windows 10 server vpn

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
williansilvano
OpenVpn Newbie
Posts: 2
Joined: Fri Jan 20, 2023 6:36 pm

windows 10 server vpn

Post by williansilvano » Fri Jan 20, 2023 6:43 pm

Hello friends

I'm having trouble creating an openvpn server on windows 10

I installed openvpn 2.5.8 in windows 10

to generate the certificates , follow the steps below
SERVER:

cd C:\Program Files\OpenVPN\easy-rsa
EasyRSA-Start.bat
./easyrsa init-pki
./easyrsa build-ca nopass na pergunta usar netvp
./easyrsa build-server-full server nopass
./easyrsa gen-dh

server.ovpn:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.20.30.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

is client.ovpn

client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
comp-lzo
verb 3
proto udp
remote 179.109.84.38 1194
--remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
#tls-auth ca.key 1
---------------------------------------------------------------------

but on the client it does not connect

is log client :

Fri Jan 20 15:40:16 2023 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Jan 20 15:40:16 2023 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Fri Jan 20 15:40:16 2023 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
Fri Jan 20 15:40:16 2023 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Jan 20 15:40:16 2023 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
Fri Jan 20 15:40:16 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Jan 20 15:40:16 2023 Need hold release from management interface, waiting...
Fri Jan 20 15:40:17 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'state on'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'log on all'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'echo on all'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'bytecount 5'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'state'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'hold off'
Fri Jan 20 15:40:17 2023 MANAGEMENT: CMD 'hold release'
Fri Jan 20 15:40:17 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jan 20 15:40:17 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:40:17 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 20 15:40:17 2023 UDP link local: (not bound)
Fri Jan 20 15:40:17 2023 UDP link remote: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:40:17 2023 MANAGEMENT: >STATE:1674240017,WAIT,,,,,,
Fri Jan 20 15:41:17 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 20 15:41:17 2023 TLS Error: TLS handshake failed
Fri Jan 20 15:41:17 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 20 15:41:17 2023 MANAGEMENT: >STATE:1674240077,RECONNECTING,tls-error,,,,,
Fri Jan 20 15:41:17 2023 Restart pause, 5 second(s)
Fri Jan 20 15:41:22 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jan 20 15:41:22 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:41:22 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 20 15:41:22 2023 UDP link local: (not bound)
Fri Jan 20 15:41:22 2023 UDP link remote: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:41:22 2023 MANAGEMENT: >STATE:1674240082,WAIT,,,,,,
Fri Jan 20 15:42:23 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 20 15:42:23 2023 TLS Error: TLS handshake failed
Fri Jan 20 15:42:23 2023 SIGUSR1[soft,tls-error] received, process restarting
Fri Jan 20 15:42:23 2023 MANAGEMENT: >STATE:1674240143,RECONNECTING,tls-error,,,,,
Fri Jan 20 15:42:23 2023 Restart pause, 5 second(s)
Fri Jan 20 15:42:28 2023 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Fri Jan 20 15:42:28 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:42:28 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Jan 20 15:42:28 2023 UDP link local: (not bound)
Fri Jan 20 15:42:28 2023 UDP link remote: [AF_INET]179.109.84.38:1194
Fri Jan 20 15:42:28 2023 MANAGEMENT: >STATE:1674240148,WAIT,,,,,,


would anyone have any tips

lmipbtr
OpenVpn Newbie
Posts: 12
Joined: Mon Dec 05, 2022 9:47 am

Re: windows 10 server vpn

Post by lmipbtr » Mon Jan 23, 2023 11:31 am

Where have you saved the ca.crt, server.crt, server.key & dh.pem files?

williansilvano
OpenVpn Newbie
Posts: 2
Joined: Fri Jan 20, 2023 6:36 pm

Re: windows 10 server vpn

Post by williansilvano » Tue Jan 24, 2023 5:33 pm

C:\Program Files\OpenVPN\config
and
C:\Program Files\OpenVPN\config-auto

lmipbtr
OpenVpn Newbie
Posts: 12
Joined: Mon Dec 05, 2022 9:47 am

Re: windows 10 server vpn

Post by lmipbtr » Thu Jan 26, 2023 8:13 am

What is config-auto dir for and which files are stored there? I haven't come across that one before.

Don't you need to specify the path to these keys and certs in your config file?

Post Reply