my problem looks like this:
Code: Select all
Sun Mar 25 19:18:20 2018 NOTE: --user option is not implemented on Windows
Sun Mar 25 19:18:20 2018 NOTE: --group option is not implemented on Windows
Options error: Unrecognized option or missing or extra parameter(s) in client1.ovpn:135: < (2.4.5)
Use --help for more information.
My client1.ovpn config looks like this:
Code: Select all
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# script-security 2
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote CENSORED 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
user nobody
group nogroup
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
#ca ca.crt
#cert client.crt
#key client.key
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
auth SHA256
key-direction 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
comp-lzo
# Set log file verbosity.
verb 3
# Silence repeating messages
;mute 20
< ca >
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgIJAK2JJ65ISFs4MA0GCSqGSIb3DQEBCwUAMIHsMQswCQYD
VQQGEwJQTDEbMBkGA1UECBMSa3VqYXdza28tcG9tb3Jza2llMR0wGwYDVQQHExRB
bGVrc2FuZHJvdyBLdWphd3NraTEcMBoGA1UEChMTSmFuIEJvcm93aWNraSdzIFZQ
TjEyMDAGA1UECxMpSmFuJ3MgUGVyc29uYWwgVXNhZ2UgKGVkdWNhdGlvbiBwdXJw
b3NlcykxIDAeBgNVBAMTF25vbmUsIHBlcnNvbmFsIHVzYWdlIENBMQ8wDQYDVQQp
EwZzZXJ2ZXIxHDAaBgkqhkiG9w0BCQEWDWphc2l1NGRAd3AucGwwHhcNMTgwMzI1
MTYwNDQ1WhcNMjgwMzIyMTYwNDQ1WjCB7DELMAkGA1UEBhMCUEwxGzAZBgNVBAgT
Emt1amF3c2tvLXBvbW9yc2tpZTEdMBsGA1UEBxMUQWxla3NhbmRyb3cgS3VqYXdz
a2kxHDAaBgNVBAoTE0phbiBCb3Jvd2lja2kncyBWUE4xMjAwBgNVBAsTKUphbidz
IFBlcnNvbmFsIFVzYWdlIChlZHVjYXRpb24gcHVycG9zZXMpMSAwHgYDVQQDExdu
b25lLCBwZXJzb25hbCB1c2FnZSBDQTEPMA0GA1UEKRMGc2VydmVyMRwwGgYJKoZI
hvcNAQkBFg1qYXNpdTRkQHdwLnBsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA9CvDV+jUBE/5T+40zyhiLgfSl8zQxAwHFR+vwjxUQTG2VVtzmdF1suVa
uzQaGw4bSjM8BjrhMac5m1YDT7oKxPA2xkg0D1nZaGjSJb19nw7aRwwxqkWZ4QN5
8faBoxtEjQ8spEjKiz8XIDWmNDTXoqbWPy7IDFvIJgAbXYkSpJ8Jt+rbPagYEbKb
NHFubUcIYOAVZHDR3x1izCgQ+TvoETXTl61Gwqtkny6C+A/cY01jc+kgo5B5zn3v
L2eAA4jHBEhnypw+tahKxrbAzU3jzWWyOEXWgO9d1EMuyewje5GxXeCFJKbJXtQ6
