*GELÖST* OpenVPN am Router

skapi · Beitrag von **skapi** » Mi 19. Nov 2014, 10:48

Hi!

Ich will auf meinem DD-wrt Router einen OpenVPN Server erstellen und dann mit meinen Geräten darauf zugreifen.
Zertifikate hab ich erstellt (easy-rsa), der OpenVPN Server läuft auch, jedoch kann ich mit meinem Clienten nicht darauf zugreifen. Der Router wurde komplett firsch aufgesetzt und ist mit meinem Mac per lan verbunden.

Config am Router:

Spoiler

Show

OpenVPN -> Enable
Start Type -> System
Conig as -> Server
Server mode -> Router (TUN)
Nemask -> 255.255.255.0
Port -> 1194
Protocol -> UDP
Encryption -> Blowfish CBC
Hash Algorithm -> MD5
Advanced Options-> Disabled

4 Zertifikate eingetragen

Log am Router nach dem Start

Spoiler

Show

Serverlog 19700101 00:00:05 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
19700101 00:00:05 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
19700101 00:00:05 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:06 Diffie-Hellman initialized with 1024 bit key
19700101 00:00:06 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:00:06 I TUN/TAP device tun2 opened
19700101 00:00:06 TUN/TAP TX queue length set to 100
19700101 00:00:06 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
19700101 00:00:06 I /sbin/ifconfig tun2 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
19700101 00:00:06 I UDPv4 link local (bound): [undef]
19700101 00:00:06 I UDPv4 link remote: [undef]
19700101 00:00:06 MULTI: multi_init called r=256 v=256
19700101 00:00:06 IFCONFIG POOL: base=10.8.0.2 size=252 ipv6=0
19700101 00:00:06 I Initialization Sequence Completed
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'state'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'state'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'state'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'status 2'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog

Tunnelblick config am Mac

Spoiler

Show

client
dev tun
proto udp
remote 10.8.0.0 1194
resolv-retry infinite
nobind
persist-key
persist-tun
float

ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server

comp-lzo
verb 3

Log nachdem ich bei Tunnelblick auf Verbinden klicke

Log am Router

Spoiler

Show

Common Name
Real Address
Virtual Address
Bytes Received
Bytes Sent
Connected Since
Connected Since (time_t)
UNDEF
192.168.1.120:56744

