Error in the beginning of the connection from the client to the server

This is the forum to post your config. Include diagrams, usage graphs, and all the other goodies to show off your network.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Adrianglf99
OpenVpn Newbie
Posts: 1
Joined: Sat May 27, 2023 10:16 pm

Error in the beginning of the connection from the client to the server

Post by Adrianglf99 » Sat May 27, 2023 11:41 pm

Hello everyone. I would like your support, I am a novice in this type of work.

I am trying to install a VPN at my home, using an external memory where I have installed Ubuntu in Virtual Box.

I think I have followed the necessary steps. I have installed OpenVPN; the pki and the AC; the server keys, a TLS-CRYPT key, and client keys. Later I have configured the server and the client; I have opened the firewall and created the .ovpn files.

The problem appears when I try to install the VPN client on my same computer, or on another computer with the Windows operating system.

The problem that appears is this:

Code: Select all

root@zaperoko123-VirtualBox:/home/zaperoko123# openvpn --config cliente1-ensayOS.ovpn
2023-05-27 17:37:56 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-05-27 17:37:56 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-05-27 17:37:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-05-27 17:37:56 OpenSSL: error:1E08010C:DECODER routines::unsupported
2023-05-27 17:37:56 Cannot load private key file [[INLINE]]
2023-05-27 17:37:56 Error: private key password verification failed
2023-05-27 17:37:56 Exiting due to fatal error
The server configuration:

Code: Select all

;local a.b.c.d
port 1194

;proto tcp
proto udp

;dev tap
dev tun

;dev-node MyTap

ca ca.crt
cert servidor-ensayOS.crt
key servidor-ensayOS.key  # This file should be kept secret

;dh dh2048.pem
dh none

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist /var/log/openvpn/ipp.txt

;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100

;server-bridge

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;client-config-dir ccd
;route 192.168.40.128 255.255.255.248

;client-config-dir ccd
;route 10.9.0.0 255.255.255.252

;learn-address ./script

push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

;client-to-client

;duplicate-cn

keepalive 10 120

;tls-auth ta.key 0 # This file is secret
tls-crypt ta.key

;cipher AES-256-CBC
cipher AES-256-GCM
auth SHA256

;compress lz4-v2
;push "compress lz4-v2"

;comp-lzo

max-clients 100

user nobody
group nogroup

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

;log         /var/log/openvpn/openvpn.log
;log-append  /var/log/openvpn/openvpn.log

verb 3

;mute 20

explicit-exit-notify 1
The client configuration:

Code: Select all

client

remote 18x.xxx.xx.xxx 1194              
;remote my-server-2 1194

;remote-random

resolv-retry infinite

nobind

user nobody
group nogroup
persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port#]

;mute-replay-warnings

;ca ca.crt
;cert client.crt
;key client.key
;tls-crypt ta.key

remote-cert-tls server

;cipher AES-256-CBC
cipher AES-256-GCM                      
auth SHA256

;comp-lzo                               #S16

verb 3
;mute 20

key-direction 1

;script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
The .ovpn file for the client:

Code: Select all

#C1.ESPECIFICAMOS QUE SOMOS UN CLIENTE
client
#C2. NOMBRE O IP DEL SERVIDOR + PUERTO
remote 181.xxx.xx.xxx 1194              #S2
;remote my-server-2 1194

proto udp                                       #S3

dev tun                                         #S4

#CONEXIÓN ALEATORIO A LOS SERVIDORES INDICADOS
;remote-random

#C3. RESOLUCIÓN DE NOMBRES INFINITA
resolv-retry infinite

#C4. SIN ASOCIAR PUERTO O SERVICIO
nobind

user nobody
group nogroup
persist-key
persist-tun

#CONEXIÓN CON EL SERVIDOR A TRAVES DE UN PROXY
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port#]

#C5. SILENCIAR LOS AVISOS DUPLICADOS
;mute-replay-warnings

##CLAVES
;ca ca.crt
;cert client.crt
;key client.key
;tls-crypt ta.key                       #S14

#C6. COMPROBAR LA IDENTIDAD DEL SERVIDOR
remote-cert-tls server

#CIFRADO
cipher AES-256-GCM                      #S15
auth SHA256
#COMPRESIÓN
;comp-lzo                               #S16

verb 3
;mute 20

script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .

<ca>
-----BEGIN CERTIFICATE-----
MIIDSDCCAjCgA....==
-----END CERTIFICATE-----

</ca>
<cert>
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:75:...
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ensayOS-CA
        Validity
            Not Before: May 26 21:02:01 2023 GMT
            Not After : Aug 28 21:02:01 2025 GMT
        Subject: CN=cliente1-ensayOS
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c7:33:8d...
                    
-----BEGIN CERTIFICATE-----
MIIDX...
-----END CERTIFICATE-----
</cert>
<key>
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b39...
-----END OpenVPN Static key V1-----
</tls-crypt>
I appreciate yours help in advance.

Post Reply