Re: Cannot load certificate file

2,851 views
Skip to first unread message

jkbull...gmail.com

unread,
Jun 17, 2012, 5:31:12 PM6/17/12
to tunnelbli...@googlegroups.com
The easiest thing to do is to set this up as a Tunnelblick VPN Configuration, which is pretty simple and resolves all path and permissions issues.

First, strip all the path info from the ca, cert, and key lines in the configuration file, so they look like this:

ca   ca.crt
cert macbook.crt
key macbook.key

I also recommend you remove the "verb 4" line from the configuration file because it generates a lot of unneeded logging. The default "verb 3" is almost always sufficient to diagnose connection problems.

Then follow the instructions for Creating and Installing a Tunnelblick VPN Configuration, using the modified configuration file.

On Sunday, June 17, 2012 4:33:57 PM UTC-4, scutzi128 wrote:
Hi I am having some issues getting my macbook running lion 10.7.4 and tunnelblink 3.2.6 to connect to my vpn server run on my tomato router. Using the openvpn gui software on winows results in no issues connecting so I am fairly sure my vpn server is correctly setup. I used windows 7 to generate my keys using this guide http://www.howtogeek.com/60774/connect-to-your-home-network-from-anywhere-with-openvpn-and-tomato/. The issue I am having is that when I try to connect I get an error saying that it cannot load the certificate file. I have defined the full location of the certificate files in my config file to no avail. I have tried everything I can think of and serched for several hours and I have not found anything useful. I would greatly appreciate if someone could maybe find where things are going wrong or at least point me in the right direction. Thank you.

Here is my config file:

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /Users/scutzi128/Desktop/newkeys/ca.crt
cert /Users/scutzi128/Desktop/newkeys/macbook.crt
key /Users/scutzi128/Desktop/newkeys/macbook.key
verb 4

