Different tools on the server-side (ss -lntp, nmap) tell that it works, but I could not connect using OpenVPN connect client program for Windows.
I tried to reinstall it several times with different options using the script above, I tried UDP and TCP versions. No luck.
OpenVPN Connect Log File:
Code: Select all
⏎[Oct 18, 2023, 20:03:19] EVENT: RESOLVE ⏎[Oct 18, 2023, 20:03:19] EVENT: WAIT ⏎[Oct 18, 2023, 20:03:19] WinCommandAgent: transmitting bypass route to 157.90.0.217
{
"host" : "157.90.0.217",
"ipv6" : false
}
⏎[Oct 18, 2023, 20:03:29] Server poll timeout, trying next remote entry...
⏎[Oct 18, 2023, 20:03:29] EVENT: RECONNECTING ⏎[Oct 18, 2023, 20:03:29] EVENT: RESOLVE ⏎[Oct 18, 2023, 20:03:29] EVENT: WAIT ⏎[Oct 18, 2023, 20:03:29] WinCommandAgent: transmitting bypass route to 157.90.0.217
{
"host" : "157.90.0.217",
"ipv6" : false
}
⏎[Oct 18, 2023, 20:03:39] Server poll timeout, trying next remote entry...
Code: Select all
# ss -ltnp | grep openvpn
LISTEN 0 32 0.0.0.0:1194 0.0.0.0:* users:(("openvpn",pid=1799244,fd=7))
server.conf
1
port 1194
2
proto tcp
3
dev tun
4
user openvpn
5
group openvpn
6
persist-key
7
persist-tun
8
keepalive 10 120
9
topology subnet
10
server 10.8.0.0 255.255.255.0
11
ifconfig-pool-persist ipp.txt
12
push "dhcp-option DNS 8.8.8.8"
13
push "dhcp-option DNS 8.8.4.4"
14
push "redirect-gateway def1 bypass-dhcp"
15
dh none
16
ecdh-curve prime256v1
17
tls-crypt tls-crypt.key
18
crl-verify crl.pem
19
ca ca.crt
20
cert server_LzkU6MiZaTONwKz6.crt
21
key server_LzkU6MiZaTONwKz6.key
22
auth SHA256
23
cipher AES-128-GCM
24
ncp-ciphers AES-128-GCM
25
tls-server
26
tls-version-min 1.2
27
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
28
client-config-dir /etc/openvpn/ccd
29
status /var/log/openvpn/status.log
30
verb 3
/var/log/openvpn/status.log:
Code: Select all
OpenVPN CLIENT LIST
Updated,2023-10-18 23:40:07
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
Code: Select all
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-18 23:41 EEST
Nmap scan report for mail.obzor.lt (157.90.0.217)
Host is up (0.000034s latency).
PORT STATE SERVICE
1194/tcp open openvpn
Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Code: Select all
1194 * (openvpn)
Code: Select all
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-18 23:41 EEST
Nmap scan report for obzor.lt (157.90.0.217)
Host is up (0.0028s latency).
PORT STATE SERVICE
1194/tcp filtered openvpn
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
tcp.ovpn
1
client
2
proto tcp-client
3
remote 157.90.0.217 1194
4
dev tun
5
resolv-retry infinite
6
nobind
7
persist-key
8
persist-tun
9
remote-cert-tls server
10
verify-x509-name server_LzkU6MiZaTONwKz6 name
11
auth SHA256
12
auth-nocache
13
cipher AES-128-GCM
14
tls-client
15
tls-version-min 1.2
16
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
17
ignore-unknown-option block-outside-dns
18
setenv opt block-outside-dns
19
verb 3
20
<ca>
21
-----BEGIN CERTIFICATE-----
22
...
iptables -S:
Code: Select all
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A INPUT -i enp35s0 -p tcp -m tcp --dport 1194 -j ACCEPT
...
Code: Select all
2: enp35s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\ link/ether