Hello list, I'm running on dapper drake using the package that was posted on the forums to allow openvpn support. I own a motorola WRT850G, and have been running openwrt on it for as long as I can remember. Recently I setup up openvpn on it per the CACert wiki http://wiki.cacert.org/wiki/OpenWRT Now I can connect fine using the config file that I have placed in /etc/ and manually launching the daemon. When I use NM however, it complains that I'm not doing any verification of server side keys. My log on my laptop has something along these lines: Apr 18 15:56:11 localhost nm-openvpn[27403]: OpenVPN 2.0.6 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 10 2006 Apr 18 15:56:11 localhost nm-openvpn[27403]: UDPv4 link local: [undef] Apr 18 15:56:11 localhost nm-openvpn[27403]: UDPv4 link remote: 192.168.7.200:1194 Apr 18 15:56:11 localhost NetworkManager: <information>^IVPN service 'org.freedesktop.NetworkManager.openvpn' signaled state change 6 -> 3. Apr 18 15:56:11 localhost NetworkManager: <information>^IVPN Activation (MotoMarioG VPN) Stage 3 of 4 (Connect) reply received. Apr 18 15:56:11 localhost NetworkManager: <information>^IVPN Activation (MotoMarioG VPN) Stage 4 of 4 (IP Config Get) timeout scheduled... Apr 18 15:56:11 localhost NetworkManager: <information>^IVPN Activation (MotoMarioG VPN) Stage 3 of 4 (Connect) complete, waiting for IP configuration... Apr 18 15:56:11 localhost nm-openvpn[27403]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 18 15:56:11 localhost nm-openvpn[27403]: TLS Error: TLS object -> incoming plaintext read error Apr 18 15:56:11 localhost nm-openvpn[27403]: TLS Error: TLS handshake failed Apr 18 15:56:11 localhost nm-openvpn[27403]: SIGUSR1[soft,tls-error] received, process restarting Apr 18 15:56:13 localhost nm-openvpn[27403]: Re-using SSL/TLS context Apr 18 15:56:13 localhost nm-openvpn[27403]: UDPv4 link local: [undef] Apr 18 15:56:13 localhost nm-openvpn[27403]: UDPv4 link remote: 192.168.7.200:1194 Apr 18 15:56:13 localhost nm-openvpn[27403]: TLS Error: Unroutable control packet received from 192.168.7.200:1194 (si=3 op=P_CONTROL_V1) Apr 18 15:56:13 localhost last message repeated 3 times Apr 18 15:56:14 localhost nm-openvpn[27403]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Apr 18 15:56:14 localhost nm-openvpn[27403]: TLS Error: TLS object -> incoming plaintext read error Apr 18 15:56:14 localhost nm-openvpn[27403]: TLS Error: TLS handshake failed Apr 18 15:56:14 localhost nm-openvpn[27403]: SIGUSR1[soft,tls-error] received, process restarting Apr 18 15:56:16 localhost nm-openvpn[27403]: Re-using SSL/TLS context Apr 18 15:56:16 localhost nm-openvpn[27403]: UDPv4 link local: [undef] Apr 18 15:56:16 localhost nm-openvpn[27403]: UDPv4 link remote: 192.168.7.200:1194 Apr 18 15:56:16 localhost nm-openvpn[27403]: TLS Error: Unroutable control packet received from 192.168.7.200:1194 (si=3 op=P_CONTROL_V1) Now i'm sure its because of the scheme of authentication used in that Howto, but I don't have nearly enough experience using openvpn to know what I need to setup to allow this to work correctly. Could someone look at the provided sample config files at the wiki and explain to me what about it isn't NM-openvpn friendly?
Attachment:
signature.asc
Description: This is a digitally signed message part