730
4528
Thu Jan 1 00:06:54 1970
414
UNDEF
192.168.1.120:61132

730
4414
Thu Jan 1 00:06:54 1970
414
UNDEF
192.168.1.120:65363

730
4642
Thu Jan 1 00:06:52 1970
412
UNDEF
192.168.1.120:56712

730
4642
Thu Jan 1 00:06:53 1970
413
UNDEF
192.168.1.120:65530

730
4528
Thu Jan 1 00:06:51 1970
411
UNDEF
192.168.1.120:52367

730
4528
Thu Jan 1 00:06:53 1970
413
UNDEF
192.168.1.120:61037

730
4528
Thu Jan 1 00:06:55 1970
415
UNDEF
192.168.1.120:54906

730
4642
Thu Jan 1 00:06:52 1970
412
UNDEF
192.168.1.120:60160

730
4528
Thu Jan 1 00:06:54 1970
414
UNDEF
192.168.1.120:50852

730
4414
Thu Jan 1 00:06:52 1970
412
UNDEF
192.168.1.120:60428

730
4642
Thu Jan 1 00:06:51 1970
411
UNDEF
192.168.1.120:58493

730
4528
Thu Jan 1 00:06:52 1970
412
UNDEF
192.168.1.120:60275

730
4300
Thu Jan 1 00:06:54 1970
414
UNDEF
192.168.1.120:57895

730
4528
Thu Jan 1 00:06:53 1970
413
UNDEF
192.168.1.120:53866

730
4528
Thu Jan 1 00:06:54 1970
414
UNDEF
192.168.1.120:56897

730
4642
Thu Jan 1 00:06:53 1970
413

Serverlog 19700101 00:00:05 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
19700101 00:00:05 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
19700101 00:00:05 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:06 Diffie-Hellman initialized with 1024 bit key
19700101 00:00:06 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:00:06 I TUN/TAP device tun2 opened
19700101 00:00:06 TUN/TAP TX queue length set to 100
19700101 00:00:06 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
19700101 00:00:06 I /sbin/ifconfig tun2 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
19700101 00:00:06 I UDPv4 link local (bound): [undef]
19700101 00:00:06 I UDPv4 link remote: [undef]
19700101 00:00:06 MULTI: multi_init called r=256 v=256
19700101 00:00:06 IFCONFIG POOL: base=10.8.0.2 size=252 ipv6=0
19700101 00:00:06 I Initialization Sequence Completed
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'state'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'state'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'state'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'status 2'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:06:03 D MANAGEMENT: CMD 'log 500'
19700101 00:06:03 MANAGEMENT: Client disconnected
19700101 00:06:51 192.168.1.120:60428 TLS: Initial packet from [AF_INET]192.168.1.120:60428 sid=ced94b02 16bac715
19700101 00:06:51 192.168.1.120:65530 TLS: Initial packet from [AF_INET]192.168.1.120:65530 sid=6080a59c f594529e
19700101 00:06:52 192.168.1.120:54906 TLS: Initial packet from [AF_INET]192.168.1.120:54906 sid=ddccbe36 896cf200
19700101 00:06:52 192.168.1.120:58493 NOTE: --mute triggered...
19700101 00:07:27 13 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:07:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:07:27 D MANAGEMENT: CMD 'state'
19700101 00:07:27 MANAGEMENT: Client disconnected
19700101 00:07:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:07:27 D MANAGEMENT: CMD 'state'
19700101 00:07:27 MANAGEMENT: Client disconnected
19700101 00:07:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:07:27 D MANAGEMENT: CMD 'state'
19700101 00:07:27 MANAGEMENT: Client disconnected
19700101 00:07:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:07:27 D MANAGEMENT: CMD 'status 2'
19700101 00:07:27 MANAGEMENT: Client disconnected
19700101 00:07:27 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:07:27 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog

Tunnelblick log

Spoiler

Show

2014-11-19 07:51:57 *Tunnelblick: openvpnstart starting OpenVPN
2014-11-19 07:51:57 *Tunnelblick: OS X 10.10.0; Tunnelblick 3.4.1 (build 4054)
2014-11-19 07:51:57 *Tunnelblick: Attempting connection with client; Set nameserver = 1; monitoring connection
2014-11-19 07:51:57 *Tunnelblick: openvpnstart start client.tblk 1337 1 0 3 0 16688 -ptADGNWradsgnw 2.3.4
2014-11-19 07:51:58 *Tunnelblick: openvpnstart log:
Tunnelblick:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.4/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_16688.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -f -ptADGNWradsgnw

