my openvpn server isn't working.
Code: Select all
# uname -a
Linux srv192111 5.4.0-120-generic #136-Ubuntu SMP Fri Jun 10 13:40:48 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
server conf:
server
port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_mpElALbDFIeqtYR8.crt
key server_mpElALbDFIeqtYR8.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 4
duplicate-cn
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 94.140.14.14"
push "dhcp-option DNS 94.140.15.15"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_mpElALbDFIeqtYR8.crt
key server_mpElALbDFIeqtYR8.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 4
duplicate-cn
server network:
Code: Select all
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 154.91.170.35 netmask 255.255.255.0 broadcast 154.91.170.255
inet6 fe80::89e:e7ff:fef7:7e5b prefixlen 64 scopeid 0x20<link>
ether 0a:9e:e7:f7:7e:5b txqueuelen 1000 (Ethernet)
RX packets 24686 bytes 2626992 (2.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14718 bytes 2260641 (2.2 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 118 bytes 9807 (9.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 118 bytes 9807 (9.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.0 destination 10.8.0.1
inet6 fe80::34f4:b066:a071:885d prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 384 (384.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Code: Select all
# systemctl status openvpn@server.service
● openvpn@server.service - OpenVPN connection to server
Loaded: loaded (/etc/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-06-18 12:34:09 CEST; 31s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 4254 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 1131)
Memory: 1.4M
CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
└─4254 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid
Jun 18 12:34:32 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: packet replay
Jun 18 12:34:32 srv192111 ovpn-server[4254]: 2.191.186.160:62700 TLS Error: tls-crypt unwrapping failed from [AF_INET]2.191.186.160:62700
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 PID_ERR replay [0] [TLS_WRAP-0] [4] 1655548467:1 1655548467:1 t=1655548473[0] r=[-4,64,15,0,1] sl=[63,1,64,528]
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: bad packet ID (may be a replay): [ #1 / time = (1655548467) Sat Jun 18 12:34:27 2022 ] -- see the man page entry for --no-replay and --replay-windo>
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: packet replay
Jun 18 12:34:33 srv192111 ovpn-server[4254]: 2.191.186.160:62700 TLS Error: tls-crypt unwrapping failed from [AF_INET]2.191.186.160:62700
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 PID_ERR replay [0] [TLS_WRAP-0] [5] 1655548467:1 1655548467:1 t=1655548474[0] r=[0,64,15,0,1] sl=[63,1,64,528]
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: bad packet ID (may be a replay): [ #1 / time = (1655548467) Sat Jun 18 12:34:27 2022 ] -- see the man page entry for --no-replay and --replay-windo>
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 tls-crypt unwrap error: packet replay
Jun 18 12:34:34 srv192111 ovpn-server[4254]: 2.191.186.160:62700 TLS Error: tls-crypt unwrapping failed from [AF_INET]2.191.186.160:62700
Client
client conf:
client
client
proto udp
explicit-exit-notify
remote HIDE 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_mpElALbDFIeqtYR8 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
HIDE
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
HIDE
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
HIDE
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
HIDE
-----END OpenVPN Static key V1-----
</tls-crypt>
proto udp
explicit-exit-notify
remote HIDE 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_mpElALbDFIeqtYR8 name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
<ca>
-----BEGIN CERTIFICATE-----
HIDE
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
HIDE
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
HIDE
-----END PRIVATE KEY-----
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
HIDE
-----END OpenVPN Static key V1-----
</tls-crypt>
plz help me
Have you taken any steps towards solving your issue?
yes
searched a lot and nothing found
Tried reinstalling multiple times but get the same error