 ¡m¤À¨É¡nMAC¤W¦p¦ó³]©wSSL VPN |       |
MAC¤W¦p¦ó³]©wSSL VPN¡H
¸g¬d OPENVPN ©xºô«áµo²{¡AOPENVPN¦bMAC¤W³Ì¨Î³nÅ鬰Tunnelblick¡C
©Ò¥H½Ð¨ì Tunnelblick ¤U¸üDMG¦w¸ËÀÉ¡C
¤U¸ü«áDMGÀÉ«á¡AÂIÀ»¸ÓÀɶi¦æ¦w¸Ë¡C
¦w¸Ë®É¡A½Ð«ö¹Ï¥Ü¨â¤U¡A¦P·N¶i¦æ¦w¸Ë¡C
µM«á«ö¤U¡§¥´¶}¡¨¥H½T»{¦w¸Ë¡C
Y¦]¦w¥þ©Ê°ÝÃD¡A¾ÉPµLªk¦w¸Ë¡A
½Ð¦w¥þ©Ê»PÁô¨p³]©w¶±¤¤¡A¤¹³\±q¥ô¦ó¨Ó·½¶i¦æÀ³¥Îµ{¦¡ªº¦w¸Ë¡C
¦w¸Ë§¹¦¨¡A½Ð«ö¤U¡§ÀˬdÅܤơ¨«ö¶s¡C
§¹¦¨«á¦^¨ìTunnelblick¥D¶±¡A
¥i¥H¨ìXGªºUser Portal¨Ó¤U¸üSSLVPNªº³]©wÀɤF¡C
¶}±ÒÂsÄý¾¹¡A³s¤Juser portal«á,¡A½Ð¤U¸ü²Ä4Ó³]©wÀÉ¡C
OVPN³]©wÀɤU¸ü«á¡A¥i¥Hª½±µÂIÀ»¦¹³]©wÀÉ©I¥sTunnelblick APP¡C
©Î¬O¦bTunnelblick¥\¯à¶±¤¤¡A©ì¦²¦¹³]©wÀɨì³]©wÀɺ޲z¶±¤¤¡A
µM«á«ö¤U³s±µ¡A¶i¦æSSLVPNªº¼·±µ¡C
³]©wÀɦb«Ø¥ß®É¡A½Ð¨Ì»Ý¨D¿ï¾Ü¨Ï¥Î¹ï¶H¡C
³s±µ®É¡A½Ð¿é¤JSSLVPNªº±b¸¹±K½X¡C
±b¸¹±K½X°È¥²»PUser Portal¤@¼Ë¥¿½T¿é¤J¡C
±b±K¥¿½Tªº¸Ü¡A·|¶i¦æ¥æ¯A¡B·¾³q»P¤À°tIP¡C
¦¨¥\³s½u«á¡A·|Åã¥Üºñ¦â¤w³s½u¦r¦ê³qª¾¨Ï¥ÎªÌ¡C
MAC¤W³]©wSSL VPN¨ì¦¹¶¶§Q§¹¦¨¡ã
*****2017/10/16§ó·s*****
MAC§ó·s¨ì10.13 high sierraª©¥»«á¡AtunnelblickµLªk³s½u¡I¡H
User¤Ï¬M¡A¦bMAC§ó·s¨ì10.13 high sierraª©¥»«á¡AtunnelblickµLªk³s½u¡A
¿ù»~°T®§¦p¤U¡C
2017-10-05 16:48:29 Socket Buffers: R=[131072->131072] S=[131072->131072]
2017-10-05 16:48:29 Attempting to establish TCP connection with [AF_INET]2XX.XX.XX.XX:8443 [nonblock]
2017-10-05 16:48:29 MANAGEMENT: >STATE:1507193309,TCP_CONNECT,,,
2017-10-05 16:48:30 TCP connection established with [AF_INET]2XX.XX.XX.XX:8443
2017-10-05 16:48:30 TCPv4_CLIENT link local: [undef]
2017-10-05 16:48:30 TCPv4_CLIENT link remote: [AF_INET]2XX.XX.XX.XX:8443
2017-10-05 16:48:30 MANAGEMENT: >STATE:1507193310,WAIT,,,
2017-10-05 16:48:30 MANAGEMENT: >STATE:1507193310,AUTH,,,
2017-10-05 16:48:30 TLS: Initial packet from [AF_INET]2XX.XX.XX.XX:8443, sid=963f2931 a91478c5
2017-10-05 16:48:30 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-10-05 16:48:30 VERIFY OK: depth=1, C=TW, ST=NA, L=NA, O=SOPHOS, OU=OU, CN=Sophos_CA_S2201765C73F887, emailAddress=XXX.YY@demo.com
2017-10-05 16:48:30 VERIFY ERROR: depth=0, error=format error in certificate's notBefore field: C=TW, ST=NA, L=NA, O=DEMO, OU=OU, CN=SophosApplianceCertificate_S2201765C73F887, emailAddress=XXX.YY@demo.com
2017-10-05 16:48:30 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
2017-10-05 16:48:30 TLS_ERROR: BIO read tls_read_plaintext error
2017-10-05 16:48:30 TLS Error: TLS object -> incoming plaintext read error
2017-10-05 16:48:30 TLS Error: TLS handshake failed
2017-10-05 16:48:30 Fatal TLS error (check_tls_errors_co), restarting
2017-10-05 16:48:30 SIGUSR1[soft,tls-error] received, process restarting
¬d¸ß Tunnelblick and macOS High Sierra (10.13) «á¡Aµo²{ª¬ªp»P²Ä¤GÂI§k¦X¡C
#2 Tunnelblick is unable to connect and the log in the VPN Details¡K window mentions problems with a certificate.
According to this post, you need to set the configuration to use a version of OpenVPN with OpenSSL, not a version with LibreSSL.
You can choose which version of OpenVPN/SSL on the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window.
By default, Tunnelblick uses a version of OpenVPN with OpenSSL.
Tip: If you select multiple configurations in the list on the left side using the Shift or Command keys,
then when you change a setting the change will be applied to all of the selected configurations.
¨Ì·Ó¤Wz»¡©ú¡A½Ð¨Ï¥ÎªÌ½Õ¾ã²ÕºA³]©w¡A±q¹w³]ªº LibreSSL §ï¿ï¥Î OpenSSL «á¡A
tunnelblickªº¼·±µ³s½u´N«ì´_¥¿±`¡A¥i¥H¶¶§Q³s½u¤F¡ã
¥Ñ shunze ¦b 2017-10-16, 11:59 ³Ì«áקï.
♥¶¶¤l¦Ñ±Cªººô©ç¡A½Ð¦hÃö·Ó¡ã
If you don't like something, change it.
If you can't change it, change your attitude.
Don't complain!
|
2016-09-22, 15:02
¡m¤À¨É¡nRemote Access SSL VPN³]©w
¡m¤À¨É¡nSSL VPN¦æ°Ê¸Ë¸m¤Wªºbug
¡m¤À¨É¡niPhone³]©wSSL VPN
¡m¤À¨É¡nSSLVPN¯à§_§ïport¡H
