Unknown problem with openvpn

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
QFireball
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 29, 2020 9:02 am

Unknown problem with openvpn

Post by QFireball » Wed Jul 29, 2020 9:07 am

Hello to all,

I've spend 4-5 days for adjusting OpenVPN as a server on CentOS 7 and don't understand why it doesn't work.
I tried about 20 manuals and how-to and got different errors one by one.

I have choosen this how-to, actually it is in Russian but you can see the sequence of the commands:
https://www.dmosk.ru/miniinstruktions.p ... n-easyrsa3

What did I do?
I tried different manuals and how-to, starting from official, but it didn't consist all the information and differs to my version of the openssl and openvpn (strange, as I figure out official how-to is obsolete and that commands didn't work in my case).

Today, I get temprorary working server and one client, and tried to generate another one key, but easy-rsa said that pass for CA certificate is bad and I coudn't generate new one (tried to find solution several hours) and decided to generate all the keys and certificates anew, but I left configurations of the server and client untouched.

But, now after generating new keys and certificates client (Windows 10, OpenVPN, I tried usual user and admin->the same) can't to connect to the server, it just hangs on

Code: Select all

 MANAGEMENT: >STATE:1595972333,TCP_CONNECT
and then

Code: Select all

TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
I have checked that TCP packets can go to the server from client, on the server I try use tcpdump during connecting:

OS version:

Code: Select all

#cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)
OpenVPN version:

Code: Select all

#openvpn --version
OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020
library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Output of connecting on client (Windows 10):

