SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002223: 2.3RC1 - openvpn is not working - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002223Endian FirewallNetwork related (VPN, uplinks)public2009-09-28 21:292009-09-29 15:31
wharfratjoe 
peter-endian 
normalmajoralways
closedno change required 
2.3-rc1 
 
0002223: 2.3RC1 - openvpn is not working
I have used the following client side config since 2.1, however it is not working in 2.3RC1. I have used self signed certificate since 2.1.

Client Config

client
float
dev tap
proto udp
port 1194
remote x.x.x.x
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpnserver-hostcert.pem
auth-user-p
pull
comp-lzo


I am receiving the following errors:

Mon Sep 28 11:17:14 2009 OpenVPN 2.1_rc15 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Nov 19 2008
Mon Sep 28 11:17:23 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm [^] for more info.
Mon Sep 28 11:17:23 2009 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Sep 28 11:17:23 2009 LZO compression initialized
Mon Sep 28 11:17:23 2009 UDPv4 link local: [undef]
Mon Sep 28 11:17:23 2009 UDPv4 link remote: x.x.x.x:1194
Mon Sep 28 11:17:23 2009 WARNING: this configuration may cache pwords in memory -- use the auth-nocache option to prevent this
Mon Sep 28 11:17:24 2009 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: /C=IT/O=efw/CN=efw_CA
Mon Sep 28 11:17:24 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Mon Sep 28 11:17:24 2009 TLS Error: TLS object -> incoming plaintext read error
Mon Sep 28 11:17:24 2009 TLS Error: TLS handshake failed
Mon Sep 28 11:17:24 2009 SIGUSR1[soft,tls-error] received, process restarting
Mon Sep 28 11:17:26 2009 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm [^] for
I also posted this at:

http://efwsupport.com/index.php?topic=926.msg2040#msg2040 [^]

and

http://www.nabble.com/2.3-RC1---some-problems-i-have-ran-into-to25652055.html [^]
No tags attached.
Issue History
2009-09-28 21:29wharfratjoeNew Issue
2009-09-28 21:29wharfratjoeAssigned To => peter-endian
2009-09-29 15:31peter-endianNote Added: 0003042
2009-09-29 15:31peter-endianStatusnew => closed
2009-09-29 15:31peter-endianResolutionopen => no change required

Notes
(0003042)
peter-endian   
2009-09-29 15:31   
please close the ticket if you find out it's not a bug