[Berlin-wireless] bbbvpn with the new ffuplink

Sven Roederer freifunk at it-solutions.geroedel.de
Mo Okt 23 21:38:48 CEST 2017


Perry,

as you can see in the provided log, OpenVPN is complaining on a "unacceptable key (eg bad curve, RSA too short)".
I assune you are using a "tunnel-berlin"-flavor image, which is using MBedTLS.
If this is correct, please check https://github.com/freifunk-berlin/firmware/issues/428#issuecomment-284228111

Sven

Am 23.10.2017 um 16:45 schrieb Perry:
> Hey Sven,
> 
> The HOWTO for the bbb-vpn does not seem to work with the Hedy releases.
> I first changed the protocol to udp4, but that didn't fix everything.
> I'm still having errors.
> 
> Do you know what needs to be changed to get the bbb-vpn to work with Hedy?
> 
> P
> 

Mon Oct 23 16:41:30 2017 daemon.warn openvpn(bbbvpn)[3324]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: TCP/UDP: Preserving recently used remote address: [AF_INET]77.87.48.7:1194
Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: UDPv4 link local: (not bound)
Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: UDPv4 link remote: [AF_INET]77.87.48.7:1194
Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: VERIFY ERROR: depth=0, subject=C=DE, ST=East Germany, L=Berlin, O=Freifunk, OU=Individual Network Berlin e.V., CN=bbb-vpn,
emailAddress=sven-ola at gmx.de: The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: TLS_ERROR: read tls_read_plaintext error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: TLS Error: TLS object -> incoming plaintext read error
Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: TLS Error: TLS handshake failed
Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: SIGUSR1[soft,tls-error] received, process restarting




Mehr Informationen über die Mailingliste Berlin