And here is my log file from tunnelblink

2012-06-17 16:30:00 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.2.6 (build 2891.3007)
2012-06-17 16:30:00 *Tunnelblick: Attempting connection with macbook; Set nameserver = 1; monitoring connection
2012-06-17 16:30:00 *Tunnelblick: /Applications/Tunnelblick.app/Contents/Resources/openvpnstart start macbook.ovpn 1337 1 0 0 0 49 -atDASNGWrdasngw
2012-06-17 16:30:00 us=597050 Current Parameter Settings:
2012-06-17 16:30:00 us=597296   config = '/Users/scutzi128/Library/Application Support/Tunnelblick/Configurations/macbook.ovpn'
2012-06-17 16:30:00 us=597310   mode = 0
2012-06-17 16:30:00 us=597322   show_ciphers = DISABLED
2012-06-17 16:30:00 us=597333   show_digests = DISABLED
2012-06-17 16:30:00 us=597344   show_engines = DISABLED
2012-06-17 16:30:00 us=597355   genkey = DISABLED
2012-06-17 16:30:00 us=597369   key_pass_file = '[UNDEF]'
2012-06-17 16:30:00 us=597381   show_tls_ciphers = DISABLED
2012-06-17 16:30:00 us=597392 Connection profiles [default]:
2012-06-17 16:30:00 us=597404   proto = tcp-client
2012-06-17 16:30:00 us=597415   local = '[UNDEF]'
2012-06-17 16:30:00 us=597426   local_port = 0
2012-06-17 16:30:00 us=597437   remote = 'xxx.xxx.xxx.xxx'
2012-06-17 16:30:00 us=597449   remote_port = 1194
2012-06-17 16:30:00 us=597459   remote_float = DISABLED
2012-06-17 16:30:00 us=597470   bind_defined = DISABLED
2012-06-17 16:30:00 us=597482   bind_local = DISABLED
2012-06-17 16:30:00 us=597493   connect_retry_seconds = 5
2012-06-17 16:30:00 us=597505   connect_timeout = 10
2012-06-17 16:30:00 us=597516   connect_retry_max = 0
2012-06-17 16:30:00 us=597527   socks_proxy_server = '[UNDEF]'
2012-06-17 16:30:00 us=597538   socks_proxy_port = 0
2012-06-17 16:30:00 us=597550   socks_proxy_retry = DISABLED
2012-06-17 16:30:00 us=597561 Connection profiles END
2012-06-17 16:30:00 us=597572   remote_random = DISABLED
2012-06-17 16:30:00 us=597587   ipchange = '[UNDEF]'
2012-06-17 16:30:00 us=597599   dev = 'tun'
2012-06-17 16:30:00 us=597610   dev_type = '[UNDEF]'
2012-06-17 16:30:00 us=597621   dev_node = '[UNDEF]'
2012-06-17 16:30:00 us=597632   lladdr = '[UNDEF]'
2012-06-17 16:30:00 us=597643   topology = 1
2012-06-17 16:30:00 us=597654   tun_ipv6 = DISABLED
2012-06-17 16:30:00 us=597665   ifconfig_local = '[UNDEF]'
2012-06-17 16:30:00 us=597676   ifconfig_remote_netmask = '[UNDEF]'
2012-06-17 16:30:00 us=597687   ifconfig_noexec = DISABLED
2012-06-17 16:30:00 us=597698   ifconfig_nowarn = DISABLED
2012-06-17 16:30:00 us=597709   shaper = 0
2012-06-17 16:30:00 us=597720   tun_mtu = 1500
2012-06-17 16:30:00 us=597731   tun_mtu_defined = ENABLED
2012-06-17 16:30:00 us=597742   link_mtu = 1500
2012-06-17 16:30:00 us=597753   link_mtu_defined = DISABLED
2012-06-17 16:30:00 us=597764   tun_mtu_extra = 0
2012-06-17 16:30:00 us=597775   tun_mtu_extra_defined = DISABLED
2012-06-17 16:30:00 us=597786   fragment = 0
2012-06-17 16:30:00 us=597797   mtu_discover_type = -1
2012-06-17 16:30:00 us=597808   mtu_test = 0
2012-06-17 16:30:00 us=597819   mlock = DISABLED
2012-06-17 16:30:00 us=597830   keepalive_ping = 0
2012-06-17 16:30:00 us=597841   keepalive_timeout = 0
2012-06-17 16:30:00 us=597852   inactivity_timeout = 0
2012-06-17 16:30:00 us=597863   ping_send_timeout = 0
2012-06-17 16:30:00 us=597874   ping_rec_timeout = 0
2012-06-17 16:30:00 us=597885   ping_rec_timeout_action = 0
2012-06-17 16:30:00 us=597896   ping_timer_remote = DISABLED
2012-06-17 16:30:00 us=597907   remap_sigusr1 = 0
2012-06-17 16:30:00 us=597918   explicit_exit_notification = 0
2012-06-17 16:30:00 us=597929   persist_tun = ENABLED
2012-06-17 16:30:00 us=597940   persist_local_ip = DISABLED
2012-06-17 16:30:00 us=597951   persist_remote_ip = DISABLED
2012-06-17 16:30:00 us=597962   persist_key = ENABLED
2012-06-17 16:30:00 us=597973   mssfix = 1450
2012-06-17 16:30:00 us=597984   passtos = DISABLED
2012-06-17 16:30:00 us=597995   resolve_retry_seconds = 1000000000
2012-06-17 16:30:00 us=598006   username = '[UNDEF]'
2012-06-17 16:30:00 us=598017   groupname = '[UNDEF]'
2012-06-17 16:30:00 us=598028   chroot_dir = '[UNDEF]'
2012-06-17 16:30:00 us=598039   cd_dir = '/Users/scutzi128/Library/Application Support/Tunnelblick/Configurations'
2012-06-17 16:30:00 us=598062   writepid = '[UNDEF]'
