smeserver-openvpn-bridge_beta5 is available. Have a look at http://sme.firewall-services.com/spip.php?rubrique3
That's all fine and good.. problem is, the upgrade broke my VPN. I was using Beta4, but when I attempt to connect using an existing client (after updating the configuration changes) this is what I get:
Fri Dec 01 16:08:16 2006 us=923573 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Dec 01 16:08:16 2006 us=923611 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 01 16:08:16 2006 us=923623 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 01 16:08:16 2006 us=923662 LZO compression initialized
Fri Dec 01 16:08:16 2006 us=923712 Control Channel MTU parms [ L:1594 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Dec 01 16:08:16 2006 us=924482 Data Channel MTU parms [ L:1594 D:1450 EF:62 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Dec 01 16:08:16 2006 us=924510 Fragmentation MTU parms [ L:1594 D:1400 EF:61 EB:135 ET:33 EL:0 AF:3/1 ]
Fri Dec 01 16:08:16 2006 us=924545 Local Options String: 'V4,dev-type tap,link-mtu 1594,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Dec 01 16:08:16 2006 us=924555 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1594,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Dec 01 16:08:16 2006 us=924580 Local Options hash (VER=V4): '29f2fd82'
Fri Dec 01 16:08:16 2006 us=924596 Expected Remote Options hash (VER=V4): 'b35f3855'
Fri Dec 01 16:08:16 2006 us=924631 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Dec 01 16:08:16 2006 us=924647 UDPv4 link local: [undef]
Fri Dec 01 16:08:16 2006 us=924657 UDPv4 link remote: 209.89.132.81:1194
Fri Dec 01 16:08:16 2006 us=966217 TLS: Initial packet from 209.89.132.81:1194, sid=b416c8e3 bdcf3e5a
Fri Dec 01 16:08:17 2006 us=319696 VERIFY OK: depth=1, /C=CA/ST=France/L=Edmonton/O=Electronic_Connections/OU=VPN/CN=server.ecl.ca/emailAddress=andrewr@ecl.ca
Fri Dec 01 16:08:17 2006 us=320916 VERIFY nsCertType ERROR: /C=CA/ST=France/O=Electronic_Connections/OU=VPN/CN=server.ecl.ca/emailAddress=andrewr@ecl.ca, require nsCertType=SERVER
Fri Dec 01 16:08:17 2006 us=321123 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Dec 01 16:08:17 2006 us=321135 TLS Error: TLS object -> incoming plaintext read error
Fri Dec 01 16:08:17 2006 us=321143 TLS Error: TLS handshake failed
Fri Dec 01 16:08:17 2006 us=321507 TCP/UDP: Closing socket
Fri Dec 01 16:08:17 2006 us=321744 SIGUSR1[soft,tls-error] received, process restarting
Fri Dec 01 16:08:17 2006 us=322020 Restart pause, 2 second(s)
For now, I am restoring back to v4... (thank god I did a backup). I would like to use the new features in beta5, namely the increased authentication.. but not at the expense of stability.
Ideas?