2014-11-19 07:51:58 *Tunnelblick: Established communication with OpenVPN
2014-11-19 07:51:58 OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 15 2014
2014-11-19 07:51:58 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
2014-11-19 07:51:58 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2014-11-19 07:51:58 Need hold release from management interface, waiting...
2014-11-19 07:51:58 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2014-11-19 07:51:58 MANAGEMENT: CMD 'pid'
2014-11-19 07:51:58 MANAGEMENT: CMD 'state on'
2014-11-19 07:51:58 MANAGEMENT: CMD 'state'
2014-11-19 07:51:58 MANAGEMENT: CMD 'bytecount 1'
2014-11-19 07:51:58 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:58 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:58 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:58 UDPv4 link local: [undef]
2014-11-19 07:51:58 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:58 MANAGEMENT: >STATE:1416379918,WAIT,,,
2014-11-19 07:51:58 MANAGEMENT: >STATE:1416379918,AUTH,,,
2014-11-19 07:51:58 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=6bc4dc4a d577162a
2014-11-19 07:51:58 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:51:58 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:51:58 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:51:58 TLS Error: TLS handshake failed
2014-11-19 07:51:58 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:51:58 MANAGEMENT: >STATE:1416379918,RECONNECTING,tls-error,,
2014-11-19 07:51:58 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:58 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:58 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:58 UDPv4 link local: [undef]
2014-11-19 07:51:58 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:58 MANAGEMENT: >STATE:1416379918,WAIT,,,
2014-11-19 07:51:58 MANAGEMENT: >STATE:1416379918,AUTH,,,
2014-11-19 07:51:58 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=bbebb6e9 3522f561
2014-11-19 07:51:59 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:51:59 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:51:59 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:51:59 TLS Error: TLS handshake failed
2014-11-19 07:51:59 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,RECONNECTING,tls-error,,
2014-11-19 07:51:59 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:59 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:59 UDPv4 link local: [undef]
2014-11-19 07:51:59 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,WAIT,,,
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,AUTH,,,
2014-11-19 07:51:59 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=095bd320 a0e6da60
2014-11-19 07:51:59 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:51:59 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:51:59 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:51:59 TLS Error: TLS handshake failed
2014-11-19 07:51:59 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,RECONNECTING,tls-error,,
2014-11-19 07:51:59 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:59 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:59 UDPv4 link local: [undef]
2014-11-19 07:51:59 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,WAIT,,,
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,AUTH,,,
2014-11-19 07:51:59 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=20df2d71 e354cd68
2014-11-19 07:51:59 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:51:59 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:51:59 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:51:59 TLS Error: TLS handshake failed
2014-11-19 07:51:59 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,RECONNECTING,tls-error,,
2014-11-19 07:51:59 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:59 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:59 UDPv4 link local: [undef]
2014-11-19 07:51:59 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,WAIT,,,
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,AUTH,,,
2014-11-19 07:51:59 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=88e6db30 6bef1ef7
2014-11-19 07:51:59 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:51:59 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:51:59 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:51:59 TLS Error: TLS handshake failed
2014-11-19 07:51:59 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,RECONNECTING,tls-error,,
2014-11-19 07:51:59 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:59 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:59 UDPv4 link local: [undef]
2014-11-19 07:51:59 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,WAIT,,,
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,AUTH,,,
2014-11-19 07:51:59 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=16e1f1db 4a5b70cc
2014-11-19 07:51:59 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:51:59 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:51:59 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:51:59 TLS Error: TLS handshake failed
2014-11-19 07:51:59 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,RECONNECTING,tls-error,,
2014-11-19 07:51:59 MANAGEMENT: CMD 'hold release'
2014-11-19 07:51:59 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:51:59 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:51:59 UDPv4 link local: [undef]
2014-11-19 07:51:59 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,WAIT,,,
2014-11-19 07:51:59 MANAGEMENT: >STATE:1416379919,AUTH,,,
2014-11-19 07:51:59 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=69cf7e52 2a87a478
2014-11-19 07:52:00 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:00 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:00 TLS Error: TLS handshake failed
2014-11-19 07:52:00 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,RECONNECTING,tls-error,,
2014-11-19 07:52:00 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:00 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:00 UDPv4 link local: [undef]
2014-11-19 07:52:00 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,WAIT,,,
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,AUTH,,,
2014-11-19 07:52:00 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=974eb8de 973d518d
2014-11-19 07:52:00 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:00 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:00 TLS Error: TLS handshake failed
2014-11-19 07:52:00 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,RECONNECTING,tls-error,,