2012-06-17 16:30:00 us=598074   up_script = '/Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw'
2012-06-17 16:30:00 us=598086   down_script = '/Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw'
2012-06-17 16:30:00 us=598097   down_pre = DISABLED
2012-06-17 16:30:00 us=598108   up_restart = ENABLED
2012-06-17 16:30:00 us=598119   up_delay = DISABLED
2012-06-17 16:30:00 us=598133   daemon = ENABLED
2012-06-17 16:30:00 us=598144   inetd = 0
2012-06-17 16:30:00 us=598155   log = ENABLED
2012-06-17 16:30:00 us=598166   suppress_timestamps = DISABLED
2012-06-17 16:30:00 us=598177   nice = 0
2012-06-17 16:30:00 us=598191   verbosity = 4
2012-06-17 16:30:00 us=598202   mute = 0
2012-06-17 16:30:00 us=598213   gremlin = 0
2012-06-17 16:30:00 us=598224   status_file = '[UNDEF]'
2012-06-17 16:30:00 us=598235   status_file_version = 1
2012-06-17 16:30:00 us=598246   status_file_update_freq = 60
2012-06-17 16:30:00 us=598257   occ = ENABLED
2012-06-17 16:30:00 us=598268   rcvbuf = 65536
2012-06-17 16:30:00 us=598279   sndbuf = 65536
2012-06-17 16:30:00 us=598290   sockflags = 0
2012-06-17 16:30:00 us=598301   fast_io = DISABLED
2012-06-17 16:30:00 us=598312   lzo = 0
2012-06-17 16:30:00 us=598323   route_script = '[UNDEF]'
2012-06-17 16:30:00 us=598334   route_default_gateway = '[UNDEF]'
2012-06-17 16:30:00 us=598345   route_default_metric = 0
2012-06-17 16:30:00 us=598356   route_noexec = DISABLED
2012-06-17 16:30:00 us=598367   route_delay = 0
2012-06-17 16:30:00 us=598378   route_delay_window = 30
2012-06-17 16:30:00 us=598389   route_delay_defined = DISABLED
2012-06-17 16:30:00 us=598400   route_nopull = DISABLED
2012-06-17 16:30:00 us=598411   route_gateway_via_dhcp = DISABLED
2012-06-17 16:30:00 us=598422   max_routes = 100
2012-06-17 16:30:00 us=598433   allow_pull_fqdn = DISABLED
2012-06-17 16:30:00 us=598445   management_addr = '127.0.0.1'
2012-06-17 16:30:00 us=598456   management_port = 1337
2012-06-17 16:30:00 us=598468   management_user_pass = '[UNDEF]'
2012-06-17 16:30:00 us=598480   management_log_history_cache = 250
2012-06-17 16:30:00 us=598491   management_echo_buffer_size = 100
2012-06-17 16:30:00 us=598503   management_write_peer_info_file = '[UNDEF]'
2012-06-17 16:30:00 us=598514   management_client_user = '[UNDEF]'
2012-06-17 16:30:00 us=598526   management_client_group = '[UNDEF]'
2012-06-17 16:30:00 us=598537   management_flags = 6
2012-06-17 16:30:00 us=598548   shared_secret_file = '[UNDEF]'
2012-06-17 16:30:00 us=598560   key_direction = 0
2012-06-17 16:30:00 us=598571   ciphername_defined = ENABLED
2012-06-17 16:30:00 us=598583   ciphername = 'BF-CBC'
2012-06-17 16:30:00 us=598594   authname_defined = ENABLED
2012-06-17 16:30:00 us=598605   authname = 'SHA1'
2012-06-17 16:30:00 us=598616   prng_hash = 'SHA1'
2012-06-17 16:30:00 us=598628   prng_nonce_secret_len = 16
2012-06-17 16:30:00 us=598639   keysize = 0
2012-06-17 16:30:00 us=598650   engine = DISABLED
2012-06-17 16:30:00 us=598662   replay = ENABLED
2012-06-17 16:30:00 us=598673   mute_replay_warnings = DISABLED
2012-06-17 16:30:00 us=598684   replay_window = 64
2012-06-17 16:30:00 us=598695   replay_time = 15
2012-06-17 16:30:00 us=598707   packet_id_file = '[UNDEF]'
2012-06-17 16:30:00 us=598718   use_iv = ENABLED
2012-06-17 16:30:00 us=598729   test_crypto = DISABLED
2012-06-17 16:30:00 us=598740   tls_server = DISABLED
2012-06-17 16:30:00 us=598755   tls_client = ENABLED
2012-06-17 16:30:00 us=598766   key_method = 2
2012-06-17 16:30:00 us=598778   ca_file = '/Users/scutzi128/Desktop/newkeys/ca.crt'
2012-06-17 16:30:00 us=598800   ca_path = '[UNDEF]'
2012-06-17 16:30:00 us=598812   dh_file = '[UNDEF]'
2012-06-17 16:30:00 us=598824   cert_file = '/Users/scutzi128/Desktop/newkeys/macbook.crt'
2012-06-17 16:30:00 us=598835   priv_key_file = '/Users/scutzi128/Desktop/newkeys/macbook.key'
2012-06-17 16:30:00 us=598847   pkcs12_file = '[UNDEF]'
2012-06-17 16:30:00 us=598858   cipher_list = '[UNDEF]'
2012-06-17 16:30:00 us=598869   tls_verify = '[UNDEF]'
2012-06-17 16:30:00 us=598881   tls_export_cert = '[UNDEF]'
2012-06-17 16:30:00 us=598892   tls_remote = '[UNDEF]'
2012-06-17 16:30:00 us=598903   crl_file = '[UNDEF]'
2012-06-17 16:30:00 us=598914   ns_cert_type = 0
