Goedemorgen,
inmiddels al meerdere topics hier ingeschoten in verband met VPN.
Mijn situatie: op mijn werk verbinding maken met mijn NAS thuis.
- L2TP krijg ik niet aan de gang. Zie mijn vorige topic. Bekend probleem met Win10.
- PPTP werkt perfect, maar niet super veilig
Nu is mijn idee om OpenVPN in te stellen. Echter loop ik tegen problemen aan. Wat heb ik?
- SSL certificaat van Comodo
- OpenVPN ingeschakeld op de NAS met juiste rechten aan de gebruikers
- Export gedaan van alle gegevens
- OpenVPN geinstalleerd en als admin geopend op client pc
- config file aangepast (ik denk dat hier wat mis gaat)
- File geplaatst in de config folder
De client maakt wel verbinding, dit kan ik zien in de NAS, maar de OpenVPN icoontjes worden niet groen maar blijven geel. Dit krijg ik te zien in de log:
Fri Jan 13 11:34:14 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Fri Jan 13 11:34:14 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Jan 13 11:34:14 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Fri Jan 13 11:34:16 2017 WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
Fri Jan 13 11:34:16 2017 TCP/UDP: Preserving recently used remote address: [AF_INET](hier staat mijn wan ip):1194
Fri Jan 13 11:34:16 2017 UDP link local (bound): [AF_INET][undef]:1194
Fri Jan 13 11:34:16 2017 UDP link remote: [AF_INET](hier staat mijn wan ip):1194
Fri Jan 13 11:34:16 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 13 11:34:16 2017 VERIFY ERROR: depth=2, error=unable to get issuer certificate: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Fri Jan 13 11:34:16 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Fri Jan 13 11:34:16 2017 TLS_ERROR: BIO read tls_read_plaintext error
Fri Jan 13 11:34:16 2017 TLS Error: TLS object -> incoming plaintext read error
Fri Jan 13 11:34:16 2017 TLS Error: TLS handshake failed
Fri Jan 13 11:34:16 2017 SIGUSR1[soft,tls-error] received, process restarting
Dit is mijn config file:
dev tun
tls-client
remote WAN IP VAN MIJ 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway def1
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
dhcp-option DNS 10.8.0.1
pull
# If you want to connect by Server's IPv6 address, you should use
# "proto udp6" in UDP mode or "proto tcp6-client" in TCP mode
proto udp
script-security 2
comp-lzo
reneg-sec 0
auth-user-pass
<ca>
-----BEGIN CERTIFICATE-----
Ik heb de certificaat info weggehaald.
-----END CERTIFICATE-----
</ca>
Doe ik wat verkeerd?