2014-11-19 07:52:00 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:00 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:00 UDPv4 link local: [undef]
2014-11-19 07:52:00 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,WAIT,,,
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,AUTH,,,
2014-11-19 07:52:00 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=c9885e12 40a5ccdc
2014-11-19 07:52:00 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:00 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:00 TLS Error: TLS handshake failed
2014-11-19 07:52:00 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,RECONNECTING,tls-error,,
2014-11-19 07:52:00 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:00 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:00 UDPv4 link local: [undef]
2014-11-19 07:52:00 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,WAIT,,,
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,AUTH,,,
2014-11-19 07:52:00 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=2a9715a4 bafcb2c1
2014-11-19 07:52:00 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:00 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:00 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:00 TLS Error: TLS handshake failed
2014-11-19 07:52:00 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,RECONNECTING,tls-error,,
2014-11-19 07:52:00 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:00 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:00 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:00 UDPv4 link local: [undef]
2014-11-19 07:52:00 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,WAIT,,,
2014-11-19 07:52:00 MANAGEMENT: >STATE:1416379920,AUTH,,,
2014-11-19 07:52:00 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=1d5d50b0 0e252df3
2014-11-19 07:52:01 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:01 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:01 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:01 TLS Error: TLS handshake failed
2014-11-19 07:52:01 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,RECONNECTING,tls-error,,
2014-11-19 07:52:01 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:01 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:01 UDPv4 link local: [undef]
2014-11-19 07:52:01 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,WAIT,,,
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,AUTH,,,
2014-11-19 07:52:01 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=918b1d10 9b5b0d41
2014-11-19 07:52:01 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:01 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:01 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:01 TLS Error: TLS handshake failed
2014-11-19 07:52:01 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,RECONNECTING,tls-error,,
2014-11-19 07:52:01 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:01 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:01 UDPv4 link local: [undef]
2014-11-19 07:52:01 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,WAIT,,,
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,AUTH,,,
2014-11-19 07:52:01 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=67a25391 798e2c51
2014-11-19 07:52:01 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:01 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:01 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:01 TLS Error: TLS handshake failed
2014-11-19 07:52:01 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,RECONNECTING,tls-error,,
2014-11-19 07:52:01 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:01 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:01 UDPv4 link local: [undef]
2014-11-19 07:52:01 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,WAIT,,,
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,AUTH,,,
2014-11-19 07:52:01 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=86906daf bcf0fd6a
2014-11-19 07:52:01 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:01 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:01 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:01 TLS Error: TLS handshake failed
2014-11-19 07:52:01 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,RECONNECTING,tls-error,,
2014-11-19 07:52:01 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:01 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:01 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:01 UDPv4 link local: [undef]
2014-11-19 07:52:01 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,WAIT,,,
2014-11-19 07:52:01 MANAGEMENT: >STATE:1416379921,AUTH,,,
2014-11-19 07:52:01 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=6fd2f57d 2e68a3bf
2014-11-19 07:52:02 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:02 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:02 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:02 TLS Error: TLS handshake failed
2014-11-19 07:52:02 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:02 MANAGEMENT: >STATE:1416379922,RECONNECTING,tls-error,,
2014-11-19 07:52:02 MANAGEMENT: CMD 'hold release'
2014-11-19 07:52:02 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 07:52:02 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 07:52:02 UDPv4 link local: [undef]
2014-11-19 07:52:02 UDPv4 link remote: [AF_INET]10.8.0.0:1194
2014-11-19 07:52:02 MANAGEMENT: >STATE:1416379922,WAIT,,,
2014-11-19 07:52:02 MANAGEMENT: >STATE:1416379922,AUTH,,,
2014-11-19 07:52:02 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=26a02a88 a2827b94
2014-11-19 07:52:02 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2014-11-19 07:52:02 *Tunnelblick: Disconnecting using 'kill'
2014-11-19 07:52:02 VERIFY ERROR: depth=0, error=unsupported certificate purpose: C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=mail@host.domain
2014-11-19 07:52:02 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2014-11-19 07:52:02 TLS Error: TLS object -> incoming plaintext read error
2014-11-19 07:52:02 TLS Error: TLS handshake failed
2014-11-19 07:52:02 SIGUSR1[soft,tls-error] received, process restarting
2014-11-19 07:52:02 MANAGEMENT: >STATE:1416379922,RECONNECTING,tls-error,,
2014-11-19 07:52:02 SIGTERM[hard,init_instance] received, process exiting
2014-11-19 07:52:02 MANAGEMENT: >STATE:1416379922,EXITING,init_instance,,
2014-11-19 07:52:03 *Tunnelblick: No 'post-disconnect.sh' script to execute
2014-11-19 07:52:03 *Tunnelblick: Expected disconnection occurred.