Code: Select all

Wed Jul 29 00:34:42 2020   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:42 2020   pkcs11_pin_cache_period = -1
Wed Jul 29 00:34:42 2020   pkcs11_id = '[UNDEF]'
Wed Jul 29 00:34:42 2020   pkcs11_id_management = DISABLED
Wed Jul 29 00:34:42 2020   server_network = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_network_ipv6 = ::
Wed Jul 29 00:34:42 2020   server_netbits_ipv6 = 0
Wed Jul 29 00:34:42 2020   server_bridge_ip = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_bridge_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_bridge_pool_start = 0.0.0.0
Wed Jul 29 00:34:42 2020   server_bridge_pool_end = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_defined = DISABLED
Wed Jul 29 00:34:42 2020   ifconfig_pool_start = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_end = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Jul 29 00:34:42 2020   ifconfig_pool_persist_refresh_freq = 600
Wed Jul 29 00:34:42 2020   ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 29 00:34:42 2020   ifconfig_ipv6_pool_base = ::
Wed Jul 29 00:34:42 2020   ifconfig_ipv6_pool_netbits = 0
Wed Jul 29 00:34:42 2020   n_bcast_buf = 256
Wed Jul 29 00:34:42 2020   tcp_queue_limit = 64
Wed Jul 29 00:34:42 2020   real_hash_size = 256
Wed Jul 29 00:34:42 2020   virtual_hash_size = 256
Wed Jul 29 00:34:42 2020   client_connect_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   learn_address_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   client_disconnect_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   client_config_dir = '[UNDEF]'
Wed Jul 29 00:34:42 2020   ccd_exclusive = DISABLED
Wed Jul 29 00:34:42 2020   tmp_dir = 'C:\Users\Victor\AppData\Local\Temp\'
Wed Jul 29 00:34:42 2020   push_ifconfig_defined = DISABLED
Wed Jul 29 00:34:42 2020   push_ifconfig_local = 0.0.0.0
Wed Jul 29 00:34:42 2020   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 29 00:34:42 2020   push_ifconfig_ipv6_defined = DISABLED
Wed Jul 29 00:34:42 2020   push_ifconfig_ipv6_local = ::/0
Wed Jul 29 00:34:42 2020   push_ifconfig_ipv6_remote = ::
Wed Jul 29 00:34:42 2020   enable_c2c = DISABLED
Wed Jul 29 00:34:42 2020   duplicate_cn = DISABLED
Wed Jul 29 00:34:42 2020   cf_max = 0
Wed Jul 29 00:34:42 2020   cf_per = 0
Wed Jul 29 00:34:42 2020   max_clients = 1024
Wed Jul 29 00:34:42 2020   max_routes_per_client = 256
Wed Jul 29 00:34:42 2020   auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 29 00:34:42 2020   auth_user_pass_verify_script_via_file = DISABLED
Wed Jul 29 00:34:42 2020   auth_token_generate = DISABLED
Wed Jul 29 00:34:42 2020   auth_token_lifetime = 0
Wed Jul 29 00:34:42 2020   client = ENABLED
Wed Jul 29 00:34:42 2020   pull = ENABLED
Wed Jul 29 00:34:42 2020   auth_user_pass_file = '[UNDEF]'
Wed Jul 29 00:34:42 2020   show_net_up = DISABLED
Wed Jul 29 00:34:42 2020   route_method = 3
Wed Jul 29 00:34:42 2020   block_outside_dns = DISABLED
Wed Jul 29 00:34:42 2020   ip_win32_defined = DISABLED
Wed Jul 29 00:34:42 2020   ip_win32_type = 3
Wed Jul 29 00:34:42 2020   dhcp_masq_offset = 0
Wed Jul 29 00:34:42 2020   dhcp_lease_time = 31536000
Wed Jul 29 00:34:42 2020   tap_sleep = 0
Wed Jul 29 00:34:42 2020   dhcp_options = DISABLED
Wed Jul 29 00:34:42 2020   dhcp_renew = DISABLED
Wed Jul 29 00:34:42 2020   dhcp_pre_release = DISABLED
Wed Jul 29 00:34:42 2020   domain = '[UNDEF]'
Wed Jul 29 00:34:42 2020   netbios_scope = '[UNDEF]'
Wed Jul 29 00:34:42 2020   netbios_node_type = 0
Wed Jul 29 00:34:42 2020   disable_nbt = DISABLED
Wed Jul 29 00:34:42 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
Wed Jul 29 00:34:42 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Jul 29 00:34:42 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Jul 29 00:34:42 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Jul 29 00:34:42 2020 Need hold release from management interface, waiting...
Wed Jul 29 00:34:42 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'state on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'log all on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'echo all on'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'bytecount 5'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'hold off'
Wed Jul 29 00:34:43 2020 MANAGEMENT: CMD 'hold release'
Wed Jul 29 00:34:43 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:34:43 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:34:43 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:34:43 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:34:43 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:34:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:34:43 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:34:43 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:34:43 2020 MANAGEMENT: >STATE:1595972083,TCP_CONNECT,,,,,,
Wed Jul 29 00:36:43 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:36:43 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:36:43 2020 MANAGEMENT: >STATE:1595972203,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:36:43 2020 Restart pause, 5 second(s)
Wed Jul 29 00:36:48 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:36:48 2020 Re-using SSL/TLS context
Wed Jul 29 00:36:48 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:36:48 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:36:48 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:36:48 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:36:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:36:48 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:36:48 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:36:48 2020 MANAGEMENT: >STATE:1595972208,TCP_CONNECT,,,,,,
Wed Jul 29 00:38:48 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:38:48 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:38:48 2020 MANAGEMENT: >STATE:1595972328,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:38:48 2020 Restart pause, 5 second(s)
Wed Jul 29 00:38:53 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:38:53 2020 Re-using SSL/TLS context
Wed Jul 29 00:38:53 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:38:53 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:38:53 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:38:53 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:38:53 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:38:53 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:38:53 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:38:53 2020 MANAGEMENT: >STATE:1595972333,TCP_CONNECT,,,,,,
Wed Jul 29 00:40:53 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:40:53 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:40:53 2020 MANAGEMENT: >STATE:1595972453,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:40:53 2020 Restart pause, 5 second(s)
Wed Jul 29 00:40:58 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:40:58 2020 Re-using SSL/TLS context
Wed Jul 29 00:40:58 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:40:58 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:40:58 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:40:58 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:40:58 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:40:58 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:40:58 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:40:58 2020 MANAGEMENT: >STATE:1595972458,TCP_CONNECT,,,,,,
Wed Jul 29 00:42:58 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:42:58 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:42:58 2020 MANAGEMENT: >STATE:1595972578,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:42:58 2020 Restart pause, 5 second(s)
Wed Jul 29 00:43:03 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:43:03 2020 Re-using SSL/TLS context
Wed Jul 29 00:43:03 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:43:03 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:43:03 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:43:03 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:43:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:43:03 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:43:03 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:43:03 2020 MANAGEMENT: >STATE:1595972583,TCP_CONNECT,,,,,,
Wed Jul 29 00:45:03 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:45:03 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:45:03 2020 MANAGEMENT: >STATE:1595972703,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:45:03 2020 Restart pause, 10 second(s)
Wed Jul 29 00:45:13 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:45:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:45:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:45:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:45:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:45:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:45:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:45:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:45:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:45:13 2020 MANAGEMENT: >STATE:1595972713,TCP_CONNECT,,,,,,
Wed Jul 29 00:47:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:47:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:47:13 2020 MANAGEMENT: >STATE:1595972833,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:47:13 2020 Restart pause, 20 second(s)
Wed Jul 29 00:47:33 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:47:33 2020 Re-using SSL/TLS context
Wed Jul 29 00:47:33 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:47:33 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:47:33 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:47:33 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:47:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:47:33 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:47:33 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:47:33 2020 MANAGEMENT: >STATE:1595972853,TCP_CONNECT,,,,,,
Wed Jul 29 00:49:33 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:49:33 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:49:33 2020 MANAGEMENT: >STATE:1595972973,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:49:33 2020 Restart pause, 40 second(s)
Wed Jul 29 00:50:13 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:50:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:50:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:50:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:50:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:50:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:50:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:50:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:50:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:50:13 2020 MANAGEMENT: >STATE:1595973013,TCP_CONNECT,,,,,,
Wed Jul 29 00:52:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:52:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:52:13 2020 MANAGEMENT: >STATE:1595973133,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:52:13 2020 Restart pause, 80 second(s)
Wed Jul 29 00:53:33 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:53:33 2020 Re-using SSL/TLS context
Wed Jul 29 00:53:33 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:53:33 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:53:33 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:53:33 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:53:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:53:33 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:53:33 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:53:33 2020 MANAGEMENT: >STATE:1595973213,TCP_CONNECT,,,,,,
Wed Jul 29 00:55:33 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 00:55:33 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 00:55:33 2020 MANAGEMENT: >STATE:1595973333,RECONNECTING,init_instance,,,,,
Wed Jul 29 00:55:33 2020 Restart pause, 160 second(s)
Wed Jul 29 00:58:13 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Jul 29 00:58:13 2020 Re-using SSL/TLS context
Wed Jul 29 00:58:13 2020 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed Jul 29 00:58:13 2020 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Wed Jul 29 00:58:13 2020 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Jul 29 00:58:13 2020 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Jul 29 00:58:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]213.159.209.98:1094
Wed Jul 29 00:58:13 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Jul 29 00:58:13 2020 Attempting to establish TCP connection with [AF_INET]213.159.209.98:1094 [nonblock]
Wed Jul 29 00:58:13 2020 MANAGEMENT: >STATE:1595973493,TCP_CONNECT,,,,,,
Wed Jul 29 01:00:13 2020 TCP: connect to [AF_INET]213.159.209.98:1094 failed: Unknown error
Wed Jul 29 01:00:13 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Wed Jul 29 01:00:13 2020 MANAGEMENT: >STATE:1595973613,RECONNECTING,init_instance,,,,,
Wed Jul 29 01:00:13 2020 Restart pause, 300 second(s)
Output on server:

Code: Select all

#openvpn /etc/openvpn/server/server.conf
Wed Jul 29 00:34:35 2020 us=835988 Current Parameter Settings:
Wed Jul 29 00:34:35 2020 us=836208   config = '/etc/openvpn/server/server.conf'
Wed Jul 29 00:34:35 2020 us=836225   mode = 1
Wed Jul 29 00:34:35 2020 us=836237   persist_config = DISABLED
Wed Jul 29 00:34:35 2020 us=836248   persist_mode = 1
Wed Jul 29 00:34:35 2020 us=836258   show_ciphers = DISABLED
Wed Jul 29 00:34:35 2020 us=836269   show_digests = DISABLED
Wed Jul 29 00:34:35 2020 us=836280   show_engines = DISABLED
Wed Jul 29 00:34:35 2020 us=836292   genkey = DISABLED
Wed Jul 29 00:34:35 2020 us=836302   key_pass_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836313   show_tls_ciphers = DISABLED
Wed Jul 29 00:34:35 2020 us=836323   connect_retry_max = 0
Wed Jul 29 00:34:35 2020 us=836334 Connection profiles [0]:
Wed Jul 29 00:34:35 2020 us=836345   proto = tcp-server
Wed Jul 29 00:34:35 2020 us=836356   local = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836378   local_port = '1094'
Wed Jul 29 00:34:35 2020 us=836390   remote = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836400   remote_port = '1094'
Wed Jul 29 00:34:35 2020 us=836410   remote_float = DISABLED
Wed Jul 29 00:34:35 2020 us=836421   bind_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836431   bind_local = ENABLED
Wed Jul 29 00:34:35 2020 us=836442   bind_ipv6_only = DISABLED
Wed Jul 29 00:34:35 2020 us=836453   connect_retry_seconds = 5
Wed Jul 29 00:34:35 2020 us=836464   connect_timeout = 120
Wed Jul 29 00:34:35 2020 us=836475   socks_proxy_server = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836509   socks_proxy_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836520   tun_mtu = 1500
Wed Jul 29 00:34:35 2020 us=836531   tun_mtu_defined = ENABLED
Wed Jul 29 00:34:35 2020 us=836542   link_mtu = 1500
Wed Jul 29 00:34:35 2020 us=836553   link_mtu_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836563   tun_mtu_extra = 0
Wed Jul 29 00:34:35 2020 us=836574   tun_mtu_extra_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=836585   mtu_discover_type = -1
Wed Jul 29 00:34:35 2020 us=836600   fragment = 0
Wed Jul 29 00:34:35 2020 us=836610   mssfix = 1450
Wed Jul 29 00:34:35 2020 us=836621   explicit_exit_notification = 0
Wed Jul 29 00:34:35 2020 us=836632 Connection profiles END
Wed Jul 29 00:34:35 2020 us=836642   remote_random = DISABLED
Wed Jul 29 00:34:35 2020 us=836652   ipchange = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836663   dev = 'tun'
Wed Jul 29 00:34:35 2020 us=836675   dev_type = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836685   dev_node = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836695   lladdr = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836706   topology = 1
Wed Jul 29 00:34:35 2020 us=836717   ifconfig_local = '192.168.10.1'
Wed Jul 29 00:34:35 2020 us=836728   ifconfig_remote_netmask = '192.168.10.2'
Wed Jul 29 00:34:35 2020 us=836739   ifconfig_noexec = DISABLED
Wed Jul 29 00:34:35 2020 us=836750   ifconfig_nowarn = DISABLED
Wed Jul 29 00:34:35 2020 us=836760   ifconfig_ipv6_local = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836771   ifconfig_ipv6_netbits = 0
Wed Jul 29 00:34:35 2020 us=836782   ifconfig_ipv6_remote = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=836792   shaper = 0
Wed Jul 29 00:34:35 2020 us=836802   mtu_test = 0
Wed Jul 29 00:34:35 2020 us=836813   mlock = DISABLED
Wed Jul 29 00:34:35 2020 us=836823   keepalive_ping = 10
Wed Jul 29 00:34:35 2020 us=836834   keepalive_timeout = 120
Wed Jul 29 00:34:35 2020 us=836844   inactivity_timeout = 0
Wed Jul 29 00:34:35 2020 us=836855   ping_send_timeout = 10
Wed Jul 29 00:34:35 2020 us=836865   ping_rec_timeout = 240
Wed Jul 29 00:34:35 2020 us=836876   ping_rec_timeout_action = 2
Wed Jul 29 00:34:35 2020 us=836887   ping_timer_remote = DISABLED
Wed Jul 29 00:34:35 2020 us=836898   remap_sigusr1 = 0
Wed Jul 29 00:34:35 2020 us=836908   persist_tun = ENABLED
Wed Jul 29 00:34:35 2020 us=836919   persist_local_ip = DISABLED
Wed Jul 29 00:34:35 2020 us=836930   persist_remote_ip = DISABLED
Wed Jul 29 00:34:35 2020 us=836940   persist_key = ENABLED
Wed Jul 29 00:34:35 2020 us=836952   passtos = DISABLED
Wed Jul 29 00:34:35 2020 us=836986   resolve_retry_seconds = 1000000000
Wed Jul 29 00:34:35 2020 us=836998   resolve_in_advance = DISABLED
Wed Jul 29 00:34:35 2020 us=837009   username = 'nobody'
Wed Jul 29 00:34:35 2020 us=837019   groupname = 'nobody'
Wed Jul 29 00:34:35 2020 us=837030   chroot_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837040   cd_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837050   selinux_context = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837072   writepid = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837083   up_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837094   down_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837105   down_pre = DISABLED
Wed Jul 29 00:34:35 2020 us=837116   up_restart = DISABLED
Wed Jul 29 00:34:35 2020 us=837127   up_delay = DISABLED
Wed Jul 29 00:34:35 2020 us=837137   daemon = DISABLED
Wed Jul 29 00:34:35 2020 us=837148   inetd = 0
Wed Jul 29 00:34:35 2020 us=837159   log = DISABLED
Wed Jul 29 00:34:35 2020 us=837170   suppress_timestamps = DISABLED
Wed Jul 29 00:34:35 2020 us=837180   machine_readable_output = DISABLED
Wed Jul 29 00:34:35 2020 us=837192   nice = 0
Wed Jul 29 00:34:35 2020 us=837211   verbosity = 6
Wed Jul 29 00:34:35 2020 us=837222   mute = 0
Wed Jul 29 00:34:35 2020 us=837233   gremlin = 0
Wed Jul 29 00:34:35 2020 us=837243   status_file = 'openvpn-status.log'
Wed Jul 29 00:34:35 2020 us=837260   status_file_version = 1