2012-06-17 16:30:00 us=598925   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=598937   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=598948   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=598959   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=598970   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=598981   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=598992   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599003   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599015   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599026   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599037   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599048   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599059   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599070   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599081   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599093   remote_cert_ku[i] = 0
2012-06-17 16:30:00 us=599104   remote_cert_eku = '[UNDEF]'
2012-06-17 16:30:00 us=599115   tls_timeout = 2
2012-06-17 16:30:00 us=599126   renegotiate_bytes = 0
2012-06-17 16:30:00 us=599138   renegotiate_packets = 0
2012-06-17 16:30:00 us=599149   renegotiate_seconds = 3600
2012-06-17 16:30:00 us=599161   handshake_window = 60
2012-06-17 16:30:00 us=599172   transition_window = 3600
2012-06-17 16:30:00 us=599183   single_session = DISABLED
2012-06-17 16:30:00 us=599195   push_peer_info = DISABLED
2012-06-17 16:30:00 us=599206   tls_exit = DISABLED
2012-06-17 16:30:00 us=599217   tls_auth_file = '[UNDEF]'
2012-06-17 16:30:00 us=599229   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599241   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599252   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599264   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599275   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599287   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599298   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599310   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599321   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599333   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599344   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599356   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599367   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599379   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599390   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599402   pkcs11_protected_authentication = DISABLED
2012-06-17 16:30:00 us=599414   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599425   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599441   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599453   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599464   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599476   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599487   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599509   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599521   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599532   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599544   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599555   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599567   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599578   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599590   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599601   pkcs11_private_mode = 00000000
2012-06-17 16:30:00 us=599612   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599624   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599635   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599647   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599658   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599669   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599680   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599692   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599703   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599714   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599726   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599737   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599749   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599760   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599772   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599783   pkcs11_cert_private = DISABLED