QtLYcYbyOF3gzSi/2PoNxATgIyerWwIDAQABo4IBWDCCAVQwHQYDVR0OBBYEFDeC
KiLgw3ZWqvk0n7pSMTfQeHtLMIIBIwYDVR0jBIIBGjCCARaAFDeCKiLgw3ZWqvk0
n7pSMTfQeHtLoYHypIHvMIHsMQswCQYDVQQGEwJQTDEbMBkGA1UECBMSa3VqYXdz
a28tcG9tb3Jza2llMR0wGwYDVQQHExRBbGVrc2FuZHJvdyBLdWphd3NraTEcMBoG
A1UEChMTSmFuIEJvcm93aWNraSdzIFZQTjEyMDAGA1UECxMpSmFuJ3MgUGVyc29u
YWwgVXNhZ2UgKGVkdWNhdGlvbiBwdXJwb3NlcykxIDAeBgNVBAMTF25vbmUsIHBl
cnNvbmFsIHVzYWdlIENBMQ8wDQYDVQQpEwZzZXJ2ZXIxHDAaBgkqhkiG9w0BCQEW
DWphc2l1NGRAd3AucGyCCQCtiSeuSEhbODAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
DQEBCwUAA4IBAQCf7AR3j+7VPhWhJrXwh296dhY5gpqiXLMm7ZcsJV1g1eyOCcW/
Uduks+O5cp5w0ZtYJudZ0PXpchudgG0NsH9Go8oKyKMDimu6PsZVwHIk2BfR/GWQ
hLWj0FY6g/DIIFPh5YdqZxl4mtySa1//eLMYrUXgk0f3bD1xywkLN/WqYhTt7YOb
+s+zBTTVDRJ21EXoTRD4ZywqeR+OX1AnQkHMXmKIG2ZOOiYnYHulDDeA5zOns8ah
hy+vP8yT4LNkU54l70FC5yDL3JbFWUF+FErH/ITdwHuOkM3slIEG+FH2t8CLc6t5
NvVebBFRnIxe/B+GknAppg3CGH9s36IVyXj0
-----END CERTIFICATE-----
< /ca >
< /cert >
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=PL, ST=kujawsko-pomorskie, L=Aleksandrow Kujawski, O=Jan Borowicki's VPN, OU=Jan's Personal Usage (education purposes), CN=none, personal usage CA/name=server/emailAddress=jasiu4d@wp.pl
Validity
Not Before: Mar 25 16:11:39 2018 GMT
Not After : Mar 22 16:11:39 2028 GMT
Subject: C=PL, ST=kujawsko-pomorskie, L=Aleksandrow Kujawski, O=none, personal usage, OU=Jan's Personal Usage (education purposes), CN=client1/name=server/emailAddress=jasiu4d@wp.pl
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:da:9e:d4:1f:84:2f:6d:be:15:73:b5:87:0a:6e:
e3:e0:b0:55:7b:4a:a5:d7:f0:60:c7:5f:99:a5:3b:
be:2b:cc:09:88:de:5d:28:7a:90:6c:07:84:de:90:
78:c3:04:04:03:13:54:ef:90:d2:2a:68:96:77:25:
f6:bb:d1:21:85:d7:81:ce:b2:76:09:74:02:90:c8:
32:86:df:67:8e:60:10:b4:28:f1:d4:46:28:61:8b:
3e:4f:8f:6b:5d:59:8a:4b:d0:0d:e9:d4:37:c9:84:
af:43:9a:16:29:4b:52:a5:d9:7b:bb:d5:df:43:e1:
46:19:b3:2e:7d:d8:ed:cc:0b:87:49:e9:be:ef:6c:
e3:cc:4e:4b:fc:0d:c2:af:10:cd:8c:bd:df:ce:9d:
f3:8b:ac:48:11:2c:8e:95:c2:b1:a2:fa:59:f8:98:
70:29:6e:47:43:e9:8c:c5:52:58:43:87:60:54:13:
7a:df:50:e2:05:fc:48:3e:4b:0e:2c:86:ba:2a:09:
2f:fe:62:d1:57:0e:03:11:ca:14:28:6f:4b:58:ee:
21:dd:6d:34:e4:39:5b:62:47:0f:d9:c8:ea:b8:b7:
39:34:c1:41:e6:64:58:bb:3b:3b:62:1f:76:8e:57:
e4:f0:4c:ce:41:b9:fd:1f:6c:6b:2b:af:5e:74:c9:
5a:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
55:E3:3E:AB:19:27:04:30:EB:E3:70:4A:E1:84:2D:F2:A8:48:F0:2F
X509v3 Authority Key Identifier:
keyid:37:82:2A:22:E0:C3:76:56:AA:F9:34:9F:BA:52:31:37:D0:78:7B:4B
DirName:/C=PL/ST=kujawsko-pomorskie/L=Aleksandrow Kujawski/O=Jan Borowicki's VPN/OU=Jan's Personal Usage (education purposes)/CN=none, personal usage CA/name=server/emailAddress=jasiu4d@wp.pl
serial:AD:89:27:AE:48:48:5B:38
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client1
Signature Algorithm: sha256WithRSAEncryption
d9:7b:88:30:d0:85:e1:da:79:a6:11:86:8f:3c:9e:be:41:52:
b8:87:fa:e5:23:5d:56:a8:fb:9e:4d:06:32:31:f7:86:73:15:
5a:b5:7c:5b:89:ca:3f:84:6f:8a:b8:31:59:01:3a:d2:ba:b4:
34:7c:51:5e:d5:56:5b:0f:78:91:fd:6d:98:60:05:b3:04:1c:
4f:bd:df:9d:dd:07:14:49:23:68:a5:a1:d7:91:ca:9d:55:b0:
34:50:cb:33:b4:31:3a:e2:6c:fc:ad:8f:31:f5:fa:87:2c:7f:
ab:99:68:d5:69:88:99:37:b5:9c:0a:35:70:27:df:d9:77:db:
7f:58:6a:15:60:27:4f:3f:8c:bb:81:b6:c7:aa:db:2e:67:a2:
08:e3:bd:d1:43:00:02:e7:34:ee:ce:89:87:de:da:13:d9:f8:
0b:e7:a7:83:21:c6:21:e2:94:72:bc:78:25:20:aa:f4:d9:fa:
34:14:af:7c:98:50:ff:7f:45:85:29:55:7b:2f:73:cd:9a:ab:
4a:fc:5b:31:af:98:db:b9:24:c3:a6:18:7c:b3:85:56:2a:d2:
0c:84:a3:c5:cd:2f:66:b2:97:f9:c6:33:af:4c:64:e8:56:4b:
6d:85:e0:f3:a2:e9:3e:8d:5c:65:e8:ee:cc:52:a6:48:85:96:
2a:dc:d8:b4
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCB7DELMAkGA1UEBhMCUEwx
GzAZBgNVBAgTEmt1amF3c2tvLXBvbW9yc2tpZTEdMBsGA1UEBxMUQWxla3NhbmRy
b3cgS3VqYXdza2kxHDAaBgNVBAoTE0phbiBCb3Jvd2lja2kncyBWUE4xMjAwBgNV
BAsTKUphbidzIFBlcnNvbmFsIFVzYWdlIChlZHVjYXRpb24gcHVycG9zZXMpMSAw
HgYDVQQDExdub25lLCBwZXJzb25hbCB1c2FnZSBDQTEPMA0GA1UEKRMGc2VydmVy
MRwwGgYJKoZIhvcNAQkBFg1qYXNpdTRkQHdwLnBsMB4XDTE4MDMyNTE2MTEzOVoX
DTI4MDMyMjE2MTEzOVowgd0xCzAJBgNVBAYTAlBMMRswGQYDVQQIExJrdWphd3Nr
by1wb21vcnNraWUxHTAbBgNVBAcTFEFsZWtzYW5kcm93IEt1amF3c2tpMR0wGwYD