Wed Jul 29 00:34:35 2020 us=837271   status_file_update_freq = 60
Wed Jul 29 00:34:35 2020 us=837282   occ = ENABLED
Wed Jul 29 00:34:35 2020 us=837292   rcvbuf = 0
Wed Jul 29 00:34:35 2020 us=837310   sndbuf = 0
Wed Jul 29 00:34:35 2020 us=837321   mark = 0
Wed Jul 29 00:34:35 2020 us=837331   sockflags = 0
Wed Jul 29 00:34:35 2020 us=837342   fast_io = DISABLED
Wed Jul 29 00:34:35 2020 us=837353   comp.alg = 0
Wed Jul 29 00:34:35 2020 us=837378   comp.flags = 0
Wed Jul 29 00:34:35 2020 us=837389   route_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837400   route_default_gateway = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837411   route_default_metric = 0
Wed Jul 29 00:34:35 2020 us=837427   route_noexec = DISABLED
Wed Jul 29 00:34:35 2020 us=837438   route_delay = 0
Wed Jul 29 00:34:35 2020 us=837448   route_delay_window = 30
Wed Jul 29 00:34:35 2020 us=837458   route_delay_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=837469   route_nopull = DISABLED
Wed Jul 29 00:34:35 2020 us=837480   route_gateway_via_dhcp = DISABLED
Wed Jul 29 00:34:35 2020 us=837490   allow_pull_fqdn = DISABLED
Wed Jul 29 00:34:35 2020 us=837503   route 192.168.10.0/255.255.255.0/default (n                                                                                                             ot set)/default (not set)
Wed Jul 29 00:34:35 2020 us=837514   management_addr = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837525   management_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837543   management_user_pass = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837554   management_log_history_cache = 250
Wed Jul 29 00:34:35 2020 us=837565   management_echo_buffer_size = 100
Wed Jul 29 00:34:35 2020 us=837582   management_write_peer_info_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837594   management_client_user = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=837604   management_client_group = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838029   management_flags = 0
Wed Jul 29 00:34:35 2020 us=838049   shared_secret_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838061   key_direction = not set
Wed Jul 29 00:34:35 2020 us=838072   ciphername = 'AES-256-CBC'
Wed Jul 29 00:34:35 2020 us=838082   ncp_enabled = ENABLED
Wed Jul 29 00:34:35 2020 us=838098   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Jul 29 00:34:35 2020 us=838110   authname = 'SHA1'
Wed Jul 29 00:34:35 2020 us=838120   prng_hash = 'SHA1'
Wed Jul 29 00:34:35 2020 us=838131   prng_nonce_secret_len = 16
Wed Jul 29 00:34:35 2020 us=838141   keysize = 0
Wed Jul 29 00:34:35 2020 us=838152   engine = DISABLED
Wed Jul 29 00:34:35 2020 us=838162   replay = ENABLED
Wed Jul 29 00:34:35 2020 us=838173   mute_replay_warnings = DISABLED
Wed Jul 29 00:34:35 2020 us=838183   replay_window = 64
Wed Jul 29 00:34:35 2020 us=838194   replay_time = 15
Wed Jul 29 00:34:35 2020 us=838204   packet_id_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838215   use_iv = ENABLED
Wed Jul 29 00:34:35 2020 us=838225   test_crypto = DISABLED
Wed Jul 29 00:34:35 2020 us=838235   tls_server = ENABLED
Wed Jul 29 00:34:35 2020 us=838246   tls_client = DISABLED
Wed Jul 29 00:34:35 2020 us=838256   key_method = 2
Wed Jul 29 00:34:35 2020 us=838267   ca_file = '/etc/openvpn/keys/ca.crt'
Wed Jul 29 00:34:35 2020 us=838278   ca_path = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838289   dh_file = '/etc/openvpn/certs/dh.pem'
Wed Jul 29 00:34:35 2020 us=838300   cert_file = '/etc/openvpn/keys/victor-serve                                                                                                             r.crt'
Wed Jul 29 00:34:35 2020 us=838311   extra_certs_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838323   priv_key_file = '/etc/openvpn/keys/victor-s                                                                                                             erver.key'
Wed Jul 29 00:34:35 2020 us=838334   pkcs12_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838344   cipher_list = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838355   cipher_list_tls13 = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838378   tls_cert_profile = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838388   tls_verify = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838399   tls_export_cert = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838410   verify_x509_type = 0
Wed Jul 29 00:34:35 2020 us=838420   verify_x509_name = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838431   crl_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838441   ns_cert_type = 0
Wed Jul 29 00:34:35 2020 us=838452   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838463   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838473   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838484   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838494   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838505   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838516   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838526   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838536   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838547   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838558   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838569   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838579   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838589   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838600   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838610   remote_cert_ku[i] = 0