2012-06-17 16:30:00 us=599795   pkcs11_pin_cache_period = -1
2012-06-17 16:30:00 us=599806   pkcs11_id = '[UNDEF]'
2012-06-17 16:30:00 us=599818   pkcs11_id_management = DISABLED
2012-06-17 16:30:00 us=599853   server_network = 0.0.0.0
2012-06-17 16:30:00 us=599867   server_netmask = 0.0.0.0
2012-06-17 16:30:00 us=599880   server_bridge_ip = 0.0.0.0
2012-06-17 16:30:00 us=599893   server_bridge_netmask = 0.0.0.0
2012-06-17 16:30:00 us=599906   server_bridge_pool_start = 0.0.0.0
2012-06-17 16:30:00 us=599918   server_bridge_pool_end = 0.0.0.0
2012-06-17 16:30:00 us=599930   ifconfig_pool_defined = DISABLED
2012-06-17 16:30:00 us=599943   ifconfig_pool_start = 0.0.0.0
2012-06-17 16:30:00 us=599960   ifconfig_pool_end = 0.0.0.0
2012-06-17 16:30:00 us=599973   ifconfig_pool_netmask = 0.0.0.0
2012-06-17 16:30:00 us=599984   ifconfig_pool_persist_filename = '[UNDEF]'
2012-06-17 16:30:00 us=599996   ifconfig_pool_persist_refresh_freq = 600
2012-06-17 16:30:00 us=600007   n_bcast_buf = 256
2012-06-17 16:30:00 us=600019   tcp_queue_limit = 64
2012-06-17 16:30:00 us=600030   real_hash_size = 256
2012-06-17 16:30:00 us=600041   virtual_hash_size = 256
2012-06-17 16:30:00 us=600053   client_connect_script = '[UNDEF]'
2012-06-17 16:30:00 us=600064   learn_address_script = '[UNDEF]'
2012-06-17 16:30:00 us=600076   client_disconnect_script = '[UNDEF]'
2012-06-17 16:30:00 us=600088   client_config_dir = '[UNDEF]'
2012-06-17 16:30:00 us=600099   ccd_exclusive = DISABLED
2012-06-17 16:30:00 us=600111   tmp_dir = '/var/folders/xn/q854xxtx4dd38k4h3zbypqhw0000gn/T/'
2012-06-17 16:30:00 us=600122   push_ifconfig_defined = DISABLED
2012-06-17 16:30:00 us=600135   push_ifconfig_local = 0.0.0.0
2012-06-17 16:30:00 us=600148   push_ifconfig_remote_netmask = 0.0.0.0
2012-06-17 16:30:00 us=600159   enable_c2c = DISABLED
2012-06-17 16:30:00 us=600171   duplicate_cn = DISABLED
2012-06-17 16:30:00 us=600182   cf_max = 0
2012-06-17 16:30:00 us=600193   cf_per = 0
2012-06-17 16:30:00 us=600204   max_clients = 1024
2012-06-17 16:30:00 us=600216   max_routes_per_client = 256
2012-06-17 16:30:00 us=600227   auth_user_pass_verify_script = '[UNDEF]'
2012-06-17 16:30:00 us=600238   auth_user_pass_verify_script_via_file = DISABLED
2012-06-17 16:30:00 us=600260   ssl_flags = 0
2012-06-17 16:30:00 us=600272   port_share_host = '[UNDEF]'
2012-06-17 16:30:00 us=600284   port_share_port = 0
2012-06-17 16:30:00 us=600295   client = ENABLED
2012-06-17 16:30:00 us=600306   pull = ENABLED
2012-06-17 16:30:00 us=600317   auth_user_pass_file = '[UNDEF]'
2012-06-17 16:30:00 us=600334 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012
2012-06-17 16:30:00 us=600461 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2012-06-17 16:30:00 us=601009 Need hold release from management interface, waiting...
2012-06-17 16:30:00 us=714489 MANAGEMENT: Client connected from 127.0.0.1:1337
2012-06-17 16:30:00 us=725162 MANAGEMENT: CMD 'pid'
2012-06-17 16:30:00 us=725425 MANAGEMENT: CMD 'state on'
2012-06-17 16:30:00 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Users/scutzi128/Library/Application Support/Tunnelblick/Configurations --daemon --management 127.0.0.1 1337 --config /Users/scutzi128/Library/Application Support/Tunnelblick/Configurations/macbook.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sscutzi128-SLibrary-SApplication Support-STunnelblick-SConfigurations-Smacbook.ovpn.1_0_0_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart
2012-06-17 16:30:00 *Tunnelblick: Established communication with OpenVPN
2012-06-17 16:30:00 *Tunnelblick: Flushed the DNS cache
2012-06-17 16:30:00 us=725571 MANAGEMENT: CMD 'state'
2012-06-17 16:30:00 us=725750 MANAGEMENT: CMD 'hold release'
2012-06-17 16:30:00 us=726108 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2012-06-17 16:30:00 us=726212 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2012-06-17 16:30:00 us=727015 Cannot load private key file /Users/scutzi128/Desktop/newkeys/macbook.key: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
2012-06-17 16:30:00 us=727222 MANAGEMENT: Client disconnected
2012-06-17 16:30:00 us=727322 Error: private key password verification failed
2012-06-17 16:30:00 us=727415 Exiting



