Hello friends
I'm having trouble creating an openvpn server on windows 10
I installed openvpn 2.5.8 in windows 10
to generate the certificates , follow the steps below
SERVER:
cd C:\Program Files\OpenVPN\easy-rsa
EasyRSA-Start.bat
./easyrsa init-pki
./easyrsa build-ca nopass na pergunta usar netvp
./easyrsa build-server-full server nopass
./easyrsa gen-dh
server.ovpn:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.20.30.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
is client.ovpn
client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
comp-lzo
verb 3
proto udp
remote 179.109.84.38 1194
--remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
#tls-auth ca.key 1
---------------------------------------------------------------------
but on the client it does not connect
is log client :
Fri Jan 20 15:40:16 2023 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Jan 20 15:40:16 2023 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Fri Jan 20 15:40:16 2023 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
Fri Jan 20 15:40:16 2023 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Jan 20 15:40:16 2023 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
Fri Jan 20 15:40:16 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jan 20 15:40:16 2023 Need hold release from management interface, waiting...
Fri Jan 20 15:40:17 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'state on'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'log on all'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'echo on all'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'bytecount 5'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'state'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'hold off'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'hold release'
Fri Jan 20 15:40:17 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jan 20 15:40:17 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:40:17 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 20 15:40:17 2023 UDP link local: (not bound)
Fri Jan 20 15:40:17 2023 UDP link remote: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:40:17 2023 MANAGEMENT: >STATE:1674240017,WAIT,,,,,,
Fri Jan 20 15:41:17 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 20 15:41:17 2023 TLS Error: TLS handshake failed
Fri Jan 20 15:41:17 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 20 15:41:17 2023 MANAGEMENT: >STATE:1674240077,RECONNECTING,tls-error,,,,,
Fri Jan 20 15:41:17 2023 Restart pause, 5 second(s)
Fri Jan 20 15:41:22 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jan 20 15:41:22 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:41:22 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 20 15:41:22 2023 UDP link local: (not bound)
Fri Jan 20 15:41:22 2023 UDP link remote: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:41:22 2023 MANAGEMENT: >STATE:1674240082,WAIT,,,,,,
Fri Jan 20 15:42:23 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 20 15:42:23 2023 TLS Error: TLS handshake failed
Fri Jan 20 15:42:23 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 20 15:42:23 2023 MANAGEMENT: >STATE:1674240143,RECONNECTING,tls-error,,,,,
Fri Jan 20 15:42:23 2023 Restart pause, 5 second(s)
Fri Jan 20 15:42:28 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jan 20 15:42:28 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:42:28 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 20 15:42:28 2023 UDP link local: (not bound)
Fri Jan 20 15:42:28 2023 UDP link remote: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:42:28 2023 MANAGEMENT: >STATE:1674240148,WAIT,,,,,,
would anyone have any tips
windows 10 server vpn
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 12
- Joined: Mon Dec 05, 2022 9:47 am
Re: windows 10 server vpn
Where have you saved the ca.crt, server.crt, server.key & dh.pem files?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri Jan 20, 2023 6:36 pm
Re: windows 10 server vpn
C:\Program Files\OpenVPN\config
and
C:\Program Files\OpenVPN\config-auto
and
C:\Program Files\OpenVPN\config-auto
-
- OpenVpn Newbie
- Posts: 12
- Joined: Mon Dec 05, 2022 9:47 am
Re: windows 10 server vpn
What is config-auto dir for and which files are stored there? I haven't come across that one before.
Don't you need to specify the path to these keys and certs in your config file?
Don't you need to specify the path to these keys and certs in your config file?