Wed Jul 29 00:34:35 2020 us=838621   remote_cert_eku = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838631   ssl_flags = 0
Wed Jul 29 00:34:35 2020 us=838642   tls_timeout = 2
Wed Jul 29 00:34:35 2020 us=838652   renegotiate_bytes = -1
Wed Jul 29 00:34:35 2020 us=838663   renegotiate_packets = 0
Wed Jul 29 00:34:35 2020 us=838673   renegotiate_seconds = 3600
Wed Jul 29 00:34:35 2020 us=838684   handshake_window = 60
Wed Jul 29 00:34:35 2020 us=838695   transition_window = 3600
Wed Jul 29 00:34:35 2020 us=838706   single_session = DISABLED
Wed Jul 29 00:34:35 2020 us=838717   push_peer_info = DISABLED
Wed Jul 29 00:34:35 2020 us=838727   tls_exit = DISABLED
Wed Jul 29 00:34:35 2020 us=838738   tls_auth_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838749   tls_crypt_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=838759   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838771   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838781   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838792   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838803   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838813   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838824   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838835   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838846   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838856   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838867   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838878   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838889   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838900   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838910   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838921   pkcs11_protected_authentication = DISABLED
Wed Jul 29 00:34:35 2020 us=838933   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838944   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838955   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838986   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=838997   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839007   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839018   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839029   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839039   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839050   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839061   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839071   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839082   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839092   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839103   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839114   pkcs11_private_mode = 00000000
Wed Jul 29 00:34:35 2020 us=839124   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839135   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839146   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839156   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839166   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839177   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839188   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839198   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839413   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839429   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839439   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839450   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839461   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839471   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839482   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839492   pkcs11_cert_private = DISABLED
Wed Jul 29 00:34:35 2020 us=839503   pkcs11_pin_cache_period = -1
Wed Jul 29 00:34:35 2020 us=839514   pkcs11_id = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839525   pkcs11_id_management = DISABLED
Wed Jul 29 00:34:35 2020 us=839540   server_network = 192.168.10.0
Wed Jul 29 00:34:35 2020 us=839552   server_netmask = 255.255.255.0
Wed Jul 29 00:34:35 2020 us=839582   server_network_ipv6 = ::
Wed Jul 29 00:34:35 2020 us=839593   server_netbits_ipv6 = 0
Wed Jul 29 00:34:35 2020 us=839605   server_bridge_ip = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839617   server_bridge_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839628   server_bridge_pool_start = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839640   server_bridge_pool_end = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839652   push_entry = 'redirect-gateway def1 bypass-                                                                                                             dhcp'
Wed Jul 29 00:34:35 2020 us=839663   push_entry = 'route 192.168.10.0 255.255.25                                                                                                             5.0'
Wed Jul 29 00:34:35 2020 us=839674   push_entry = 'topology net30'
Wed Jul 29 00:34:35 2020 us=839685   push_entry = 'ping 10'
Wed Jul 29 00:34:35 2020 us=839696   push_entry = 'ping-restart 120'
Wed Jul 29 00:34:35 2020 us=839706   ifconfig_pool_defined = ENABLED
Wed Jul 29 00:34:35 2020 us=839718   ifconfig_pool_start = 192.168.10.4
Wed Jul 29 00:34:35 2020 us=839730   ifconfig_pool_end = 192.168.10.251
Wed Jul 29 00:34:35 2020 us=839741   ifconfig_pool_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839752   ifconfig_pool_persist_filename = 'ipp.txt'
Wed Jul 29 00:34:35 2020 us=839763   ifconfig_pool_persist_refresh_freq = 600
Wed Jul 29 00:34:35 2020 us=839774   ifconfig_ipv6_pool_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839786   ifconfig_ipv6_pool_base = ::
