From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,DNS_FROM_OPENWHOIS, SPF_PASS,SUBJ_RE_NUM autolearn=no version=3.2.5 From: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=F3=C1=CC=CF=CD=C1=D4=C9=CE?= To: ALT Linux sysadmins' discussion Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: 176.16.5.2 via proxy [91.144.134.30] Date: Mon, 19 Apr 2010 03:46:19 +0400 References: <20100418194946.2907bcba@sem.localdomain> In-Reply-To: <20100418194946.2907bcba@sem.localdomain> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: X-Spam: Not detected X-Mras: Ok Subject: Re: [Sysadmins] =?koi8-r?b?T3BlblZQTiDTxdLXxdIg3sXSxdogQWx0ZXJhdG9y?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=F3=C1=CC=CF=CD=C1=D4=C9=CE?= , ALT Linux sysadmins' discussion List-Id: ALT Linux sysadmins' discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Apr 2010 23:46:24 -0000 Archived-At: List-Archive: > Порт слушается. > > Там UDP. > nmap -sU -p 1194 176.16.5.12 Замечательно. С сервером все понятно. Работает. Другой такой же сервер использую в качестве клиента. На нем создаю новый SSL ключ vova_client, забираю на подпись. Перехожу на сервер 176.16.5.12 и там в удостоверяющем центре загружаю ключ и подписываю сертификат. Получаю подписанный. В Управлении ключами клиента делаю "Положить сертификат, подписанный УЦ" Получаю нормальный ключ. Срок истекает тогда-то. Создаю OpenVPN-соединение. Указываю сервер 176.16.5.12 ключ vova_client, успешно загружен применить. Ничего не происходит. Apr 19 05:44:32 comp-7912b2 openvpn[21357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Apr 19 05:44:32 comp-7912b2 openvpn[21357]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Apr 19 05:44:32 comp-7912b2 openvpn[21357]: Re-using SSL/TLS context Apr 19 05:44:32 comp-7912b2 openvpn[21357]: LZO compression initialized Apr 19 05:44:32 comp-7912b2 openvpn[21357]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Apr 19 05:44:32 comp-7912b2 openvpn[21357]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Apr 19 05:44:32 comp-7912b2 openvpn[21357]: Local Options hash (VER=V4): '41690919' Apr 19 05:44:32 comp-7912b2 openvpn[21357]: Expected Remote Options hash (VER=V4): '530fdded' Apr 19 05:44:32 comp-7912b2 openvpn[21357]: UDPv4 link local: [undef] Apr 19 05:44:32 comp-7912b2 openvpn[21357]: UDPv4 link remote: 176.16.5.12:1194 Apr 19 05:44:32 comp-7912b2 openvpn[21357]: TLS: Initial packet from 176.16.5.12:1194, sid=aa32e494 6870f787 Apr 19 05:44:33 comp-7912b2 openvpn[21357]: VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /O=openvpn-server/CN=comp-Celeron-M-413ca8.vvv.school.local Apr 19 05:44:33 comp-7912b2 openvpn[21357]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 19 05:44:33 comp-7912b2 openvpn[21357]: TLS Error: TLS object -> incoming plaintext read error Apr 19 05:44:33 comp-7912b2 openvpn[21357]: TLS Error: TLS handshake failed Apr 19 05:44:33 comp-7912b2 openvpn[21357]: TCP/UDP: Closing socket Apr 19 05:44:33 comp-7912b2 openvpn[21357]: SIGUSR1[soft,tls-error] received, process restarting Apr 19 05:44:33 comp-7912b2 openvpn[21357]: Restart pause, 2 second(s)