VQQKExRub25lLCBwZXJzb25hbCB1c2FnZTEyMDAGA1UECxMpSmFuJ3MgUGVyc29u
YWwgVXNhZ2UgKGVkdWNhdGlvbiBwdXJwb3NlcykxEDAOBgNVBAMTB2NsaWVudDEx
DzANBgNVBCkTBnNlcnZlcjEcMBoGCSqGSIb3DQEJARYNamFzaXU0ZEB3cC5wbDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANqe1B+EL22+FXO1hwpu4+Cw
VXtKpdfwYMdfmaU7vivMCYjeXSh6kGwHhN6QeMMEBAMTVO+Q0ipolncl9rvRIYXX
gc6ydgl0ApDIMobfZ45gELQo8dRGKGGLPk+Pa11ZikvQDenUN8mEr0OaFilLUqXZ
e7vV30PhRhmzLn3Y7cwLh0npvu9s48xOS/wNwq8QzYy9386d84usSBEsjpXCsaL6
WfiYcCluR0PpjMVSWEOHYFQTet9Q4gX8SD5LDiyGuioJL/5i0VcOAxHKFChvS1ju
Id1tNOQ5W2JHD9nI6ri3OTTBQeZkWLs7O2Ifdo5X5PBMzkG5/R9sayuvXnTJWgUC
AwEAAaOCAbowggG2MAkGA1UdEwQCMAAwLQYJYIZIAYb4QgENBCAWHkVhc3ktUlNB
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUVeM+qxknBDDr43BK4YQt
8qhI8C8wggEjBgNVHSMEggEaMIIBFoAUN4IqIuDDdlaq+TSfulIxN9B4e0uhgfKk
ge8wgewxCzAJBgNVBAYTAlBMMRswGQYDVQQIExJrdWphd3Nrby1wb21vcnNraWUx
HTAbBgNVBAcTFEFsZWtzYW5kcm93IEt1amF3c2tpMRwwGgYDVQQKExNKYW4gQm9y
b3dpY2tpJ3MgVlBOMTIwMAYDVQQLEylKYW4ncyBQZXJzb25hbCBVc2FnZSAoZWR1
Y2F0aW9uIHB1cnBvc2VzKTEgMB4GA1UEAxMXbm9uZSwgcGVyc29uYWwgdXNhZ2Ug
Q0ExDzANBgNVBCkTBnNlcnZlcjEcMBoGCSqGSIb3DQEJARYNamFzaXU0ZEB3cC5w
bIIJAK2JJ65ISFs4MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDAS
BgNVHREECzAJggdjbGllbnQxMA0GCSqGSIb3DQEBCwUAA4IBAQDZe4gw0IXh2nmm
EYaPPJ6+QVK4h/rlI11WqPueTQYyMfeGcxVatXxbico/hG+KuDFZATrSurQ0fFFe
1VZbD3iR/W2YYAWzBBxPvd+d3QcUSSNopaHXkcqdVbA0UMsztDE64mz8rY8x9fqH
LH+rmWjVaYiZN7WcCjVwJ9/Zd9t/WGoVYCdPP4y7gbbHqtsuZ6II473RQwAC5zTu
zomH3toT2fgL56eDIcYh4pRyvHglIKr02fo0FK98mFD/f0WFKVV7L3PNmqtK/Fsx
r5jbuSTDphh8s4VWKtIMhKPFzS9mspf5xjOvTGToVkttheDzouk+jVxl6O7MUqZI
hZYq3Ni0
-----END CERTIFICATE-----
< /cert >
< /key >
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIjY42yubaUP4CAggA
MBQGCCqGSIb3DQMHBAiAQ6UzJ1MdWwSCBMgcqeytevhrC7KJZxvHLyPvjgbmEUKh
rbi7yHtOD+XcKYY0Tl2gXXIPLkYVz/TSfhW/FbVNBIZy19fvW81IDijYm2gZY8mc
rki/VgjRvJ+7zbpXvKUGQL1zRv1yVQF4nDeQ9gvA2J/wKhhDL+2rpzfX+Bju24X7
FOV3ltCoJJNCOPsyPEZXhn2JAzNsoyh+VNtmoKuCbcebUtVf87RshZNgzdgAQQ+A
9xCI8pUjBDwrtedwlcuEe5WtgDxFE2m3x7V+2+jUZiHTSC3dUFVLHyTCsWU2gNDp
