"Cannot load certificate file" Trouble with Astaro SSL VPN
656 views
Skip to first unread message
bhall
Aug 9, 2008, 6:56:00 PM8/9/08
to tunnelblick-discuss
I am trying to get Tunnelblick working on my Astaro SSL VPN and I'm
not able to connect. I can connect to the VPN without any problems on
my Windows clients. Astaro doesn't provide an OpenVPN client install
for Mac OS X, so I am having to copy the following configuration files
to ~/Library/openvpn/config in order for it to start:
us...@mysite.com.ovpn
mysite.com.ca.crt
mysite.com.user.crt
mysite.com.user.key
However, even though I have these files copied to the config folder,
it shows the following error:
Sat 08/09/08 05:24 PM: IMPORTANT: OpenVPN's default port number is now
1194
Sat 08/09/08 05:24 PM: Cannot load certificate file
my.cert.name.user.crt: error:02001002:system library:fopen:No such
file or directory: error:20074002:BIO routines:FILE_CTRL:system lib:
error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
It's as though I'm missing some critical step. I don't know enough
about OpenVPN to figure out what's really happening here, but it's
having trouble loading the certificate, apparently. Is there anything
I need to do to preinstall the certificates or something? I'm running
Mac OS X 10.5.4.
Any suggestions would be greatly appreciated.
not able to connect. I can connect to the VPN without any problems on
my Windows clients. Astaro doesn't provide an OpenVPN client install
for Mac OS X, so I am having to copy the following configuration files
to ~/Library/openvpn/config in order for it to start:
us...@mysite.com.ovpn
mysite.com.ca.crt
mysite.com.user.crt
mysite.com.user.key
However, even though I have these files copied to the config folder,
it shows the following error:
Sat 08/09/08 05:24 PM: IMPORTANT: OpenVPN's default port number is now
1194
Sat 08/09/08 05:24 PM: Cannot load certificate file
my.cert.name.user.crt: error:02001002:system library:fopen:No such
file or directory: error:20074002:BIO routines:FILE_CTRL:system lib:
error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
It's as though I'm missing some critical step. I don't know enough
about OpenVPN to figure out what's really happening here, but it's
having trouble loading the certificate, apparently. Is there anything
I need to do to preinstall the certificates or something? I'm running
Mac OS X 10.5.4.
Any suggestions would be greatly appreciated.
bhall
Aug 9, 2008, 7:11:25 PM8/9/08
to tunnelblick-discuss
If I copy the four files to ~/Library/openvpn, instead of ~/Library/
openvpn/config, it logs in and apparently establishes a connection;
however, I'm not able to get out to any sites.
I'm concerned by the following lines that appear:
Options error: Unrecognized option or missing parameter(s) in [PUSH-
OPTIONS]:4: topology (2.0.9)
NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if
failure
Any suggestions would be greatly appreciated.
openvpn/config, it logs in and apparently establishes a connection;
however, I'm not able to get out to any sites.
I'm concerned by the following lines that appear:
Options error: Unrecognized option or missing parameter(s) in [PUSH-
OPTIONS]:4: topology (2.0.9)
NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if
failure
Any suggestions would be greatly appreciated.
On Aug 9, 5:56 pm, bhall <bhall...@gmail.com> wrote:
> I am trying to get Tunnelblick working on my Astaro SSL VPN and I'm
> not able to connect. I can connect to the VPN without any problems on
> my Windows clients. Astaro doesn't provide an OpenVPN client install
> for Mac OS X, so I am having to copy the following configuration files
> to ~/Library/openvpn/config in order for it to start:
>
> u...@mysite.com.ovpn
> I am trying to get Tunnelblick working on my Astaro SSL VPN and I'm
> not able to connect. I can connect to the VPN without any problems on
> my Windows clients. Astaro doesn't provide an OpenVPN client install
> for Mac OS X, so I am having to copy the following configuration files
> to ~/Library/openvpn/config in order for it to start:
>
Roy McMorran
Aug 11, 2008, 12:22:22 PM8/11/08
to tunnelbli...@googlegroups.com
bhall wrote:
> I'm concerned by the following lines that appear:
>
> Options error: Unrecognized option or missing parameter(s) in [PUSH-
> OPTIONS]:4: topology (2.0.9)
>
I believe that you will see this when you're using the 2.0.9 client > I'm concerned by the following lines that appear:
>
> Options error: Unrecognized option or missing parameter(s) in [PUSH-
> OPTIONS]:4: topology (2.0.9)
>
(which is what is bundled with Tunnelblick) with an OpenVPN 2.1 server.
There may be a way to make it work, but in my case I just downgraded the
server (from 2.1 rc7) to 2.0.9.
--
Roy McMorran
Systems Administrator
MDI Biological Laboratory
mcmo...@mdibl.org
Brian Hall
Aug 11, 2008, 12:41:38 PM8/11/08
to tunnelbli...@googlegroups.com
Thank you very much for the reply.
Hhmm...Interesting. Since I'm using Astaro Security Gateway, the OpenVPN
portion is all just pre-bundled, I'm not even sure how to check for the
version number, much less how to downgrade. I wonder if I could upgrade the
OpenVPN client on my Mac to 2.1 to get it to work.
The strange thing is that it will establish the encrypted tunnel and connect
successfully, but it just won't allow me to get to any Internet sites
(Google, ping, etc.). But, when I use my Windows client, it works fine, so
I know it is unlikely to be an issue with the server.
Reply all
Reply to author
Forward
0 new messages