The fix for this was that when I edited my client.conf, it wasn't actually updating in OpenVPN client. It was still reading settings from a old config.
I fixed it by renaming my client.conf and removing the profile, then re-adding it. Weirdly enough it worked, this was also the problem for when I was changing my cipher to AES-256-CBC, it was saving for the default BF-128 cipher. So this little weird thing fixed a lot of problems for me.
But now I am trying to harden my server from attacks or what it be. Reading the documentation it says 'tls-auth' is something highly recommended. So when I went ahead and tried it, I ran into the following problem.
Code: Select all
Mon Jul 23 09:28:05 2012 us=786000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jul 23 09:28:05 2012 us=786000 TLS Error: TLS handshake failed
Mon Jul 23 09:28:05 2012 us=786000 TCP/UDP: Closing socket
Mon Jul 23 09:28:05 2012 us=786000 SIGUSR1[soft,tls-error] received, process restarting
Mon Jul 23 09:28:05 2012 us=786000 MANAGEMENT: >STATE:1343053685,RECONNECTING,tls-error,,
Code: Select all
Mon Jul 23 09:26:59 2012 us=688000 Note: option http-proxy-fallback ignored because no TCP-based connection profiles are defined
Mon Jul 23 09:26:59 2012 us=688000 Current Parameter Settings:
Mon Jul 23 09:26:59 2012 us=688000 config = 'stdin'
Mon Jul 23 09:26:59 2012 us=688000 mode = 0
Mon Jul 23 09:26:59 2012 us=688000 show_ciphers = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 show_digests = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 show_engines = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 genkey = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 key_pass_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 show_tls_ciphers = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 Connection profiles [default]:
Mon Jul 23 09:26:59 2012 us=688000 proto = udp
Mon Jul 23 09:26:59 2012 us=688000 local = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 local_port = 1194
Mon Jul 23 09:26:59 2012 us=688000 remote = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 remote_port = 1194
Mon Jul 23 09:26:59 2012 us=688000 remote_float = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 bind_defined = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 bind_local = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 connect_retry_seconds = 5
Mon Jul 23 09:26:59 2012 us=688000 connect_timeout = 10
Mon Jul 23 09:26:59 2012 us=688000 connect_retry_max = 0
Mon Jul 23 09:26:59 2012 us=688000 socks_proxy_server = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 socks_proxy_port = 0
Mon Jul 23 09:26:59 2012 us=688000 socks_proxy_retry = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 Connection profiles [0]:
Mon Jul 23 09:26:59 2012 us=688000 proto = udp
Mon Jul 23 09:26:59 2012 us=688000 local = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 local_port = 0
Mon Jul 23 09:26:59 2012 us=688000 remote = 'XXX.XXX.XXX.XXX'
Mon Jul 23 09:26:59 2012 us=688000 remote_port = 1194
Mon Jul 23 09:26:59 2012 us=688000 remote_float = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 bind_defined = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 bind_local = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 connect_retry_seconds = 5
Mon Jul 23 09:26:59 2012 us=688000 connect_timeout = 10
Mon Jul 23 09:26:59 2012 us=688000 connect_retry_max = 0
Mon Jul 23 09:26:59 2012 us=688000 socks_proxy_server = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 socks_proxy_port = 0
Mon Jul 23 09:26:59 2012 us=688000 socks_proxy_retry = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 Connection profiles END
Mon Jul 23 09:26:59 2012 us=688000 remote_random = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 ipchange = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 dev = 'tun'
Mon Jul 23 09:26:59 2012 us=688000 dev_type = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 dev_node = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 lladdr = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 topology = 1
Mon Jul 23 09:26:59 2012 us=688000 tun_ipv6 = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 ifconfig_local = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 ifconfig_remote_netmask = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 ifconfig_noexec = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 ifconfig_nowarn = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 shaper = 0
Mon Jul 23 09:26:59 2012 us=688000 tun_mtu = 1500
Mon Jul 23 09:26:59 2012 us=688000 tun_mtu_defined = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 link_mtu = 1500
Mon Jul 23 09:26:59 2012 us=688000 link_mtu_defined = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 tun_mtu_extra = 0
Mon Jul 23 09:26:59 2012 us=688000 tun_mtu_extra_defined = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 fragment = 0
Mon Jul 23 09:26:59 2012 us=688000 mtu_discover_type = -1
Mon Jul 23 09:26:59 2012 us=688000 mtu_test = 0
Mon Jul 23 09:26:59 2012 us=688000 mlock = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 keepalive_ping = 0