JI6kiXB/Zx0ABv1CS92D2OLC71H1b17xnr9rjf1U7ZL3RBlViNvGg6safvp0Z/4Q
MS/G9in1lcDGNkiUm3f4bOVohR0ccFd7n4elpvYFwSNc6i/gdYkHAZD8026A1L+h
xNmhNMAYEbQdv05g0xV/eb3ssVHsvsG/QmsFzkhnO1JVEfs2w7P05xMmpSvyXGvN
QDlmVnzohq4QmXPOKbY/XKxbmPwZVqjK3jrH6sDu4/U6S46euvL8f9Qoq4qffXff
LGxMglgRjfDyoQlerSNae/KRFGaPjE5fnvR49dJG9sLlZpJuXWPy0nYXJTHAk9Mc
Y7WR+WIHeuSrsENlwoZbEPUsbquTbI+ZPGsro3XqlfRvXhKmWuEDxuK+HlLeyoY8
oc5ZPXrZNs4b3hXoSBU6goI1lrJC0jl0jaI9lU+2w7/zTY7bvDLBJcCxCV/PIvNx
eWvAVsRCJg2s7/fzK239CYH8KEOBgI+iW3YsmyPuhO/esXyvWVyfLkorP67QtNn0
w5BdEeybcngZ+/plgouDQZRono4gj9svoCrthx2O0sZei29kFUD9M8sR+fbr6Mvr
Xn7bcyP0sb/RlLM+QFAXk45FZRt17/kOSNzqftK1aLniqU8324i0kOz44T9AnxtS
NhIsFsYmDHBLw0zmQFD0RU6TjS6H8/gQr27jsvzWnN9K4Jgbgn8M+o6Hnxudrqf7
i/kNLnhVSUFttecnSR0IHxHOatgfFtK/Jv6U/Ugmh+FKHp3RxDpzJVirH6Ukbwl7
g8/NuSEY7aEdHGwIHNAVBHGY1WCzKojLdm5f4y68Kfz6K5+mhoktrrdMpI2AqOZ+
ckks4EtS5Okh7HOQa7szfWfYKA4BrPP4qlbIktsRaitoRl2GcThhKW95Qod9bgVt
v4OcOTWHPMZn6LgQx/DnvmZapizUMBq2ychxMxOAcv28ocEMObJkiJjbME9eNeqR
LXxvhvpNRE+4LhF5+LNSe0F2CKBt0q8PAGGMjCYB/TfoeJagwbyFm2Vsltslnq3Q
4MQTUG8x5k3iiXIr1LS3kRclhreJC+yT2gjJZeOhDN/KtGJHYGzXuoV7dqsUBfa1
vvFhKOe89FPoHaaMeTnL5L2VjmlI3YcjyKepLX4/GIOfWXMSJw9NLyCmnPAztT8m
u3HK1SNVwRf5gdiKBoDLReOqzQYbpPqkQKmwZNFZyIj/BXrSu3qlTcvjnV50c3Yh
sbuFGQyO04Pf+/WH2Rw7z/xDtPNwjBOl96xAk9cntEL4q+pxiDWENqa1ziLEJUHa
67tTqNatbttUPl84C3I9DueS1nPF/6GtpHgdiQOP8xNOie+tRAq7XlKeQJL9PxOT
HJg=
-----END ENCRYPTED PRIVATE KEY-----
< /key >
< /tls-auth >
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
ec6843be9c2dd3f49ff069fe1c29d90c
7a1ee3fec456639b7398aa6c342fa448
53a3c26fc976156126bd060c155e96da
865057221edeb322ae825ee53f844503
797f2356ea41e3449c1fa673b12798f6
fea1a322299dd6c61895beda4fd784f8
4a56b5ea7dfe9a34a3418b69690180bf
12deaf5dc4ce0315441c276b3bb62278
2e4f300b8822318fea02e247c6f0a224
d16ee1a5d397a48e4e6167c2adaece3b
19b012978f7d04c22e86ebc6ddc1216d
a91d2117aabbc8248194b371aa0b9427
8c79088bad97f2f0ffd61e84c0b8a456
b542251901a7ffe9361fa553dc8bc4c8
adbcf9c6c7b6cc54191f4146a3f29237
735286b50c2288f02d0ef50cde33c556
-----END OpenVPN Static key V1-----
< /tls-auth >
Code: Select all
user nobody
group nogroup