8 MB of disk space.
> 
> Install package (y/n) [no]? y
> Downloading required packages ...
> => [####################] openvpn2 (1.0.6)...
>                                                           [  OK  ]
> Done!
> Installation of: openvpn2 (1.0.6) ...
> running preinstall
> running install.sh
> /usr/bin/in.grep: /etc/config.d/openvpn2: No such file or directory
> Please remember: restart OpenVPN manually
> Successfully installed: openvpn2 (1.0.6)!
> 
> Press ENTER to continue
> 
> Dann alte openvpn2 ins /etc/config.d/ kopiert.
> Es wird die ca.key nach Aufrufen und Schließen der Konfig erzeugt. Dann
> die openvpn.key erzeugt. Dann meine drei client-Keys. Dann den
> client-Key exportiert, in meine Win10 Openvpn config kopiert, gestartet,
> rennt!

bei mir nicht.

siehe:

...
Sat Oct 28 12:37:12 2017 Validating certificate key usage
Sat Oct 28 12:37:12 2017 ++ Certificate has key usage  00e0, expects 00a0
Sat Oct 28 12:37:12 2017 ++ Certificate has key usage  00e0, expects 0088
Sat Oct 28 12:37:12 2017 VERIFY KU ERROR
Sat Oct 28 12:37:12 2017 OpenSSL: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed
Sat Oct 28 12:37:12 2017 TLS_ERROR: BIO read tls_read_plaintext error
Sat Oct 28 12:37:12 2017 TLS Error: TLS object -> incoming plaintext
read error
Sat Oct 28 12:37:12 2017 TLS Error: TLS handshake failed
Sat Oct 28 12:37:12 2017 Fatal TLS error (check_tls_errors_co), restarting
Sat Oct 28 12:37:12 2017 SIGUSR1[soft,tls-error] received, process
restarting
Sat Oct 28 12:37:12 2017 MANAGEMENT:
>STATE:1509187032,RECONNECTING,tls-error,,
Sat Oct 28 12:37:12 2017 Restart pause, 5 second(s)
...

OPENVPN2_SERVER_ACTIVE='yes'           # Activate OpenVPN-Server
OPENVPN2_SERVER_CERT='remote-cert-tls' # use remote-cert-tls or ns-cert-type
OPENVPN2_SERVER_CERT_HASH='sha512'     # select hash
OPENVPN2_SERVER_USE_IPV6='no'          # Use ipv6 on wan-site

Ich hab grad kein Plan mehr.