Hi Didier, Thank you for the details. Please find the below information, attached CA certificates(client and server) and suggest me further. CA password is test.
Created the certificates as suggested https://rohc-lib.org/wiki/doku.php?id=iprohc-run#create_a_certification_authority_ca *iprohc_server --help* IP/ROHC server, version 0.7.1 Usage: iprohc_server [opts] Options: -c --conf Path to configuration file (default: /etc/iprohc_server.conf) -b --basedev Name of the underlying interface -d --debug Enable debuging -h --help Print this help message * iprohc_client --help* IP/ROHC client, version 0.7.1 Usage: iprohc_client --remote addr --dev itf_name [opts] Options : --remote : Address of the remote server --port : Port of the remote server --dev : Name of the TUN interface that will be created --basedev : Name of the underlying interface --debug : Enable debuging --up : Path to a shell script that will be executed when network is up --p12 : Path to the pkcs12 file containing server CA, client key and client crt --packing : Override packing *pkg-config --modversion rohc* Package rohc was not found in the pkg-config search path. Perhaps you should add the directory containing `rohc.pc' to the PKG_CONFIG_PATH environment variable No package 'rohc' found *ROHC version is rohc-1.7.0* *pkg-config --modversion gnutls* 3.3.8 *pkg-config --modversion gnutls* 3.3.8 Issue still persists as below. Oct 28 10:10:00 iprohc_server[2012]: listen on TCP 0.0.0.0:3126 Oct 28 10:10:00 iprohc_server[2012]: create TUN interface Oct 28 10:10:00 iprohc_server[2012]: MTU of underlying interface 'eth0' set to 1500 bytes Oct 28 10:10:00 iprohc_server[2012]: MTU of tunnel interface 'tun_ipip' set to 1458 bytes Oct 28 10:10:00 iprohc_server[2012]: start TUN routing thread Oct 28 10:10:00 iprohc_server[2012]: create RAW socket Oct 28 10:10:00 iprohc_server[2012]: start RAW routing thread Oct 28 10:10:00 iprohc_server[2012]: server is now ready to accept requests from clients Oct 28 10:10:00 iprohc_server[2012]: Initializing routing thread Oct 28 10:10:00 iprohc_server[2012]: Initializing routing thread Oct 28 10:14:06 iprohc_server[2012]: new connection from 162.243.143.112:59836 Oct 28 10:14:06 iprohc_server[2012]: TLS handshake succeeded Oct 28 10:14:06 iprohc_server[2012]: certificate cannot be verified (status 66) Oct 28 10:14:06 iprohc_server[2012]: - Unable to trust certificate issuer Oct 28 10:14:06 iprohc_server[2012]: new_client returned -3 Thanks, Kimo On Tue, Oct 27, 2015 at 11:58 AM, Didier Barvaux <[email protected]> wrote: > Hi Kimo, > > > > Can you suggest me further? One more difference is that I am testing > > in between public IP addresses. > > Public IP addresses should not be a problem for TLS negotiation. > > > > I followed same steps and displayed the content of pkcs#12. They > > contained two certificates and one encrypted private key. > > Good. > > > > Please provide more details about as you mentioned "If yes, then > > please ensure that you used the same CA for both client and server". > > The Certificate Authority (CA) is the entity that signs both client and > server certificates. The server allows all clients that sends a > certificate that is signed by the same CA as itself. > > The CA is created during the howto: > > https://rohc-lib.org/wiki/doku.php?id=iprohc-run#create_a_certification_authority_ca > > You should create only one CA, not two. That was the purpose of my > question. > > > > I have used same password for both server and client and did not use > > export passwords. Gave every value as same for both client and server > > except below > > That's fine. > > > What are the software versions you use? > * for IP/ROHC > $ iprohc_server --version > $ iprohc_client --version > * for ROHC library > $ pkg-config --modversion rohc > * for GnuTLS > $ pkg-config --modversion gnutls > $ pkg-config --modversion nettle > > If your CA and client/server certificates do not contain personal > information (eg. names/emails), please send them. It would help me > reproduce the problem. > > Regards, > Didier > > > > _______________________________________________ > Mailing list: https://launchpad.net/~rohc > Post to : [email protected] > Unsubscribe : https://launchpad.net/~rohc > More help : https://help.launchpad.net/ListHelp > >
client1.p12
Description: application/pkcs12
server_voip.p12
Description: application/pkcs12
_______________________________________________ Mailing list: https://launchpad.net/~rohc Post to : [email protected] Unsubscribe : https://launchpad.net/~rohc More help : https://help.launchpad.net/ListHelp