Mon Jul 23 09:26:59 2012 us=688000 keepalive_timeout = 0
Mon Jul 23 09:26:59 2012 us=688000 inactivity_timeout = 0
Mon Jul 23 09:26:59 2012 us=688000 ping_send_timeout = 0
Mon Jul 23 09:26:59 2012 us=688000 ping_rec_timeout = 0
Mon Jul 23 09:26:59 2012 us=688000 ping_rec_timeout_action = 0
Mon Jul 23 09:26:59 2012 us=688000 ping_timer_remote = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 remap_sigusr1 = 0
Mon Jul 23 09:26:59 2012 us=688000 explicit_exit_notification = 0
Mon Jul 23 09:26:59 2012 us=688000 persist_tun = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 persist_local_ip = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 persist_remote_ip = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 persist_key = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 mssfix = 1450
Mon Jul 23 09:26:59 2012 us=688000 resolve_retry_seconds = 1000000000
Mon Jul 23 09:26:59 2012 us=688000 username = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 groupname = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 chroot_dir = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 cd_dir = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 writepid = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 up_script = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 down_script = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 down_pre = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 up_restart = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 up_delay = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 daemon = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 inetd = 0
Mon Jul 23 09:26:59 2012 us=688000 log = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 suppress_timestamps = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 nice = 0
Mon Jul 23 09:26:59 2012 us=688000 verbosity = 5
Mon Jul 23 09:26:59 2012 us=688000 mute = 0
Mon Jul 23 09:26:59 2012 us=688000 gremlin = 0
Mon Jul 23 09:26:59 2012 us=688000 status_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 status_file_version = 1
Mon Jul 23 09:26:59 2012 us=688000 status_file_update_freq = 60
Mon Jul 23 09:26:59 2012 us=688000 occ = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 rcvbuf = 0
Mon Jul 23 09:26:59 2012 us=688000 sndbuf = 0
Mon Jul 23 09:26:59 2012 us=688000 sockflags = 0
Mon Jul 23 09:26:59 2012 us=688000 fast_io = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 lzo = 7
Mon Jul 23 09:26:59 2012 us=688000 route_script = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 route_default_gateway = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 route_default_metric = 0
Mon Jul 23 09:26:59 2012 us=688000 route_noexec = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 route_delay = 5
Mon Jul 23 09:26:59 2012 us=688000 route_delay_window = 30
Mon Jul 23 09:26:59 2012 us=688000 route_delay_defined = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 route_nopull = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 route_gateway_via_dhcp = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 max_routes = 100
Mon Jul 23 09:26:59 2012 us=688000 allow_pull_fqdn = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 management_addr = '127.0.0.1'
Mon Jul 23 09:26:59 2012 us=688000 management_port = 37695
Mon Jul 23 09:26:59 2012 us=688000 management_user_pass = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 management_log_history_cache = 250
Mon Jul 23 09:26:59 2012 us=688000 management_echo_buffer_size = 100
Mon Jul 23 09:26:59 2012 us=688000 management_write_peer_info_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 management_client_user = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 management_client_group = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 management_flags = 38
Mon Jul 23 09:26:59 2012 us=688000 shared_secret_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 key_direction = 0
Mon Jul 23 09:26:59 2012 us=688000 ciphername_defined = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 ciphername = 'AES-256-CBC'
Mon Jul 23 09:26:59 2012 us=688000 authname_defined = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 authname = 'SHA1'
Mon Jul 23 09:26:59 2012 us=688000 prng_hash = 'SHA1'
Mon Jul 23 09:26:59 2012 us=688000 prng_nonce_secret_len = 16
Mon Jul 23 09:26:59 2012 us=688000 keysize = 0
Mon Jul 23 09:26:59 2012 us=688000 engine = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 replay = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 mute_replay_warnings = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 replay_window = 64
Mon Jul 23 09:26:59 2012 us=688000 replay_time = 15
Mon Jul 23 09:26:59 2012 us=688000 packet_id_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 use_iv = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 test_crypto = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 tls_server = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 tls_client = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 key_method = 2
Mon Jul 23 09:26:59 2012 us=688000 ca_file = '[[INLINE]]'