Wenn ich mir denn Tunnelblick log ansehe, scheint etwas mit den Zertifikaten nicht zu stimmen, sehe ich das richtig so?
Wenn ja, was kann ich dagegen tun? Ich hab schon zig male die Zertifikte neu erstellt und geändert.

LG

Beitrag von **jensebub** » Mi 19. Nov 2014, 11:18

Hallo, wenn ich Tunnelblick und openvpn bei Google suche, finde ich hier folgendes:

Converting OpenVPN Configurations to Tunnelblick VPN Configurations

Tunnelblick version 3.3beta22 and higher can convert OpenVPN configurations to Tunnelblick VPN Configurations. This is primarily used to transition to newer versions of Tunnelblick. When you launch Tunnelblick and have private OpenVPN configurations, Tunnelblick will offer to convert them to Tunnelblick VPN Configurations. Two important points:
•The OpenVPN configurations must be "valid" -- that is, any key and certificate files that are referenced must exist; and
•Any OpenVPN configurations that are not converted are not available for use.

(You can also double-click an OpenVPN configuration and it will be installed as a Tunnelblick VPN Configuration.)

Quelle:https://code.google.com/p/tunnelblick/wiki/cConfigT

Ich nutze selbst keinen mac, deshalb kenne ich das Problem nicht wirklich, aber vielleicht hilfts ja

Gruß
jensebub

skapi · Beitrag von **skapi** » Mi 19. Nov 2014, 11:39

Hi!

Danke für deine Mühe!
Das hab ich auch schon gelesen, die Config wird aber anstandslos in Tunnelblick übernommen.
Lieder hab ich Nüsse Anhang von OpvenVPN da ich bis Dato immer via PPTP gearbeitet hab....

Die Frage für mich ist jetzt, wo beginn ich mit der Fehlersuche? Der Server scheint ja richtig Konfiguriert zu sein?!

Beitrag von **jensebub** » Mi 19. Nov 2014, 12:28

hm,... ich würde einfach mal gucken, ob z.B. dein Smartphone mit der openvpn-app und deinen configs funktioniert...

Vielleicht nochmal die Pfadangaben kontrollieren?!

Gruß
jensebub

skapi · Beitrag von **skapi** » Mi 19. Nov 2014, 12:39

Unter Additional Config habt ich nichts drinnen stehen am Router. Ich hab die Zertifikate nur im GUI eingetragen und gespeichert.

Das mit dem Smartphone werd ich dann mal Probieren - Guter Tipp!!

Beitrag von **jensebub** » Mi 19. Nov 2014, 16:57

Vielleicht auch mal hier geschaut,... oder hier?

Wie gesagt, die Konstelation habe ich so nicht im Gebrauch,... und kann somit wenig dazu sagen...

skapi · Beitrag von **skapi** » Mi 19. Nov 2014, 19:48

hab ich mir auch alles angesehen...

hab mich ein bisschen mit den Zertifikaten gespielt... jetzt sieht der log wieder etwas anders aus...

