During a simple configuration for the client - server with TLS authentication, I configured a tunnel with addresses in the "ifconfig" line, ie 10.8.0.1 and 0.2 for each site (both configuration files below).
Note: Client and serwer both virtual machines are on the nat network.
SERVER
Code: Select all
mode server
tls-server
dev tun
ifconfig 10.8.0.2 10.8.0.1
port 1194
proto udp
keepalive 10 120
ca /etc/ssl/private/ovpn-server/ca.crt
cert /etc/ssl/private/ovpn-server/ovpn-server.crt
key /etc/ssl/private/ovpn-server/ovpn-server.key
dh /etc/ssl/private/ovpn-server/dh.pem
tls-crypt /etc/ssl/private/ovpn-server/ta.key 0
cipher AES-256-GCM
auth SHA512
Code: Select all
client
tls-client
remote 10.0.2.12
dev tun
ifconfig 10.8.0.1 10.8.0.2
proto udp
keepalive 10 120
ca /home/client1/Files4OVPN/ca.crt
cert /home/client1/Files4OVPN/C1_ovpn-server.crt
key /home/client1/Files4OVPN/C1_ovpn-server.key
tls-crypt /home/client1/Files4OVPN/ta.key 1
cipher AES-256-GCM
auth SHA512
remote-cert-tls server
In the logs from initialisation i get:
LOGS (after running config file on server site)
Code: Select all
openvpn --config server.conf 130 ⨯
2021-06-01 16:36:43 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 28 2021
2021-06-01 16:36:43 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-06-01 16:36:43 TUN/TAP device tun0 opened
2021-06-01 16:36:43 net_iface_mtu_set: mtu 1500 for tun0
2021-06-01 16:36:43 net_iface_up: set tun0 up
2021-06-01 16:36:43 net_addr_ptp_v4_add: 10.8.0.2 peer 10.8.0.1 dev tun0
2021-06-01 16:36:43 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-06-01 16:36:43 UDPv4 link local (bound): [AF_INET][undef]:1194
2021-06-01 16:36:43 UDPv4 link remote: [AF_UNSPEC]
2021-06-01 16:36:43 Initialization Sequence Completed
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_VER=2.5.1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_PLAT=linux
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_PROTO=6
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_NCP=2
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZ4=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZ4v2=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_LZO=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_COMP_STUB=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_COMP_STUBv2=1
2021-06-01 16:36:46 10.0.2.9:1194 peer info: IV_TCPNL=1
2021-06-01 16:36:46 10.0.2.9:1194 [C1_ovpn-server] Peer Connection Initiated with [AF_INET]10.0.2.9:1194
2021-06-01 16:36:46 C1_ovpn-server/10.0.2.9:1194 MULTI: no dynamic or static remote--ifconfig address is available for C1_ovpn-server/10.0.2.9:1194
Ipetables rules have been cleared.. I'm asking for help because I don't know what's wrong. Even the smallest hint or link to a fragment of the documentation may be beneficial.
/kedzidom
01101011011000010110110001101001011010010111001101101100011010010110011001100101