[SOLVED][certificate error]I don't understand my setup

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
francoisp31
Posts: 3
Joined: Tue Sep 26, 2017 8:13 am

[SOLVED][certificate error]I don't understand my setup

Post by francoisp31 » Tue Sep 26, 2017 8:31 am

Hello

I'm trying to make a vpn connection to my company and I failed to.

They given me a .vpn file containing the "setup to import"

So I started the VPN service as :
frs@tempo:/opt/vpnclient$ sudo ./vpnclient start
[sudo] password for frs:
The SoftEther VPN Client service has been started.
frs@tempo:/opt/vpnclient$
This is successfull of course

then I ran into vpncmd like that to check my setup :
VPN Client>VersionGet
VersionGet command - Get Version Information of VPN Client Service
Item |Value
-------------------+--------------------------------------------
Product Name |SoftEther VPN Client
Version Information|Version 4.20 Build 9608 (English)
Build Information |Compiled 2016/04/17 21:59:35 by yagi at pc30
Process ID |0
OS Type |Linux
The command completed successfully.

VPN Client>Check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool

Copyright (c) SoftEther VPN Project.
All Rights Reserved.

If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...

Checking 'Kernel System'...
Pass
Checking 'Memory Operation System'...
Pass
Checking 'ANSI / Unicode string processing system'...
Pass
Checking 'File system'...
Pass
Checking 'Thread processing system'...
Pass
Checking 'Network system'...
Pass

All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.

The command completed successfully.

VPN Client>

so here again all is OK.

I imported the file given to me (by the company)
step successfull

I check my nic was OK :
VPN Client>NicList
NicList command - Get List of Virtual Network Adapters
Item |Value
----------------------------+-----------------------------------
Virtual Network Adapter Name|VPN
Status |Enabled
MAC Address |00ACD139209A
Version |Version 4.20 Build 9608 (English)
The command completed successfully.

VPN Client>


I add password & login informations with passwordset & usernameset commands

then I check the whole connection :
VPN Client>AccountList
AccountList command - Get List of VPN Connection Settings
Item |Value
----------------------------+-------------------------------------------
VPN Connection Setting Name |XXXXXXXXXXXXXXX
Status |Connected
VPN Server Hostname |XX.XX.XX.XX:443 (Direct TCP/IP Connection)
Virtual Hub |XXXXXXXXXXXX
Virtual Network Adapter Name|VPN


VPN Client>

Then I check connection status after running connect command

VPN Client>AccountStatusGet
AccountStatusGet command - Get Current VPN Connection Setting Status
Name of VPN Connection Setting: VPN Squad

Item |Value
------------------------------------------+------------------------------------------
VPN Connection Setting Name |XXXXXXXXXXXXXXXX
Session Status |Connection Completed (Session Established)
VLAN ID |-
Server Name |XX.XX.XX.XX
Port Number |TCP Port 443
Server Product Name |SoftEther VPN Server (64 bit)
Server Version |4.20
Server Build |Build 9608
Connection Started at |2017-09-25 (Mon) 17:59:14
First Session has been Established since |2017-09-25 (Mon) 17:59:15
Current Session has been Established since|2017-09-25 (Mon) 17:59:15
Number of Established Sessions |1 Times
Half Duplex TCP Connection Mode |No (Full Duplex Mode)
VoIP / QoS Function |Enabled
Number of TCP Connections |2
Maximum Number of TCP Connections |2
Encryption |Enabled (Algorithm: DHE-RSA-AES256-SHA)
Use of Compression |No (No Compression)
Physical Underlay Protocol |Standard TCP/IP (IPv4)
UDP Acceleration is Supported |Yes
UDP Acceleration is Active |No
Session Name |SID-FPUSSAULT-1644
Connection Name |CID-1xXXXX
Session Key (160 bit) |XXXXXXXXXXXXXXXXXXXXXx
Bridge / Router Mode |No
Monitoring Mode |No
Outgoing Data Size |276,130 bytes
Incoming Data Size |1,217,775 bytes
Outgoing Unicast Packets |0 packets
Outgoing Unicast Total Size |0 bytes
Outgoing Broadcast Packets |21 packets
Outgoing Broadcast Total Size |2,030 bytes
Incoming Unicast Packets |16 packets
Incoming Unicast Total Size |1,288 bytes
Incoming Broadcast Packets |5,414 packets
Incoming Broadcast Total Size |893,953 bytes
The command completed successfully.

VPN Client>

But no connection is really established

This is confirmed by the log file containning that error messages :

2017-09-26 10:26:08.533 VPN Connection Setting "XXXXXXX": Connection operation starting (this is now 269 times).
2017-09-26 10:26:08.910 VPN Connection Setting "XXXXXXX": The connection has been either disconnected or it failed. Cause: User authentication failed. (code 9)
2017-09-26 10:26:23.902 VPN Connection Setting "XXXXXXXX": Connection operation starting (this is now 270 times).

& so on...



What do I mess ? or forgot to do ? or doing bad ?

There is no cohérent documentation for linux users ... so I am lost ....

Of course I already tried to reset ALL & restart from softether installation .


Help would be appréciated ..

Thanks
Regards.
Last edited by francoisp31 on Tue Sep 26, 2017 2:13 pm, edited 1 time in total.

francoisp31
Posts: 3
Joined: Tue Sep 26, 2017 8:13 am

Re: I don't understand my setup

Post by francoisp31 » Tue Sep 26, 2017 8:34 am

oh I've forgotten :
the file they gave to me is :

declare root
{
bool CheckServerCert false
uint64 CreateDateTime 0
uint64 LastConnectDateTime 0
bool StartupAccount true
uint64 UpdateDateTime 0

declare ClientAuth
{
uint AuthType 2
byte EncryptedPassword $
string Username $
}
declare ClientOption
{
string AccountName XXXXXXXXXX
uint AdditionalConnectionInterval 1
uint ConnectionDisconnectSpan 0
string DeviceName VPN
bool DisableQoS false
bool HalfConnection false
bool HideNicInfoWindow false
bool HideStatusWindow false
string Hostname XX.XX.XX.XX
string HubName XXXXXXXXXXXXXXXXXX
uint MaxConnection 1
bool NoRoutingTracking false
bool NoTls1 false
bool NoUdpAcceleration false
uint NumRetry 4294967295
uint Port 443
uint PortUDP 0
string ProxyName $
byte ProxyPassword $
uint ProxyPort 0
uint ProxyType 0
string ProxyUsername $
bool RequireBridgeRoutingMode false
bool RequireMonitorMode false
uint RetryInterval 15
bool UseCompress false
bool UseEncrypt true
}
}

of course with real informations instead of XXXX
but this is just looking good!? no?

francoisp31
Posts: 3
Joined: Tue Sep 26, 2017 8:13 am

Re: I don't understand my setup

Post by francoisp31 » Tue Sep 26, 2017 2:12 pm

Hello again,

My company had forgotten to give me the good certificate, (the CA one) ...

Thanks

Now it's ok of course after injection of the certificate with
VPN Client>CertAdd
CertAdd command - Add Trusted CA Certificate
Name of X.509 Certificate File to Register: CA-srv-VPN.crt

The command completed successfully.

VPN Client>

Post Reply