Wed Jul 29 00:34:35 2020 us=839797   ifconfig_ipv6_pool_netbits = 0
Wed Jul 29 00:34:35 2020 us=839807   n_bcast_buf = 256
Wed Jul 29 00:34:35 2020 us=839818   tcp_queue_limit = 64
Wed Jul 29 00:34:35 2020 us=839828   real_hash_size = 256
Wed Jul 29 00:34:35 2020 us=839839   virtual_hash_size = 256
Wed Jul 29 00:34:35 2020 us=839850   client_connect_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839861   learn_address_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839871   client_disconnect_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839882   client_config_dir = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=839893   ccd_exclusive = DISABLED
Wed Jul 29 00:34:35 2020 us=839903   tmp_dir = '/tmp'
Wed Jul 29 00:34:35 2020 us=839914   push_ifconfig_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839926   push_ifconfig_local = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839937   push_ifconfig_remote_netmask = 0.0.0.0
Wed Jul 29 00:34:35 2020 us=839948   push_ifconfig_ipv6_defined = DISABLED
Wed Jul 29 00:34:35 2020 us=839982   push_ifconfig_ipv6_local = ::/0
Wed Jul 29 00:34:35 2020 us=839994   push_ifconfig_ipv6_remote = ::
Wed Jul 29 00:34:35 2020 us=840005   enable_c2c = ENABLED
Wed Jul 29 00:34:35 2020 us=840016   duplicate_cn = DISABLED
Wed Jul 29 00:34:35 2020 us=840026   cf_max = 0
Wed Jul 29 00:34:35 2020 us=840037   cf_per = 0
Wed Jul 29 00:34:35 2020 us=840047   max_clients = 1024
Wed Jul 29 00:34:35 2020 us=840058   max_routes_per_client = 256
Wed Jul 29 00:34:35 2020 us=840068   auth_user_pass_verify_script = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840080   auth_user_pass_verify_script_via_file = DIS                                                                                                             ABLED
Wed Jul 29 00:34:35 2020 us=840091   auth_token_generate = DISABLED
Wed Jul 29 00:34:35 2020 us=840101   auth_token_lifetime = 0
Wed Jul 29 00:34:35 2020 us=840112   port_share_host = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840123   port_share_port = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840134   client = DISABLED
Wed Jul 29 00:34:35 2020 us=840144   pull = DISABLED
Wed Jul 29 00:34:35 2020 us=840155   auth_user_pass_file = '[UNDEF]'
Wed Jul 29 00:34:35 2020 us=840170 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora                                                                                                              EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD]                                                                                                              built on Apr 24 2020
Wed Jul 29 00:34:35 2020 us=840256 library versions: OpenSSL 1.0.2k-fips  26 Jan                                                                                                              2017, LZO 2.06
Wed Jul 29 00:34:35 2020 us=841804 Diffie-Hellman initialized with 2048 bit key
Wed Jul 29 00:34:35 2020 us=842727 TLS-Auth MTU parms [ L:1623 D:1210 EF:40 EB:0                                                                                                              ET:0 EL:3 ]
Wed Jul 29 00:34:35 2020 us=843258 ROUTE_GATEWAY 10.0.0.1
Wed Jul 29 00:34:35 2020 us=844451 TUN/TAP device tun0 opened
Wed Jul 29 00:34:35 2020 us=844495 TUN/TAP TX queue length set to 100
Wed Jul 29 00:34:35 2020 us=844517 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jul 29 00:34:35 2020 us=844542 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 29 00:34:35 2020 us=852293 /sbin/ip addr add dev tun0 local 192.168.10.1                                                                                                              peer 192.168.10.2
Wed Jul 29 00:34:35 2020 us=854695 /sbin/ip route add 192.168.10.0/24 via 192.16                                                                                                             8.10.2
Wed Jul 29 00:34:35 2020 us=856933 Data Channel MTU parms [ L:1623 D:1450 EF:123                                                                                                              EB:406 ET:0 EL:3 ]
Wed Jul 29 00:34:35 2020 us=857342 Could not determine IPv4/IPv6 protocol. Using                                                                                                              AF_INET
Wed Jul 29 00:34:35 2020 us=857417 Socket Buffers: R=[87380->87380] S=[16384->16                                                                                                             384]
Wed Jul 29 00:34:35 2020 us=857447 Listening for incoming TCP connection on [AF_                                                                                                             INET][undef]:1094
Wed Jul 29 00:34:35 2020 us=857464 TCPv4_SERVER link local (bound): [AF_INET][un                                                                                                             def]:1094
Wed Jul 29 00:34:35 2020 us=857473 TCPv4_SERVER link remote: [AF_UNSPEC]
Wed Jul 29 00:34:35 2020 us=857490 GID set to nobody
Wed Jul 29 00:34:35 2020 us=857514 UID set to nobody
Wed Jul 29 00:34:35 2020 us=857549 MULTI: multi_init called, r=256 v=256
Wed Jul 29 00:34:35 2020 us=857584 IFCONFIG POOL: base=192.168.10.4 size=62, ipv                                                                                                             6=0
Wed Jul 29 00:34:35 2020 us=857616 IFCONFIG POOL LIST
Wed Jul 29 00:34:35 2020 us=857653 MULTI: TCP INIT maxclients=1024 maxevents=102                                                                                                             8
Wed Jul 29 00:34:35 2020 us=857693 Initialization Sequence Completed
Client config

