Standing "Initialization Sequence Completed"

[teofa91]

I've tried for week to set a CentOS Linux server as a VPN server. But nothing to do.
I searched all the errors in the net, and followed different tutorials.
If anyone can help me, i'll be grateful.
I put "openvpn --config client.ovpn" in the shell. And it freezes in a sort of welcoming message. "Initialization Sequence Completed". It's a virtual machine.

Code: Select all

[root@localhost ~]# openvpn --config /etc/openvpn/client.ovpn
Sun Oct 15 14:48:03 2017 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Sun Oct 15 14:48:03 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Sun Oct 15 14:48:03 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sun Oct 15 14:48:03 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.2.15:1194
Sun Oct 15 14:48:03 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Oct 15 14:48:03 2017 UDP link local: (not bound)
Sun Oct 15 14:48:03 2017 UDP link remote: [AF_INET]10.0.2.15:1194
Sun Oct 15 14:48:03 2017 TLS: Initial packet from [AF_INET]10.0.2.15:1194, sid=1c50de7c 85e3445f
Sun Oct 15 14:48:03 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sun Oct 15 14:48:03 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sun Oct 15 14:48:03 2017 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
Sun Oct 15 14:48:03 2017 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Sun Oct 15 14:48:03 2017 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Sun Oct 15 14:48:03 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sun Oct 15 14:48:03 2017 [server] Peer Connection Initiated with [AF_INET]10.0.2.15:1194
Sun Oct 15 14:48:04 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sun Oct 15 14:48:04 2017 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route 10.0.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5,peer-id 0,cipher AES-256-GCM'
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: route options modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: peer-id set
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Sun Oct 15 14:48:04 2017 OPTIONS IMPORT: data channel crypto options modified
Sun Oct 15 14:48:04 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Oct 15 14:48:04 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 15 14:48:04 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Oct 15 14:48:04 2017 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:a1:9e:77
Sun Oct 15 14:48:04 2017 TUN/TAP device tun1 opened
Sun Oct 15 14:48:04 2017 TUN/TAP TX queue length set to 100
Sun Oct 15 14:48:04 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Oct 15 14:48:04 2017 /sbin/ip link set dev tun1 up mtu 1500
Sun Oct 15 14:48:04 2017 /sbin/ip addr add dev tun1 local 10.0.2.6 peer 10.0.2.5
Sun Oct 15 14:48:04 2017 /sbin/ip route add 10.0.2.15/32 dev enp0s3
Sun Oct 15 14:48:04 2017 /sbin/ip route add 0.0.0.0/1 via 10.0.2.5
Sun Oct 15 14:48:04 2017 /sbin/ip route add 128.0.0.0/1 via 10.0.2.5
Sun Oct 15 14:48:04 2017 /sbin/ip route add 10.0.2.1/32 via 10.0.2.5
Sun Oct 15 14:48:04 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 15 14:48:04 2017 Initialization Sequence Completed

my server log

Code: Select all

Sat Oct 14 20:41:06 2017 10.0.2.15:57945 TLS: Initial packet from [AF_INET]10.0.2.15:57945, sid=490e9260 576a1eff
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_VER=2.4.3
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_PLAT=linux
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_PROTO=2
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_NCP=2
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_LZ4=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_LZ4v2=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_LZO=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_COMP_STUB=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_COMP_STUBv2=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 peer info: IV_TCPNL=1
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1542'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher BF-CBC'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Oct 14 20:41:06 2017 10.0.2.15:57945 [client] Peer Connection Initiated with [AF_INET]10.0.2.15:57945
Sat Oct 14 20:41:06 2017 MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Sat Oct 14 20:41:06 2017 MULTI_sva: pool returned IPv4=10.0.2.6, IPv6=(Not enabled)
Sat Oct 14 20:41:06 2017 MULTI: Learn: 10.0.2.6 -> client/10.0.2.15:57945
Sat Oct 14 20:41:06 2017 MULTI: primary virtual IP for client/10.0.2.15:57945: 10.0.2.6
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 PUSH: Received control message: 'PUSH_REQUEST'
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 192.168.1.1,route 10.0.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Oct 14 20:41:07 2017 client/10.0.2.15:57945 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

my server configuration

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.0.2.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.1.1"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /etc/openvpn/openvpn.log
log-append /etc/openvpn/openvpn.log
verb 3
explicit-exit-notify 1

my client configuration

Code: Select all

client
dev tun
proto udp
remote 10.0.2.15 1194
redirect-gateway def1
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/client.crt
key /etc/openvpn/easy-rsa/keys/client.key

Internet interfaces and route

Code: Select all

[root@localhost ~]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
        inet6 fe80::cf1:2448:a677:fcda  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:a1:9e:77  txqueuelen 1000  (Ethernet)
        RX packets 51637  bytes 35672964 (34.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 27509  bytes 2138531 (2.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Code: Select all

[demo@localhost ~]$ route
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
default         gateway         0.0.0.0         UG    100    0        0 enp0s3
10.0.2.0        gateway         255.255.255.0   UG    0      0        0 tun0
10.0.2.0        0.0.0.0         255.255.255.0   U     100    0        0 enp0s3
gateway         0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

[TinCanTech]

I put "openvpn --config client.ovpn" in the shell. And it freezes in a sort of welcoming message. "Initialization Sequence Completed"

Which means openvpn is working correctly ..

followed different tutorials

How about this one:
HOWTO: For OpenVPN Community Edition

If anyone can help me, i'll be grateful.

You made a configuration error:

server 10.0.2.0 255.255.255.0

enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255

The VPN server must be on its own subnet not the same one as your LAN

Use this instead:

Code: Select all

server 10.8.0.0 255.255.255.0

[teofa91]

I got that

Code: Select all

[root@localhost openvpn]# openvpn --config /etc/openvpn/client.ovpn 
Sat Oct 14 16:54:08 2017 OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Sat Oct 14 16:54:08 2017 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Sat Oct 14 16:54:08 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Oct 14 16:54:08 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.2.15:1194
Sat Oct 14 16:54:08 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Oct 14 16:54:08 2017 UDP link local: (not bound)
Sat Oct 14 16:54:08 2017 UDP link remote: [AF_INET]10.0.2.15:1194
Sat Oct 14 16:54:08 2017 TLS: Initial packet from [AF_INET]10.0.2.15:1194, sid=01dc281b f8f278cf
Sat Oct 14 16:54:08 2017 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 16:54:08 2017 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 16:54:08 2017 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
Sat Oct 14 16:54:08 2017 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
Sat Oct 14 16:54:08 2017 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Sat Oct 14 16:54:08 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Oct 14 16:54:08 2017 [server] Peer Connection Initiated with [AF_INET]10.0.2.15:1194
Sat Oct 14 16:54:09 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Oct 14 16:54:09 2017 PUSH: Received control message: 'PUSH_REPLY,route 10.0.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5,peer-id 0,cipher AES-256-GCM'
Sat Oct 14 16:54:09 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sat Oct 14 16:54:09 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sat Oct 14 16:54:09 2017 OPTIONS IMPORT: route options modified
Sat Oct 14 16:54:09 2017 OPTIONS IMPORT: peer-id set
Sat Oct 14 16:54:09 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Oct 14 16:54:09 2017 OPTIONS IMPORT: data channel crypto options modified
Sat Oct 14 16:54:09 2017 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Oct 14 16:54:09 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Oct 14 16:54:09 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Oct 14 16:54:09 2017 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=enp0s3 HWADDR=08:00:27:a1:9e:77
Sat Oct 14 16:54:09 2017 TUN/TAP device tun2 opened
Sat Oct 14 16:54:09 2017 TUN/TAP TX queue length set to 100
Sat Oct 14 16:54:09 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Oct 14 16:54:09 2017 /sbin/ip link set dev tun2 up mtu 1500
Sat Oct 14 16:54:09 2017 /sbin/ip addr add dev tun2 local 10.0.2.6 peer 10.0.2.5
Sat Oct 14 16:54:09 2017 /sbin/ip route add 10.0.2.1/32 via 10.0.2.5
RTNETLINK answers: File exists
Sat Oct 14 16:54:09 2017 ERROR: Linux route add command failed: external program exited with error status: 2
Sat Oct 14 16:54:09 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Oct 14 16:54:09 2017 Initialization Sequence Completed

The error of route add, i resolve with

ip route del 10.0.2.1 via 10.0.2.5

But the log looks always the same

Code: Select all

Sat Oct 14 17:00:28 2017 client/10.0.2.15:54101 [client] Inactivity timeout (--ping-restart), restarting
Sat Oct 14 17:00:28 2017 client/10.0.2.15:54101 SIGUSR1[soft,ping-restart] received, client-instance restarting
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 TLS: Initial packet from [AF_INET]10.0.2.15:35757, sid=4bbee1d1 a76bd3fa
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=client, name=server, emailAddress=me@myhost.mydomain
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_VER=2.4.3
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_PLAT=linux
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_PROTO=2
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_NCP=2
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_LZ4=1
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_LZ4v2=1
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_LZO=1
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_COMP_STUB=1
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_COMP_STUBv2=1
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 peer info: IV_TCPNL=1
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Oct 14 17:00:36 2017 10.0.2.15:35757 [client] Peer Connection Initiated with [AF_INET]10.0.2.15:35757
Sat Oct 14 17:00:36 2017 client/10.0.2.15:35757 MULTI_sva: pool returned IPv4=10.0.2.6, IPv6=(Not enabled)
Sat Oct 14 17:00:36 2017 client/10.0.2.15:35757 MULTI: Learn: 10.0.2.6 -> client/10.0.2.15:35757
Sat Oct 14 17:00:36 2017 client/10.0.2.15:35757 MULTI: primary virtual IP for client/10.0.2.15:35757: 10.0.2.6
Sat Oct 14 17:00:37 2017 client/10.0.2.15:35757 PUSH: Received control message: 'PUSH_REQUEST'
Sat Oct 14 17:00:37 2017 client/10.0.2.15:35757 SENT CONTROL [client]: 'PUSH_REPLY,route 10.0.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.2.6 10.0.2.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Oct 14 17:00:37 2017 client/10.0.2.15:35757 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Oct 14 17:00:37 2017 client/10.0.2.15:35757 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Oct 14 17:00:37 2017 client/10.0.2.15:35757 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

i saw you tutorial, and i dont know if a push route would be very useful.

Thanks for your helping

[teofa91]

I've created the certificates one more time. I did what you said. But the error is the same. The log says the same thing.
Thanks for your helping. Any ideas of that?
PKCS11 certificate is not needed i think
i saw the tutorial, and push route can be a solution. But ive not results.

[TinCanTech]

The VPN server must be on its own subnet not the same one as your LAN

Use this instead:

Code: Select all

server 10.8.0.0 255.255.255.0

I did what you said. But the error is the same. The log says the same thing

That is not an error, openvpn is working and, from your previous logs, you have a client connected to your server .. perhaps you do not understand what openvpn is for ?

Maybe you want an online VPN provider ?

[teofa91]

I thought it was for providing a remote shell. But how to use a VPN. Im connected, yes and after? I've a entreprise, and we have to use our proper CentOS VPN server.
After i can use samba with openvpn and share files. Enter the ip adress and the port in navigator as proxy and navigate. Is for that made for that no?

[TinCanTech]

VPN means "Virtual Private Network" ..
That is an encrypted connection between one computer and another.

What you do with it is up to you !

What is OpenVPN ?
https://en.wikipedia.org/wiki/OpenVPN

[TinCanTech]

Looks like a post got delayed ..

You did not make the change :

Code: Select all

server 10.8.0.0 255.255.255.0

[teofa91]

Ok, now i understood. Is for hiding your identiti in internet. Al least, for make believe the other servers you're in other country. If i any one in USA connects my VPN, it will looks, like there is in France. Is useful.

Now, for finishing this hell job. I've to connect a windows client to CentOS VPN network.

Code: Select all

But openVPN GUI looks like that

Sun Oct 15 18:57:34 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 15 18:57:34 2017 TLS Error: TLS handshake failed
Sun Oct 15 18:57:34 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct 15 18:57:34 2017 MANAGEMENT: >STATE:1508086654,RECONNECTING,tls-error,,,,,
Sun Oct 15 18:57:34 2017 Restart pause, 80 second(s)
Sun Oct 15 18:58:54 2017 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Oct 15 18:58:54 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.0.2.15:1194
Sun Oct 15 18:58:54 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Oct 15 18:58:54 2017 UDP link local: (not bound)
Sun Oct 15 18:58:54 2017 UDP link remote: [AF_INET]10.0.2.15:1194
Sun Oct 15 18:58:54 2017 MANAGEMENT: >STATE:1508086734,WAIT,,,,,,
Sun Oct 15 18:59:55 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 15 18:59:55 2017 TLS Error: TLS handshake failed
Sun Oct 15 18:59:55 2017 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct 15 18:59:55 2017 MANAGEMENT: >STATE:1508086795,RECONNECTING,tls-error,,,,,
Sun Oct 15 18:59:55 2017 Restart pause, 160 second(s)

If you can help me, end that im not computer scientist, and its hard for me. Thanks.

[TinCanTech]

And what does your server log say ?

[teofa91]

Oh my god dont say me that im connected.
Theire is a TSL error with the rsa keys, i think.
I THINK

[TinCanTech]

Please see:
HOWTO: Request Help !

[teofa91]

Sorry im with that after 8 am, and i didnt understood your question

my server log nothing registers

i tried to put a public ip, but nothing

[teofa91]

i'll look the how to

[teofa91]

Code: Select all

client
dev tun
proto udp
remote public-ip-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3

All is fine, not?
I configured too my 1194 port in my router and windows firewall

[teofa91]

Today i take back the task of creating a VPN server, more calmly
I tried to change the port connexion. But it doenst work. I tried it, because is a NAT virtual machine. I readed about it.
But nothing to do, at linux works, but not at windows.
Do you can help me, Tincantech?

This is the log of windows, at linux server log nothing appears. Thanks for all.

Code: Select all

Tue Oct 17 15:15:36 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Oct 17 15:15:36 2017 TLS Error: TLS handshake failed
Tue Oct 17 15:15:36 2017 SIGUSR1[soft,tls-error] received, process restarting
Tue Oct 17 15:15:36 2017 MANAGEMENT: >STATE:1508246136,RECONNECTING,tls-error,,,,,
Tue Oct 17 15:15:36 2017 Restart pause, 10 second(s)
Tue Oct 17 15:15:46 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Oct 17 15:15:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.XX.XX:1194
Tue Oct 17 15:15:46 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Oct 17 15:15:46 2017 UDP link local: (not bound)
Tue Oct 17 15:15:46 2017 UDP link remote: [AF_INET]XX.XX.XX.XX:1194
Tue Oct 17 15:15:46 2017 MANAGEMENT: >STATE:1508246146,WAIT,,,,,,

[TinCanTech]

is a NAT virtual machine

What is .. please take your time to write a detailed thread and maybe we can help ..

Please see:
HOWTO: Request Help !

Start here and work through it carefully:
HOWTO: For OpenVPN Community Edition

[teofa91]

At the end, it was a connexion problem. When I tried to get VPN connexion with my IP public adress I've always got error. Then, i tested the ports. Is located at CentOS operating system where is OpenVPN server, in a bridget Virtualbx Virtual Machine.
I installed nmap to test UDP 1194 putting my IP public adress. And I get open/filtered. For the moment all is fine.
When I did connexion with the LAN or localhost IP, it works.

I've configured also at the router the UDP 1194 NAT port for my Desktop PC. And previously configurated for that a static IP adresse in DHCP settings. I did all that i can do. I put 192.168.1.48 adress in the router.

My conclussion is that i've to change the server IP adress, in my openvpn folder at server.conf file.

My public IP adress is the next
79.X.X.189

I did that you said TinCanTech, i put 10.8.0.0. But may i change that for some thing that seems a IP pulic adress?

Thank you.