I am trying to install a VPN at my home, using an external memory where I have installed Ubuntu in Virtual Box.
I think I have followed the necessary steps. I have installed OpenVPN; the pki and the AC; the server keys, a TLS-CRYPT key, and client keys. Later I have configured the server and the client; I have opened the firewall and created the .ovpn files.
The problem appears when I try to install the VPN client on my same computer, or on another computer with the Windows operating system.
The problem that appears is this:
Code: Select all
root@zaperoko123-VirtualBox:/home/zaperoko123# openvpn --config cliente1-ensayOS.ovpn
2023-05-27 17:37:56 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-05-27 17:37:56 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-05-27 17:37:56 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-05-27 17:37:56 OpenSSL: error:1E08010C:DECODER routines::unsupported
2023-05-27 17:37:56 Cannot load private key file [[INLINE]]
2023-05-27 17:37:56 Error: private key password verification failed
2023-05-27 17:37:56 Exiting due to fatal error
Code: Select all
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
;dev-node MyTap
ca ca.crt
cert servidor-ensayOS.crt
key servidor-ensayOS.key # This file should be kept secret
;dh dh2048.pem
dh none
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
;server-bridge
;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
;learn-address ./script
push "redirect-gateway def1 bypass-dhcp"
;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"
;client-to-client
;duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
tls-crypt ta.key
;cipher AES-256-CBC
cipher AES-256-GCM
auth SHA256
;compress lz4-v2
;push "compress lz4-v2"
;comp-lzo
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
;log /var/log/openvpn/openvpn.log
;log-append /var/log/openvpn/openvpn.log
verb 3
;mute 20
explicit-exit-notify 1
Code: Select all
client
remote 18x.xxx.xx.xxx 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port#]
;mute-replay-warnings
;ca ca.crt
;cert client.crt
;key client.key
;tls-crypt ta.key
remote-cert-tls server
;cipher AES-256-CBC
cipher AES-256-GCM
auth SHA256
;comp-lzo #S16
verb 3
;mute 20
key-direction 1
;script-security 2
; up /etc/openvpn/update-systemd-resolved
; down /etc/openvpn/update-systemd-resolved
; down-pre
; dhcp-option DOMAIN-ROUTE .
Code: Select all
#C1.ESPECIFICAMOS QUE SOMOS UN CLIENTE
client
#C2. NOMBRE O IP DEL SERVIDOR + PUERTO
remote 181.xxx.xx.xxx 1194 #S2
;remote my-server-2 1194
proto udp #S3
dev tun #S4
#CONEXIÓN ALEATORIO A LOS SERVIDORES INDICADOS
;remote-random
#C3. RESOLUCIÓN DE NOMBRES INFINITA
resolv-retry infinite
#C4. SIN ASOCIAR PUERTO O SERVICIO
nobind
user nobody
group nogroup
persist-key
persist-tun
#CONEXIÓN CON EL SERVIDOR A TRAVES DE UN PROXY
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port#]
#C5. SILENCIAR LOS AVISOS DUPLICADOS
;mute-replay-warnings
##CLAVES
;ca ca.crt
;cert client.crt
;key client.key
;tls-crypt ta.key #S14
#C6. COMPROBAR LA IDENTIDAD DEL SERVIDOR
remote-cert-tls server
#CIFRADO
cipher AES-256-GCM #S15
auth SHA256
#COMPRESIÓN
;comp-lzo #S16
verb 3
;mute 20
script-security 2
up /etc/openvpn/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved
down-pre
dhcp-option DOMAIN-ROUTE .
<ca>
-----BEGIN CERTIFICATE-----
MIIDSDCCAjCgA....==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:75:...
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ensayOS-CA
Validity
Not Before: May 26 21:02:01 2023 GMT
Not After : Aug 28 21:02:01 2025 GMT
Subject: CN=cliente1-ensayOS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c7:33:8d...
-----BEGIN CERTIFICATE-----
MIIDX...
-----END CERTIFICATE-----
</cert>
<key>
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
b39...
-----END OpenVPN Static key V1-----
</tls-crypt>