client

;dev tap
dev tun

;dev-node OpenVPN

proto tcp
;proto udp

remote 213.159.209.98 1094
resolv-retry infinite

nobind

;user nobody
;group nobody

persist-key
persist-tun

ca C:\\OpenVPN\\certs\\ca.crt
cert C:\\OpenVPN\\certs\\victor-client.crt
key C:\\OpenVPN\\certs\\victor-client.key
dh C:\\OpenVPN\\certs\\dh.pem
#tls-auth ta.key 1

cipher AES-256-CBC
;ns-cert-type server

;route 192.168.10.0 255.255.255.0

#ifconfig-pool-persist ipp.txt

;compress lz4-v2
;push "compress lz4-v2"

;max-clients 100

status C:\\OpenVPN\\log\\openvpn-status.log 1
status-version 3

;log openvpn.log
log-append openvpn.log

verb 6


Server config CentOS 7

port 1094
#port 53

proto tcp
;proto udp

;dev tap
dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/victor-server.crt
key /etc/openvpn/keys/victor-server.key
dh /etc/openvpn/certs/dh.pem

server 192.168.10.0 255.255.255.0
;iroute 192.168.8.0 255.255.255.0

ifconfig-pool-persist ipp.txt
client-to-client

push "redirect-gateway def1 bypass-dhcp"

;duplicate-cn

keepalive 10 120

cipher AES-256-CBC

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log

verb 6


Ping of server from client:

