I am new to openvpn and VPN in general. But trying to set up a VPN server for my home network for remote access. My ASUS router is running openvpn v 2.3.2:
Code: Select all
admin@RT-AC56U:/tmp/home/root# openvpn --version
OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [IPv6] built on Nov 4 2019
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
Compile time defines: enable_crypto=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_eurephia=yes enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=no enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no
admin@RT-AC56U:/tmp/home/root#
Code: Select all
Sun Sep 25 09:17:40 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Sun Sep 25 09:17:40 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sun Sep 25 09:17:46 2022 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Sun Sep 25 09:17:46 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]98.42.229.135:1194
Sun Sep 25 09:17:46 2022 UDP link local: (not bound)
Sun Sep 25 09:17:46 2022 UDP link remote: [AF_INET]98.42.229.135:1194
Sun Sep 25 09:17:46 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Sep 25 09:17:47 2022 [server] Peer Connection Initiated with [AF_INET]98.42.229.135:1194
Sun Sep 25 09:17:48 2022 TUN/TAP device tun0 opened
Sun Sep 25 09:17:48 2022 /sbin/ip link set dev tun0 up mtu 1500
Sun Sep 25 09:17:48 2022 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5
Sun Sep 25 09:17:48 2022 Initialization Sequence Completed
^CSun Sep 25 09:17:57 2022 event_wait : Interrupted system call (code=4)
Sun Sep 25 09:17:57 2022 /sbin/ip addr del dev tun0 local 10.8.0.6 peer 10.8.0.5
Sun Sep 25 09:17:57 2022 SIGINT[hard,] received, process exiting
Code: Select all
2022-09-25 09:18:48 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-09-25 09:18:48 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-09-25 09:18:48 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-09-25 09:18:48 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-09-25 09:18:54 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2022-09-25 09:18:54 TCP/UDP: Preserving recently used remote address: [AF_INET]98.42.229.135:1194
2022-09-25 09:18:54 UDP link local: (not bound)
2022-09-25 09:18:54 UDP link remote: [AF_INET]98.42.229.135:1194
2022-09-25 09:18:54 OpenSSL: error:0A0C0103:SSL routines::internal error
2022-09-25 09:18:54 TLS_ERROR: BIO read tls_read_plaintext error
2022-09-25 09:18:54 TLS Error: TLS object -> incoming plaintext read error
2022-09-25 09:18:54 TLS Error: TLS handshake failed
2022-09-25 09:18:54 SIGUSR1[soft,tls-error] received, process restarting
2022-09-25 09:18:59 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
2022-09-25 09:18:59 TCP/UDP: Preserving recently used remote address: [AF_INET]98.42.229.135:1194
2022-09-25 09:18:59 UDP link local: (not bound)
2022-09-25 09:18:59 UDP link remote: [AF_INET]98.42.229.135:1194
^C2022-09-25 09:19:00 event_wait : Interrupted system call (code=4)
2022-09-25 09:19:00 SIGINT[hard,] received, process exiting
Code: Select all
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Code: Select all
OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
Code: Select all
# Automatically generated configuration
# Tunnel options
proto udp
multihome
port 1194
dev tun21
sndbuf 0
rcvbuf 0
keepalive 15 60
daemon vpnserver1
verb 3
status-version 2
status status 10
comp-lzo adaptive
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
# Server Mode
server 10.8.0.0 255.255.255.0
duplicate-cn
push "route 192.168.1.0 255.255.255.0 vpn_gateway 500"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1"
client-cert-not-required
username-as-common-name
# Data Channel Encryption Options
auth SHA256
cipher AES-256-CBC
# TLS Mode Options
ca ca.crt
dh dh.pem
cert server.crt
key server.key
reneg-sec 18000
# Custom Configuration
Code: Select all
remote 98.42.229.135 1194
float
nobind
proto udp
dev tun
sndbuf 0
rcvbuf 0
keepalive 15 60
comp-lzo adaptive
auth-user-pass
client
auth SHA256
cipher AES-256-CBC
reneg-sec 18000
ns-cert-type server
<ca>
...... Inline CA cert here.......
</ca>
<cert>
...... Inline client cert here.......
</cert>
<key>
...... Inline client key here.......
</key>
Would appreciate any help I can get on this. I am stuck.