全球主机交流论坛

标题: openvpn [打印本页]

---

作者: mofei5566    时间: 2011-4-23 14:54
标题: openvpn
我前两天还可以上，今天却发现这台机子始终连接不上，但是另一台却可以（使用同一个客户端）,
以下是log，请高人看看
Sat Apr 23 14:50:54 2011 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov  8 2010
Sat Apr 23 14:50:54 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 23 14:50:55 2011 LZO compression initialized
Sat Apr 23 14:50:55 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 23 14:50:55 2011 Socket Buffers: R=[8192->65536] S=[8192->8192]
Sat Apr 23 14:50:55 2011 Data Channel MTU parms [ L:1542 D:1472 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 23 14:50:55 2011 Local Options hash (VER=V4): '41690919'
Sat Apr 23 14:50:55 2011 Expected Remote Options hash (VER=V4): '530fdded'
Sat Apr 23 14:50:55 2011 UDPv4 link local: [undef]
Sat Apr 23 14:50:55 2011 UDPv4 link remote: 173.231.xx.44:1194
Sat Apr 23 14:50:55 2011 TLS: Initial packet from 173.231.xx.44:1194, sid=c189ce52 88e466bf
Sat Apr 23 14:50:56 2011 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanFrancisco/O=xxx/CN=xxx_CA/[email protected]
Sat Apr 23 14:50:56 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Apr 23 14:50:56 2011 TLS Error: TLS object -> incoming plaintext read error
Sat Apr 23 14:50:56 2011 TLS Error: TLS handshake failed
Sat Apr 23 14:50:56 2011 TCP/UDP: Closing socket
Sat Apr 23 14:50:56 2011 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 23 14:50:56 2011 Restart pause, 2 second(s)
Sat Apr 23 14:50:58 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 23 14:50:58 2011 Re-using SSL/TLS context
Sat Apr 23 14:50:58 2011 LZO compression initialized
Sat Apr 23 14:50:58 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 23 14:50:58 2011 Socket Buffers: R=[8192->65536] S=[8192->8192]
Sat Apr 23 14:50:58 2011 Data Channel MTU parms [ L:1542 D:1472 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 23 14:50:58 2011 Local Options hash (VER=V4): '41690919'
Sat Apr 23 14:50:58 2011 Expected Remote Options hash (VER=V4): '530fdded'
Sat Apr 23 14:50:58 2011 UDPv4 link local: [undef]
Sat Apr 23 14:50:58 2011 UDPv4 link remote: 173.231.xx.44:1194
Sat Apr 23 14:50:59 2011 TLS: Initial packet from 173.231.xx.44:1194, sid=0307a7a4 9a564bb2
Sat Apr 23 14:51:00 2011 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanFrancisco/O=xxx/CN=xxx_CA/[email protected]
Sat Apr 23 14:51:00 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Apr 23 14:51:00 2011 TLS Error: TLS object -> incoming plaintext read error
Sat Apr 23 14:51:00 2011 TLS Error: TLS handshake failed
Sat Apr 23 14:51:00 2011 TCP/UDP: Closing socket
Sat Apr 23 14:51:00 2011 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 23 14:51:00 2011 Restart pause, 2 second(s)
Sat Apr 23 14:51:02 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 23 14:51:02 2011 Re-using SSL/TLS context
Sat Apr 23 14:51:02 2011 LZO compression initialized
Sat Apr 23 14:51:02 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 23 14:51:02 2011 Socket Buffers: R=[8192->65536] S=[8192->8192]
Sat Apr 23 14:51:02 2011 Data Channel MTU parms [ L:1542 D:1472 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 23 14:51:02 2011 Local Options hash (VER=V4): '41690919'
Sat Apr 23 14:51:02 2011 Expected Remote Options hash (VER=V4): '530fdded'
Sat Apr 23 14:51:02 2011 UDPv4 link local: [undef]
Sat Apr 23 14:51:02 2011 UDPv4 link remote: 173.231.xx.44:1194
Sat Apr 23 14:51:02 2011 TLS: Initial packet from 173.231.xx.44:1194, sid=2886e94e e246055d
Sat Apr 23 14:51:03 2011 SIGTERM received, sending exit notification to peer
Sat Apr 23 14:51:03 2011 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanFrancisco/O=xxx/CN=xxx_CA/[email protected]
Sat Apr 23 14:51:03 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Apr 23 14:51:03 2011 TLS Error: TLS object -> incoming plaintext read error
Sat Apr 23 14:51:03 2011 TLS Error: TLS handshake failed
Sat Apr 23 14:51:03 2011 TCP/UDP: Closing socket
Sat Apr 23 14:51:03 2011 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 23 14:51:03 2011 Restart pause, 2 second(s)
Sat Apr 23 14:51:05 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 23 14:51:05 2011 Re-using SSL/TLS context
Sat Apr 23 14:51:05 2011 LZO compression initialized
Sat Apr 23 14:51:05 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 23 14:51:05 2011 Socket Buffers: R=[8192->65536] S=[8192->8192]
Sat Apr 23 14:51:05 2011 Data Channel MTU parms [ L:1542 D:1472 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 23 14:51:05 2011 Local Options hash (VER=V4): '41690919'
Sat Apr 23 14:51:05 2011 Expected Remote Options hash (VER=V4): '530fdded'
Sat Apr 23 14:51:05 2011 UDPv4 link local: [undef]
Sat Apr 23 14:51:05 2011 UDPv4 link remote: 173.231.xx.44:1194
Sat Apr 23 14:51:06 2011 TLS: Initial packet from 173.231.xx.44:1194, sid=d4b5263c 74741154
Sat Apr 23 14:51:07 2011 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanFrancisco/O=xxx/CN=xxx_CA/[email protected]
Sat Apr 23 14:51:07 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Apr 23 14:51:07 2011 TLS Error: TLS object -> incoming plaintext read error
Sat Apr 23 14:51:07 2011 TLS Error: TLS handshake failed
Sat Apr 23 14:51:07 2011 TCP/UDP: Closing socket
Sat Apr 23 14:51:07 2011 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 23 14:51:07 2011 Restart pause, 2 second(s)
Sat Apr 23 14:51:09 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 23 14:51:09 2011 Re-using SSL/TLS context
Sat Apr 23 14:51:09 2011 LZO compression initialized
Sat Apr 23 14:51:09 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sat Apr 23 14:51:09 2011 Socket Buffers: R=[8192->65536] S=[8192->8192]
Sat Apr 23 14:51:09 2011 Data Channel MTU parms [ L:1542 D:1472 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 23 14:51:09 2011 Local Options hash (VER=V4): '41690919'
Sat Apr 23 14:51:09 2011 Expected Remote Options hash (VER=V4): '530fdded'
Sat Apr 23 14:51:09 2011 UDPv4 link local: [undef]
Sat Apr 23 14:51:09 2011 UDPv4 link remote: 173.231.xx.44:1194
Sat Apr 23 14:51:09 2011 TLS: Initial packet from 173.231.xx.44:1194, sid=71e4c0b2 d7ed8e61
Sat Apr 23 14:51:11 2011 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=US/ST=CA/L=SanFrancisco/O=xxx/CN=xxx_CA/[email protected]
Sat Apr 23 14:51:11 2011 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sat Apr 23 14:51:11 2011 TLS Error: TLS object -> incoming plaintext read error
Sat Apr 23 14:51:11 2011 TLS Error: TLS handshake failed
Sat Apr 23 14:51:11 2011 TCP/UDP: Closing socket
Sat Apr 23 14:51:11 2011 SIGUSR1[soft,tls-error] received, process restarting
Sat Apr 23 14:51:11 2011 Restart pause, 2 second(s)