Code: Select all

ping 213.159.209.98

Обмен пакетами с 213.159.209.98 по с 32 байтами данных:
Ответ от 213.159.209.98: число байт=32 время=6мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=4мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=5мс TTL=53
Ответ от 213.159.209.98: число байт=32 время=4мс TTL=53

Статистика Ping для 213.159.209.98:
    Пакетов: отправлено = 4, получено = 4, потеряно = 0
    (0% потерь)
Приблизительное время приема-передачи в мс:
    Минимальное = 4мсек, Максимальное = 6 мсек, Среднее = 4 мсек
tcpdump on the server:

Code: Select all

# tcpdump port 1094
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:05:17.251648 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:20.254052 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:26.250678 IP 37-145-37-143.broadband.corbina.ru.55113 > myserver.fvds. ru.rootd: Flags [S], seq 3919669653, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:26.723031 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:29.719333 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:05:35.718859 IP 37-145-37-143.broadband.corbina.ru.55119 > myserver.fvds. ru.rootd: Flags [S], seq 2675092632, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:17.333980 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:20.329271 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:26.330063 IP 37-145-37-143.broadband.corbina.ru.55359 > myserver.fvds. ru.rootd: Flags [S], seq 3648063440, win 64240, options [mss 1460,nop,wscale 8,n op,nop,sackOK], length 0
01:12:26.911157 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
01:12:29.909165 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
01:12:35.909259 IP 37-145-37-143.broadband.corbina.ru.55366 > myserver.fvds. ru.rootd: Flags [S], seq 695729156, win 64240, options [mss 1460,nop,wscale 8,no p,nop,sackOK], length 0
Interfaces on the server:

Code: Select all

# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 213.159.209.98  netmask 255.255.255.255  broadcast 213.159.209.98
        inet6 fe80::5054:ff:fe59:ef19  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:59:ef:19  txqueuelen 1000  (Ethernet)
        RX packets 40184  bytes 3905902 (3.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38868  bytes 8064728 (7.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.31.16.37  netmask 255.255.255.255  broadcast 172.31.16.37
        ether 52:54:00:59:ef:19  txqueuelen 1000  (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 503  bytes 44969 (43.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 503  bytes 44969 (43.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.255  destination 192.168.10.2
        inet6 fe80::7e7:a81d:dd90:10ae  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100                                                                                                               (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3  bytes 144 (144.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Firewall:

Code: Select all

# ps aux | grep firewall
root       528  0.0  1.5 358924 29124 ?        Ssl  июл28   0:01 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
root      8993  0.0  0.0 112836   972 pts/1    S+   01:19   0:00 grep --color=auto firewall

Code: Select all

# cat firewalld.conf

DefaultZone=public
MinimalMark=100
CleanupOnExit=yes
Lockdown=no
IPv6_rpfilter=yes
IndividualCalls=no
LogDenied=off
AutomaticHelpers=system
AllowZoneDrifting=yes
Please help to connect clients and server and understand why it happens
Last edited by Pippin on Wed Jul 29, 2020 9:39 am, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unknown problem with openvpn

Post by TinCanTech » Wed Jul 29, 2020 11:28 am

Your server log shows zero connection attempts.

So, either your firewall or Service provider is blocking you.

QFireball
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 29, 2020 9:02 am

Re: Unknown problem with openvpn

Post by QFireball » Wed Jul 29, 2020 1:49 pm

TinCanTech wrote:
Wed Jul 29, 2020 11:28 am
Your server log shows zero connection attempts.

So, either your firewall or Service provider is blocking you.
Thank you so much! Now, I made

Code: Select all

systemctl stop firewalld
and my connection was established.

So, I will tune firewall. But how did you understand this? Because I see that tcpdump sees incoming packets on the port 1094, so I didn't suspect the firewall in this situation.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Unknown problem with openvpn

Post by Pippin » Wed Jul 29, 2020 2:13 pm

Basically, the capture takes place between the physical interface and the firewall.

https://community.openvpn.net/openvpn/w ... acketsFlow
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unknown problem with openvpn

Post by TinCanTech » Wed Jul 29, 2020 2:28 pm

QFireball wrote:
Wed Jul 29, 2020 1:49 pm
But how did you understand this?
Two reasons:
  1. You clearly documented your problem .. well done 8-)
  2. Experience.

QFireball
OpenVpn Newbie
Posts: 3
Joined: Wed Jul 29, 2020 9:02 am

Re: Unknown problem with openvpn

Post by QFireball » Wed Jul 29, 2020 11:47 pm

Thanks to all, problem solved: problems was related to firewall. I changed firewalld to iptables and now everything is OK:

Code: Select all

systemctl stop firewalld
systemctl mask firewalld
systemctl enable iptables
systemctl start iptables
ps aux | grep iptables
iptables –flush
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
and then

Code: Select all

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

Post Reply