Router log

Spoiler

Show

Serverlog 19700101 00:42:23 I OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 25 2013
19700101 00:42:23 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14
19700101 00:42:23 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:42:23 Diffie-Hellman initialized with 1024 bit key
19700101 00:42:23 Socket Buffers: R=[114688->131072] S=[114688->131072]
19700101 00:42:23 I TUN/TAP device tun2 opened
19700101 00:42:23 TUN/TAP TX queue length set to 100
19700101 00:42:23 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
19700101 00:42:23 I /sbin/ifconfig tun2 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255
19700101 00:42:23 I UDPv4 link local (bound): [undef]
19700101 00:42:23 I UDPv4 link remote: [undef]
19700101 00:42:23 MULTI: multi_init called r=256 v=256
19700101 00:42:23 IFCONFIG POOL: base=10.8.0.2 size=252 ipv6=0
19700101 00:42:23 I Initialization Sequence Completed
19700101 00:42:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:29 D MANAGEMENT: CMD 'state'
19700101 00:42:29 MANAGEMENT: Client disconnected
19700101 00:42:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:29 D MANAGEMENT: CMD 'state'
19700101 00:42:29 MANAGEMENT: Client disconnected
19700101 00:42:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:29 D MANAGEMENT: CMD 'state'
19700101 00:42:29 MANAGEMENT: Client disconnected
19700101 00:42:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:29 D MANAGEMENT: CMD 'status 2'
19700101 00:42:29 MANAGEMENT: Client disconnected
19700101 00:42:29 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:29 D MANAGEMENT: CMD 'log 500'
19700101 00:42:29 MANAGEMENT: Client disconnected
19700101 00:42:44 192.168.1.114:63789 TLS: Initial packet from [AF_INET]192.168.1.114:63789 sid=0793dd1e c0ff0c4c
19700101 00:42:44 N 192.168.1.114:63789 VERIFY ERROR: depth=1 error=certificate is not yet valid: C=US ST=CA L=SanFrancisco O=OpenVPN OU=changeme CN=ca name=changeme emailAddress=mail@host.domain
19700101 00:42:44 N 192.168.1.114:63789 TLS_ERROR: BIO read tls_read_plaintext error: error:140890B2:lib(20):func(137):reason(178)
19700101 00:42:44 N 192.168.1.114:63789 TLS Error: TLS object -> incoming plaintext read error
19700101 00:42:44 192.168.1.114:63789 NOTE: --mute triggered...
19700101 00:42:44 192.168.1.114:63789 1 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:42:44 192.168.1.114:63789 SIGUSR1[soft tls-error] received client-instance restarting
19700101 00:42:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:53 D MANAGEMENT: CMD 'state'
19700101 00:42:53 MANAGEMENT: Client disconnected
19700101 00:42:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:53 D MANAGEMENT: CMD 'state'
19700101 00:42:53 MANAGEMENT: Client disconnected
19700101 00:42:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:53 D MANAGEMENT: CMD 'state'
19700101 00:42:53 MANAGEMENT: Client disconnected
19700101 00:42:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:53 D MANAGEMENT: CMD 'status 2'
19700101 00:42:53 MANAGEMENT: Client disconnected
19700101 00:42:53 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14
19700101 00:42:53 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00
Clientlog

Help

Tunnelblick log

Spoiler

Show

2014-11-19 19:39:45 *Tunnelblick: OS X 10.10.0; Tunnelblick 3.4.1 (build 4054)
2014-11-19 19:39:45 *Tunnelblick: Attempting connection with client; Set nameserver = 5; not monitoring connection
2014-11-19 19:39:45 *Tunnelblick: openvpnstart start client.tblk 1337 5 0 3 1 16688 -ptADGNWradsgnw 2.3.4
2014-11-19 19:39:45 OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Oct 15 2014
2014-11-19 19:39:45 library versions: OpenSSL 1.0.1j 15 Oct 2014, LZO 2.08
2014-11-19 19:39:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1337
2014-11-19 19:39:45 Need hold release from management interface, waiting...
2014-11-19 19:39:45 *Tunnelblick: openvpnstart log:
Tunnelblick:
OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

/Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.4/openvpn
--daemon
--log
/Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-Sclient.tblk-SContents-SResources-Sconfig.ovpn.5_0_3_1_16688.1337.openvpn.log
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--config
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources/config.ovpn
--cd
/Library/Application Support/Tunnelblick/Shared/client.tblk/Contents/Resources
--management
127.0.0.1
1337
--management-query-passwords
--management-hold
--script-security
2
--up
/Applications/Tunnelblick.app/Contents/Resources/client.1.up.tunnelblick.sh -w -d -f -ptADGNWradsgnw
--down
/Applications/Tunnelblick.app/Contents/Resources/client.1.down.tunnelblick.sh -w -d -f -ptADGNWradsgnw