---

作者: serverpoint    时间: 2011-4-23 14:56
提示: 作者被禁止或删除 内容自动屏蔽

---

作者: mofei5566    时间: 2011-4-23 14:58
标题: 回复 2# 的帖子
验证失败？用的是同一个客户端啊，另一个机子上就是好的！这个前面也是好的，莫名的就成这样了

---

作者: mikj521    时间: 2011-4-23 15:03
   悲剧了

---

作者: windywinter    时间: 2011-4-23 15:11

原帖由 mofei5566 于 2011-4-23 14:58 发表
验证失败？用的是同一个客户端啊，另一个机子上就是好的！这个前面也是好的，莫名的就成这样了

把另一台机子上的证书复制过来。

---

作者: javaluo    时间: 2011-4-23 15:17
LS正解。。。。。。

---

作者: mofei5566    时间: 2011-4-23 15:48
标题: 回复 5# 的帖子
复制过了，OPENVPN都让我重装了一遍，还是那样！

---

作者: windywinter    时间: 2011-4-23 16:07

原帖由 mofei5566 于 2011-4-23 15:48 发表
复制过了，OPENVPN都让我重装了一遍，还是那样！

run this

1. openssl verify -CAfile <ca.crt> <client.crt>

复制代码

---

欢迎光临 全球主机交流论坛 (https://sunk.eu.org/)

Powered by Discuz! X3.4