Topic: Openvpn in client mode

The content of this topic has been archived on 23 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

mopo

18 May 2008, 12:51

Hi All,
I'm trying to use openvpn on openwrt as a client. My configuration works fine on my gentoo box and I can get the openwrt box to act as an openvpn server but when I try to start openvpn with the client configuration i get the following (verbose is set to 9)

Sat Jan 1 00:11:59 2000 us=262611 OpenVPN 2.0.9 mipsel-linux [SSL] [LZO] [EPOLL] built on Sep 30 2007
Sat Jan 1 00:11:59 2000 us=266091 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Jan 1 00:11:59 2000 us=268079 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Enter Private Key Password:
Sat Jan 1 00:12:00 2000 us=823062 Error parsing PKCS#12 file k5.p12: error:06074079:lib(6):func(116):reason(121): error:23077073:lib(35):func(119):reason(115): error:2306A075:lib(35):func(106):reason(117): error:23076072:lib(35):func(118):reason(114): error:06074079:lib(6):func(116):reason(121): error:23077073:lib(35):func(119):reason(115): error:2306A075:lib(35):func(106):reason(117): error:23076072:lib(35):func(118):reason(114)
Sat Jan 1 00:12:00 2000 us=825590 Error: private key password verification failed
Sat Jan 1 00:12:00 2000 us=827275 Exiting

config is

remote <host>
dev tun
verb 9
nobind
client
pkcs12 k5.p12

Post #2

mopo

2 Jun 2008, 05:59

Well I think i found my problem, my key is using RC-2 crypto and openvpn ssl lib doesn't come with RC-2,

http://lists.openwrt.org/pipermail/open … 03939.html

I'm guessing the following line from https://dev.openwrt.org/browser/trunk/p … l/Makefile does it
68 OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc2 no-rc5 no-sha0 no-smime \

Has anyone made a open ssl lib package with rc-2 in it?
What the easiest way to make a openssl package with rc-2?

Thanks Guys

Post #3

vasquez

4 Jun 2008, 12:58

Why would you want to protect your key on the machine? Systems running openwrt tend to run always-on, always-connected and pretty much stationary. Once the key is loaded, the root user (and on openwrt, you're usually root) you can read the key from /proc/<pid>/mem.

If you really wanna do it with an encrypted key: You can unpack the pkcs12, use cert, ca, key directives and use des encryption on the key.
openssl rsa -in key.pem -des3 -out newkey.pem

The discussion might have continued from here.

Page 1 of 1