Re: OpenVPN plugin

[Jon Escombe <lists dresco co uk>]

----- "Giovanni Lovato" <giovanni lovato aldu net> wrote:
> Jon Escombe wrote:
> > ----- "Giovanni Lovato" <giovanni lovato aldu net> wrote:
> >> While `openvpn --config client.conf' starts up VPN connection
> >> properly,
> >> NM won't:
> >>
> >> OpenVPN 2.0.9 i486-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Mar 2
> >> 2007
> >> LZO compression initialized
> >> UDPv4 link local: [undef]
> >> UDPv4 link remote: xx.xx.xx.xx:1194
> >> TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL
> >> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >> TLS Error: TLS object -> incoming plaintext read error
> >> TLS Error: TLS handshake failed
> >> SIGUSR1[soft,tls-error] received, process restarting
> >>
> >> I'm using the same certificates both in NM and client.conf!
> >>
> >> G.L.
> >> -- 
> >> www.aldu.net/~heruan
> >> giovanni lovato aldu net
> > 
> > 
> > Could any other options be different between the configurations?
> It's working for me on Fedora7 with X.509 certificates and TLS
> authentication...
> 
> I don't know which default options NM passes to openvpn.
> My client.conf:
> 
> client
> dev tun
> proto udp
> remote vpn.xxxxx.net
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca /etc/ssl/certs/ca-cert.pem
> cert /etc/ssl/certs/client-cert.pem
> key /etc/ssl/private/client-key.pem
> comp-lzo
> verb 5
> 
> My NM options:
> Required:
>  Gateway Address: vpn.xxxxx.net
>  Gateway Port: 1194
>  Connection Type: X.509 Certificates
>  CA file: /etc/ssl/certs/ca-cert.pem
>  Certificate: /etc/ssl/certs/client-cert.pem
>  Key: /etc/ssl/private/client-key.pem
> Optional:
>  [v] Use LZO compression
> 
> See quoted text at top for the syslog output errors...
> 
> Thanks,
> G.L.

That looks right to me.. However, I just found this in the archives - sounds like it could be your problem?
http://mail.gnome.org/archives/networkmanager-list/2006-April/msg00132.html

Regards,
Jon.