[Berlin-wireless] bbbvpn with the new ffuplink

Perry isprotejesvalkata at gmail.com
Mo Okt 23 23:39:25 CEST 2017 

Hey Sven,

As this is not a 4MB router, then the issue is not exactly the same.  I
would not have known from the title that these problems are related.
Thanks for the info.

I created a new issue:
https://github.com/freifunk-berlin/firmware/issues/489

Perry

On 23.10.2017 21:38, Sven Roederer wrote:
> Perry,
> 
> as you can see in the provided log, OpenVPN is complaining on a "unacceptable key (eg bad curve, RSA too short)".
> I assune you are using a "tunnel-berlin"-flavor image, which is using MBedTLS.
> If this is correct, please check https://github.com/freifunk-berlin/firmware/issues/428#issuecomment-284228111
> 
> Sven
> 
> Am 23.10.2017 um 16:45 schrieb Perry:
>> Hey Sven,
>>
>> The HOWTO for the bbb-vpn does not seem to work with the Hedy releases.
>> I first changed the protocol to udp4, but that didn't fix everything.
>> I'm still having errors.
>>
>> Do you know what needs to be changed to get the bbb-vpn to work with Hedy?
>>
>> P
>>
> 
> Mon Oct 23 16:41:30 2017 daemon.warn openvpn(bbbvpn)[3324]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
> Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: TCP/UDP: Preserving recently used remote address: [AF_INET]77.87.48.7:1194
> Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: UDPv4 link local: (not bound)
> Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: UDPv4 link remote: [AF_INET]77.87.48.7:1194
> Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: VERIFY ERROR: depth=0, subject=C=DE, ST=East Germany, L=Berlin, O=Freifunk, OU=Individual Network Berlin e.V., CN=bbb-vpn,
> emailAddress=sven-ola at gmx.de: The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
> Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: TLS_ERROR: read tls_read_plaintext error: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
> Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: TLS Error: TLS object -> incoming plaintext read error
> Mon Oct 23 16:41:30 2017 daemon.err openvpn(bbbvpn)[3324]: TLS Error: TLS handshake failed
> Mon Oct 23 16:41:30 2017 daemon.notice openvpn(bbbvpn)[3324]: SIGUSR1[soft,tls-error] received, process restarting
>

Mehr Informationen über die Mailingliste Berlin