Message has been deleted

scutzi128

unread,
Jun 17, 2012, 6:03:36 PM6/17/12
to tunnelbli...@googlegroups.com
Thank you for the reply. I made the changes you suggested but I am still receiving the same error.

Here is my config file now:


client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert macbook.crt
key macbook.key
verb 3

and the tunnelblink log:

2012-06-17 17:57:44 *Tunnelblick: OS X 10.7.4; Tunnelblick 3.2.6 (build 2891.3007)
2012-06-17 17:57:44 *Tunnelblick: Attempting connection with Macbook; Set nameserver = 1; monitoring connection
2012-06-17 17:57:44 *Tunnelblick: /Applications/Tunnelblick.app/
Contents/Resources/openvpnstart start Macbook.tblk 1337 1 0 3 0 49 -atDASNGWrdasngw
2012-06-17 17:57:44 OpenVPN 2.2.1 i386-apple-darwin10.7.1 [SSL] [LZO2] [PKCS11] [eurephia] built on May  2 2012
2012-06-17 17:57:44 MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
2012-06-17 17:57:44 Need hold release from management interface, waiting...
2012-06-17 17:57:44 MANAGEMENT: Client connected from 127.0.0.1:1337
2012-06-17 17:57:44 *Tunnelblick: openvpnstart: /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.2.1/openvpn --cd /Library/Application Support/Tunnelblick/Shared/Macbook.tblk/Contents/Resources --daemon --management 127.0.0.1 1337 --config /Library/Application Support/Tunnelblick/Shared/Macbook.tblk/Contents/Resources/config.ovpn --log /Library/Application Support/Tunnelblick/Logs/-SLibrary-SApplication Support-STunnelblick-SShared-SMacbook.tblk-SContents-SResources-Sconfig.ovpn.1_0_3_0_49.1337.openvpn.log --management-query-passwords --management-hold --script-security 2 --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -m -w -d -atDASNGWrdasngw --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -m -w -d -atDASNGWrdasngw --up-restart
2012-06-17 17:57:44 *Tunnelblick: Established communication with OpenVPN
2012-06-17 17:57:44 MANAGEMENT: CMD 'pid'
2012-06-17 17:57:44 MANAGEMENT: CMD 'state on'
2012-06-17 17:57:44 MANAGEMENT: CMD 'state'
2012-06-17 17:57:44 MANAGEMENT: CMD 'hold release'
2012-06-17 17:57:44 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2012-06-17 17:57:44 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2012-06-17 17:57:44 Cannot load private key file macbook.key: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
2012-06-17 17:57:44 MANAGEMENT: Client disconnected
2012-06-17 17:57:44 Error: private key password verification failed
2012-06-17 17:57:44 Exiting
2012-06-17 17:57:44 *Tunnelblick: Flushed the DNS cache

Jonathan K. Bullard

unread,
Jun 17, 2012, 6:10:42 PM6/17/12
to tunnelbli...@googlegroups.com
Then it may be your macbook.key file is not in a format that OpenVPN expects.

It should look like this
-----BEGIN RSA PRIVATE KEY-----
(a bunch of lines of what looks like nonsense)
-----END RSA PRIVATE KEY-----

Another possibility is that the file has CR-LF line terminators or other non-printing characters in it. There are some places that OpenVPN on OS X chokes on that -- I don't remember if this is one of them, but you can try changing the line  terminators to LF.


--
You received this message because you are subscribed to the Google Groups "tunnelblick-discuss" group.
To view this discussion on the web visit https://groups.google.com/d/msg/tunnelblick-discuss/-/I4yEi1YG3hcJ.

To post to this group, send email to tunnelbli...@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-dis...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/tunnelblick-discuss?hl=en.

scutzi128

unread,
Jun 18, 2012, 3:20:21 AM6/18/12
to tunnelbli...@googlegroups.com
Thank you very much for the suggestion. That was the issue. I created a new text document and copied each line over and everything then ran fine. Its all up and running now thanks to your help.

To post to this group, send email to tunnelblick-discuss@googlegroups.com.
To unsubscribe from this group, send email to tunnelblick-discuss+unsub...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages