Server config
dev ovpns1
verb 1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-256-CBC
auth SHA256
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 145.128.167.204
tls-server
server *ip* 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
verify-client-cert none
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user TG9jYWwgRGF0YWJhc2U= false server1 1194
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'vpn' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 50
push "dhcp-option DOMAIN *mydomain*"
push "dhcp-option DNS *IP*"
push "redirect-gateway def1"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
comp-lzo adaptive
persist-remote-ip
float
topology subnet
Client config
dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote *ip* 1194 udp
setenv opt block-outside-dns
auth-user-pass
remote-cert-tls server
comp-lzo adaptive
route 192.168.90.0 255.255.255.0 192.168.91.254
route 192.168.99.0 255.255.255.0 192.168.91.254
<ca>
-----BEGIN CERTIFICATE-----
*certificate*
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
*static key*
</tls-auth>
Logs:
Code: Select all
May 10 00:00:01 raspberrypi rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="341" x-info="https://www.rsyslog.com"] rsyslogd was HUPed
May 10 00:00:02 raspberrypi rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="341" x-info="https://www.rsyslog.com"] rsyslogd was HUPed
May 10 00:00:02 raspberrypi systemd[1]: logrotate.service: Succeeded.
May 10 00:00:02 raspberrypi systemd[1]: Started Rotate log files.
May 10 00:00:03 raspberrypi systemd[1]: man-db.service: Succeeded.
May 10 00:00:03 raspberrypi systemd[1]: Started Daily man-db regeneration.
May 10 00:00:46 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:00:46 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:00:46 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:01:47 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:01:47 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:06:47 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:06:47 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:06:47 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:07:47 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:07:47 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:09:01 raspberrypi CRON[8824]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
May 10 00:09:03 raspberrypi systemd[1]: Starting Clean php session files...
May 10 00:09:04 raspberrypi systemd[1]: phpsessionclean.service: Succeeded.
May 10 00:09:04 raspberrypi systemd[1]: Started Clean php session files.
May 10 00:12:47 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:12:47 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:12:47 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:13:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:13:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:17:01 raspberrypi CRON[9237]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
May 10 00:18:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:18:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:18:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:19:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:19:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:24:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:24:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:24:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:25:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:25:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:30:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:30:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:30:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:31:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:31:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:36:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:36:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:36:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:37:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:37:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:39:01 raspberrypi CRON[10029]: (root) CMD ( [ -x /usr/lib/php/sessionclean ] && if [ ! -d /run/systemd/system ]; then /usr/lib/php/sessionclean; fi)
May 10 00:39:03 raspberrypi systemd[1]: Starting Clean php session files...
May 10 00:39:04 raspberrypi systemd[1]: phpsessionclean.service: Succeeded.
May 10 00:39:04 raspberrypi systemd[1]: Started Clean php session files.
May 10 00:39:48 raspberrypi rngd[326]: stats: bits received from HRNG source: 2400064
May 10 00:39:48 raspberrypi rngd[326]: stats: bits sent to kernel pool: 2342560
May 10 00:39:48 raspberrypi rngd[326]: stats: entropy added to kernel pool: 2342560
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2 successes: 120
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2 failures: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2(2001-10-10) Monobit: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2(2001-10-10) Poker: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2(2001-10-10) Runs: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2(2001-10-10) Long run: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS 140-2(2001-10-10) Continuous run: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: HRNG source speed: (min=177.578; avg=951.089; max=1219.712)Kibits/s
May 10 00:39:48 raspberrypi rngd[326]: stats: FIPS tests speed: (min=4.800; avg=7.707; max=16.233)Mibits/s
May 10 00:39:48 raspberrypi rngd[326]: stats: Lowest ready-buffers level: 2
May 10 00:39:48 raspberrypi rngd[326]: stats: Entropy starvations: 0
May 10 00:39:48 raspberrypi rngd[326]: stats: Time spent starving for entropy: (min=0; avg=0.000; max=0)us
May 10 00:42:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:42:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:42:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]
May 10 00:43:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:43:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:48:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:48:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:48:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET
May 10 00:49:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:49:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
May 10 00:54:48 raspberrypi ovpn-want[424]: TCP/UDP: Preserving recently used remote address: [AF_INET]
May 10 00:54:48 raspberrypi ovpn-want[424]: UDP link local (bound): [AF_INET][undef]:1194
May 10 00:54:48 raspberrypi ovpn-want[424]: UDP link remote: [AF_INET]145.128.167.204:1194
May 10 00:55:48 raspberrypi ovpn-want[424]: [UNDEF] Inactivity timeout (--ping-restart), restarting
May 10 00:55:48 raspberrypi ovpn-want[424]: SIGUSR1[soft,ping-restart] received, process restarting
Thanks for any help!