OpenVPN experts out there?

Discussion in 'OT Technology' started by Astro, Sep 22, 2008.

  1. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    I think I have missed something in getting openvpn working. Before I start posting conf files and logs, I'm running into the following error upon a connection (which, of itself, is some significant progress!):

    Client attempts to connect to the openvpn server, the server logs:

    21:15:13 2008 us=631560 192.168.2.11:2882 VERIFY ERROR: depth=1, error=certificate is not yet valid: [cert info]

    I was seeing this earlier when the openvpn server would start up. I pointed the vpn server to use ntp. That solved the startup problem. Is this still a date/time issue?

    I've been searching around google and really haven't found anything to advance my progress.

    This is DD-WRT v24 sp1 on a Linksys wrtsl54gs. Certs were created on an Ubuntu box. The connection is being tested locally which isn't ideal, although my hope is to get the keys sorted out before going external.

    Any thoughts?
     
  2. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    Doh! DD-WRT & OpenVPN require ntp to be enabled, timezone set to UTC and savings time set to none. This sort of fixed my problem. Now I have another error to deal with...
     
  3. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    I've run into datetime problems fucking OpenVPN before. What is the other problem?
     
  4. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    It was a combination of issues. I suck at OpenVPN (what a pain in the ass).

    I was following too many different configs and how-tos out there and was mixing and matching the client and server configs. If all else fails, brute force it. I found I a couple options here and there that either needed to be disabled, tweaked, or added (the biggy was switching from "dev tun" to "dev tap", or something like that). An hour or so after getting ntp going on the router, I ran into the same exact problem and had to set XP to ntp as well.

    I was only able to test locally. I did get a new IP under Windows and Linux, the certs seem good, and no errors upon connecting (both on the client and server).

    Monday, I hope to try outside the network, although I have a bad feeling the network I will be on will have the ports locked down (college campus, public wifi). I was hoping to run the vpn server on 443 (ssl) but the router was rather cranky about that. Worse-comes-to-worse, I will set up a port forwarder for 443 and see how that goes.
     
  5. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    OpenVPN is a PITA the first time you set it up. After that its a breeze. I would post my server/client configs but... that computer is with Apple.
     
  6. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    I appreciate the support. I would agree, it looks like once you get over the learning curve, setting up another one shouldn't be too bad.

    That sucks you're without a machine...
     
  7. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Tried to find you an example config... can't find it. it was on internets I swear.
     
  8. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
  9. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    Ah, no luck at the campus. I'm going to compare my configs with the entry from slashdot. I'm also thinking it could be a firewall issue. I'm still able to establish a connection internally. Wish I had access to a 2nd network at this location. Again, thanks for the help!
     

Share This Page