Different tools on the server-side (ss -lntp, nmap) tell that it works, but I could not connect using OpenVPN connect client program for Windows.
I tried to reinstall it several times with different options using the script above, I tried UDP and TCP versions. No luck.
OpenVPN Connect Log File:
Code: Select all
⏎[Oct 18, 2023, 20:03:19] EVENT: RESOLVE ⏎[Oct 18, 2023, 20:03:19] EVENT: WAIT ⏎[Oct 18, 2023, 20:03:19] WinCommandAgent: transmitting bypass route to 157.90.0.217
{
"host" : "157.90.0.217",
"ipv6" : false
}
⏎[Oct 18, 2023, 20:03:29] Server poll timeout, trying next remote entry...
⏎[Oct 18, 2023, 20:03:29] EVENT: RECONNECTING ⏎[Oct 18, 2023, 20:03:29] EVENT: RESOLVE ⏎[Oct 18, 2023, 20:03:29] EVENT: WAIT ⏎[Oct 18, 2023, 20:03:29] WinCommandAgent: transmitting bypass route to 157.90.0.217
{
"host" : "157.90.0.217",
"ipv6" : false
}
⏎[Oct 18, 2023, 20:03:39] Server poll timeout, trying next remote entry...
Code: Select all
# ss -ltnp | grep openvpn
LISTEN 0 32 0.0.0.0:1194 0.0.0.0:* users:(("openvpn",pid=1799244,fd=7))
server.conf
port 1194
proto tcp
dev tun
user openvpn
group openvpn
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_LzkU6MiZaTONwKz6.crt
key server_LzkU6MiZaTONwKz6.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3
/var/log/openvpn/status.log:
Code: Select all
OpenVPN CLIENT LIST
Updated,2023-10-18 23:40:07
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
GLOBAL STATS
Max bcast/mcast queue length,0
END
Code: Select all
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-18 23:41 EEST
Nmap scan report for mail.obzor.lt (157.90.0.217)
Host is up (0.000034s latency).
PORT STATE SERVICE
1194/tcp open openvpn
Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
Code: Select all
1194 * (openvpn)
Code: Select all
Starting Nmap 7.80 ( https://nmap.org ) at 2023-10-18 23:41 EEST
Nmap scan report for obzor.lt (157.90.0.217)
Host is up (0.0028s latency).
PORT STATE SERVICE
1194/tcp filtered openvpn
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
tcp.ovpn
client
proto tcp-client
remote 157.90.0.217 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_LzkU6MiZaTONwKz6 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
iptables -S:
Code: Select all
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A INPUT -i enp35s0 -p tcp -m tcp --dport 1194 -j ACCEPT
...
Code: Select all
2: enp35s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\ link/ether