Client Config:
Code: Select all
client
dev tun
proto udp
remote Pub-ip-of-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert maksim.peterburgskiy.crt
key maksim.peterburgskiy.key
remote-cert-tls server
cipher AES-256-CBC
tls-auth ta.key 1
dhcp-option DNS 192.168.1.1
redirect-gateway def1
comp-lzo
verb 3
Server Config:
Code: Select all
local 192.168.1.2
port 1194
proto udp
dev tun
ca /mnt/keys/ca.crt
cert /mnt/keys/openvpn-server.crt #Server public key
key /mnt/keys/openvpn-server.key #Server private key
dh /mnt/keys/dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.0.0 255.255.255.0"
route 192.168.1.2 255.255.255.0 172.16.8.1
tls-auth ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
auth SHA256
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3
Code: Select all
[root@OpenVPN /mnt/keys]# sockstat -4 -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
nobody openvpn 8217 6 udp4 192.168.1.2:1194 *:*
root syslogd 4672 7 udp4 *:514 *:*
[root@OpenVPN /mnt/keys]# ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 4672 0.0 0.0 10472 1844 - SsJ 12:35 0:00.04 /usr/sbin/syslogd -s
root 4751 0.0 0.0 12564 1776 - IsJ 12:35 0:00.01 /usr/sbin/cron -s
nobody 8217 0.0 0.0 20408 4168 - SsJ 13:17 0:00.02 /usr/local/sbin/openvpn --cd /mnt/keys --daemon openvpn -config/mnt/keys/openvpn.conf--writepid /var/run/openvpn.pid
root 5587 0.0 0.0 13972 2812 0 SJ 12:36 0:00.07 bash
root 9778 0.0 0.0 21244 2100 0 R+J 13:43 0:00.00 ps aux
[root@OpenVPN /mnt/keys]# ipfw list
00100 nat 1 ip from 172.16.8.0/24 to any out via epair0b
00200 nat 1 ip from any to any in via epair0b
65535 allow ip from any to anyOpenVPN log:
Code: Select all
Sat Jan 06 12:17:33 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jan 06 12:17:33 2018 TLS Error: TLS handshake failed
Sat Jan 06 12:17:33 2018 SIGUSR1[soft,tls-error] received, process restarting
Sat Jan 06 12:17:33 2018 MANAGEMENT: >STATE:1515259053,RECONNECTING,tls-error,,,,,
Sat Jan 06 12:17:33 2018 Restart pause, 5 second(s)
Sat Jan 06 12:17:38 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]PUB_IP_OF_SERVER:1194
Sat Jan 06 12:17:38 2018 Socket Buffers: R=[65536->65536] S=[261360->261360]
Sat Jan 06 12:17:38 2018 UDP link local: (not bound)
Sat Jan 06 12:17:38 2018 UDP link remote: [AF_INET]PUB_IP_OF_SERVER:1194
Sat Jan 06 12:17:38 2018 MANAGEMENT: >STATE:1515259058,WAIT,,,,,,
Code: Select all
#!/bin/sh
EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 172.16.8.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}
TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0
Code: Select all
portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="OpenVPN"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/mnt/keys/openvpn.conf"
openvpn_dir="/mnt/keys"
cloned_interfaces="tun"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"