Hi, Shang Wang wrote: > Dear all: > > I have some problem with OpenVPN connection. When I try to connect > from client to server, it shows following message: > > Thu Jun 6 14:40:50 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] > [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 > (2.2RC2)] built on Oct 8 2012 > Thu Jun 6 14:40:50 2013 WARNING: No server certificate verification > method has been enabled. See http://openvpn.net/howto.html#mitm for > more info. > Thu Jun 6 14:40:50 2013 NOTE: OpenVPN 2.1 requires '--script-security > 2' or higher to call user-defined scripts or executables > Thu Jun 6 14:40:50 2013 WARNING: file > '/opt/ovpn-arc-client-key/ovpn-arc-client-key.key' is group or others > accessible > Thu Jun 6 14:40:50 2013 LZO compression initialized > Thu Jun 6 14:40:50 2013 Control Channel MTU parms [ L:1539 D:138 > EF:38 EB:0 ET:0 EL:0 ] > Thu Jun 6 14:40:50 2013 Data Channel MTU parms [ L:1539 D:1450 EF:39 > EB:135 ET:0 EL:0 AF:3/1 ] > Thu Jun 6 14:40:50 2013 Local Options hash (VER=V4): '78d7b4a9' > Thu Jun 6 14:40:50 2013 Expected Remote Options hash (VER=V4): '7ffbec82' > Thu Jun 6 14:40:50 2013 NOTE: UID/GID downgrade will be delayed > because of --client, --pull, or --up-delay > Thu Jun 6 14:40:50 2013 UDPv4 link local: [undef] > Thu Jun 6 14:40:50 2013 UDPv4 link remote: > [AF_INET]184.73.184.129:1194 <http://184.73.184.129:1194> > Thu Jun 6 14:40:50 2013 VERIFY OK: depth=1, > /C=US/ST=NY/L=Brooklyn/O=NopSec/[email protected] > <mailto:[email protected]> > Thu Jun 6 14:40:50 2013 VERIFY OK: depth=0, > /C=US/ST=NY/L=Brooklyn/O=NopSec/OU=Office/CN=ovpn-arc-server-key/[email protected] > > <mailto:[email protected]> > Thu Jun 6 14:40:51 2013 Data Channel Encrypt: Cipher 'BF-OFB' > initialized with 128 bit key > Thu Jun 6 14:40:51 2013 Data Channel Encrypt: Using 160 bit message > hash 'SHA1' for HMAC authentication > Thu Jun 6 14:40:51 2013 Data Channel Decrypt: Cipher 'BF-OFB' > initialized with 128 bit key > Thu Jun 6 14:40:51 2013 Data Channel Decrypt: Using 160 bit message > hash 'SHA1' for HMAC authentication > Thu Jun 6 14:40:51 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 > DHE-RSA-AES256-SHA, 2048 bit RSA > Thu Jun 6 14:40:51 2013 [ovpn-arc-server-key] Peer Connection > Initiated with [AF_INET]184.73.184.129:1194 <http://184.73.184.129:1194> > Thu Jun 6 14:40:53 2013 TUN/TAP device tun0 opened > Thu Jun 6 14:40:53 2013 do_ifconfig, tt->ipv6=0, > tt->did_ifconfig_ipv6_setup=0 > Thu Jun 6 14:40:53 2013 /sbin/ifconfig tun0 10.200.2.6 pointopoint > 10.200.2.5 mtu 1500 > Thu Jun 6 14:40:53 2013 GID set to nogroup > Thu Jun 6 14:40:53 2013 UID set to nobody > Thu Jun 6 14:40:53 2013 Initialization Sequence Completed > > > Thu Jun 6 14:41:03 2013 Assertion failed at crypto.c:161 > Thu Jun 6 14:41:03 2013 Exiting > SIOCDELRT: Operation not permitted > Thu Jun 6 14:41:03 2013 ERROR: Linux route delete command failed: > external program exited with error status: 7 > Thu Jun 6 14:41:03 2013 Closing TUN/TAP interface > Thu Jun 6 14:41:03 2013 /sbin/ifconfig tun0 0.0.0.0 > SIOCSIFADDR: Permission denied > SIOCSIFFLAGS: Permission denied > Thu Jun 6 14:41:03 2013 Linux ip addr del failed: external program > exited with error status: 255 > > > In the server log says pretty much the same thing. I'm tried "BF-CFB" > and "BF-OFB" but non of them works. I have no access to the machine > now so I have no chance to try other encryption methods. I doubt about > this is because the error says: "Assertion failed at crypto.c:161". > Can anybody help me to see if there are other possibilities for this > problem? Thanks. >
cipher support in OpenVPN is fairly limited; mostly the CBC ciphers work, as well as AES128/AES256. Try using the default cipher (don't specify anything) or use cipher AES256 For more details , see https://community.openvpn.net/openvpn/ticket/89 HTH, JJK ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