2014-11-19 19:39:45 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1337
2014-11-19 19:39:45 *Tunnelblick: openvpnstart starting OpenVPN
2014-11-19 19:39:45 *Tunnelblick: Established communication with OpenVPN
2014-11-19 19:39:45 MANAGEMENT: CMD 'pid'
2014-11-19 19:39:45 MANAGEMENT: CMD 'state on'
2014-11-19 19:39:45 MANAGEMENT: CMD 'state'
2014-11-19 19:39:45 MANAGEMENT: CMD 'bytecount 1'
2014-11-19 19:39:45 MANAGEMENT: CMD 'hold release'
2014-11-19 19:39:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2014-11-19 19:39:45 Socket Buffers: R=[196724->65536] S=[9216->65536]
2014-11-19 19:39:45 UDPv4 link local: [undef]
2014-11-19 19:39:45 UDPv4 link remote: [AF_INET]192.168.1.1:1194
2014-11-19 19:39:45 MANAGEMENT: >STATE:1416422385,WAIT,,,
2014-11-19 19:39:45 MANAGEMENT: >STATE:1416422385,AUTH,,,
2014-11-19 19:39:45 TLS: Initial packet from [AF_INET]192.168.1.1:1194, sid=70909836 7c2dbb6f
2014-11-19 19:39:46 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=ca, name=changeme, emailAddress=mail@host.domain
2014-11-19 19:39:46 VERIFY OK: nsCertType=SERVER
2014-11-19 19:39:46 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=dd, name=changeme, emailAddress=mail@host.domain
2014-11-19 19:39:59 *Tunnelblick: Disconnecting; notification window disconnect button pressed
2014-11-19 19:39:59 *Tunnelblick: Disconnecting using 'kill'
2014-11-19 19:39:59 event_wait : Interrupted system call (code=4)
2014-11-19 19:39:59 SIGTERM[hard,] received, process exiting
2014-11-19 19:39:59 MANAGEMENT: >STATE:1416422399,EXITING,SIGTERM,,
2014-11-19 19:40:00 *Tunnelblick: No 'post-disconnect.sh' script to execute
2014-11-19 19:40:00 *Tunnelblick: Expected disconnection occurred.

Im Routerlog steht dass das Zertifikat nicht gültig ist. Verstehe nur nicht warum

Am Smartphone mit openvpn ist auch keine Verbindung mögl.

//EDIT:
Sooo.....

ich bekomme immer den selben log und Tunnelblick bleibt beim Autorisieren hängen

Hat vl. noch jemend einen lösungsansatz für mich??

Beitrag von **jensebub** » So 23. Nov 2014, 19:38

*solved*
http://www.digital-eliteboard.com/showt ... ?p=2445466

skapi · Beitrag von **skapi** » Mi 3. Dez 2014, 12:09

Ich hab jetzt doch noch ein kleines Problem...

Ich hab den OpenVPN Server am Router als TUN eingerichtet.
Wenn ich jetzt den gesamten Traffic über den Tunnel leiten möchte, muss ich bei "Redirect default Gateway" auf "Enable"gehen, soweit richtig oder?

Unter "Additional Config" hab ich folgende Einstellungen in den verschiedensten Variationen versucht, leider komm ich dann nicht ins internet

Spoiler

Show

#verb 5
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway 192.168.1.1"
#push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 192.168.1.1"
#keepalive 10 20

Was ist hier der Fehler? Bei den Firewall Einstellungen usw. habe ich keine Einstellungen gemacht...

IPC

GELÖST OpenVPN am Router

GELÖST OpenVPN am Router

Re: OpenVPN am Router

Re: OpenVPN am Router

Re: OpenVPN am Router

Re: OpenVPN am Router

Re: OpenVPN am Router

Re: OpenVPN am Router

Re: OpenVPN am Router

Re: GELÖST OpenVPN am Router

Wer ist online?