Mon Jul 23 09:26:59 2012 us=688000 ca_path = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 dh_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 cert_file = '[[INLINE]]'
Mon Jul 23 09:26:59 2012 us=688000 priv_key_file = '[[INLINE]]'
Mon Jul 23 09:26:59 2012 us=688000 pkcs12_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 cryptoapi_cert = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 cipher_list = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 tls_verify = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 tls_remote = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 crl_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 ns_cert_type = 64
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_ku[i] = 0
Mon Jul 23 09:26:59 2012 us=688000 remote_cert_eku = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 tls_timeout = 2
Mon Jul 23 09:26:59 2012 us=688000 renegotiate_bytes = 0
Mon Jul 23 09:26:59 2012 us=688000 renegotiate_packets = 0
Mon Jul 23 09:26:59 2012 us=688000 renegotiate_seconds = 3600
Mon Jul 23 09:26:59 2012 us=688000 handshake_window = 60
Mon Jul 23 09:26:59 2012 us=688000 transition_window = 3600
Mon Jul 23 09:26:59 2012 us=688000 single_session = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 push_peer_info = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 tls_exit = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 tls_auth_file = '[[INLINE]]'
Mon Jul 23 09:26:59 2012 us=688000 client = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 pull = ENABLED
Mon Jul 23 09:26:59 2012 us=688000 auth_user_pass_file = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 show_net_up = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 route_method = 0
Mon Jul 23 09:26:59 2012 us=688000 ip_win32_defined = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 ip_win32_type = 3
Mon Jul 23 09:26:59 2012 us=688000 dhcp_masq_offset = 0
Mon Jul 23 09:26:59 2012 us=688000 dhcp_lease_time = 31536000
Mon Jul 23 09:26:59 2012 us=688000 tap_sleep = 0
Mon Jul 23 09:26:59 2012 us=688000 dhcp_options = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 dhcp_renew = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 dhcp_pre_release = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 dhcp_release = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 domain = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 netbios_scope = '[UNDEF]'
Mon Jul 23 09:26:59 2012 us=688000 netbios_node_type = 0
Mon Jul 23 09:26:59 2012 us=688000 disable_nbt = DISABLED
Mon Jul 23 09:26:59 2012 us=688000 OpenVPNAS 2.1.1oOAS Win32-MSVC++ [SSL] [LZO2] built on Jul 29 2010
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: Connected to management server at 127.0.0.1:37695
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: CMD 'log on'
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: CMD 'state on'
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: CMD 'echo on'
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: CMD 'bytecount 5'
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: CMD 'hold off'
Mon Jul 23 09:26:59 2012 us=688000 MANAGEMENT: CMD 'hold release'
Mon Jul 23 09:26:59 2012 us=688000 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jul 23 09:27:05 2012 us=210000 MANAGEMENT: CMD 'username "Private Key" "client1"'
Mon Jul 23 09:27:05 2012 us=210000 MANAGEMENT: CMD 'password [...]'
Mon Jul 23 09:27:05 2012 us=210000 Control Channel Authentication: tls-auth using INLINE static key file
Mon Jul 23 09:27:05 2012 us=210000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 23 09:27:05 2012 us=210000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Jul 23 09:27:05 2012 us=210000 LZO compression initialized
Mon Jul 23 09:27:05 2012 us=210000 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Jul 23 09:27:05 2012 us=226000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jul 23 09:27:05 2012 us=226000 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 09:27:05 2012 us=226000 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jul 23 09:27:05 2012 us=226000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jul 23 09:27:05 2012 us=226000 Local Options hash (VER=V4): '5b243d85'
Mon Jul 23 09:27:05 2012 us=226000 Expected Remote Options hash (VER=V4): '0b024030'
Mon Jul 23 09:27:05 2012 us=226000 UDPv4 link local: [undef]
Mon Jul 23 09:27:05 2012 us=226000 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Mon Jul 23 09:27:05 2012 us=226000 MANAGEMENT: >STATE:1343053625,WAIT,,,
Mon Jul 23 09:28:05 2012 us=786000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jul 23 09:28:05 2012 us=786000 TLS Error: TLS handshake failed
Mon Jul 23 09:28:05 2012 us=786000 TCP/UDP: Closing socket
Mon Jul 23 09:28:05 2012 us=786000 SIGUSR1[soft,tls-error] received, process restarting
Mon Jul 23 09:28:05 2012 us=786000 MANAGEMENT: >STATE:1343053685,RECONNECTING,tls-error,,
Mon Jul 23 09:28:05 2012 us=786000 Restart pause, 2 second(s)
Mon Jul 23 09:28:07 2012 us=782000 NOTE: OpenVPNAS 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Jul 23 09:28:07 2012 us=782000 Re-using SSL/TLS context
Mon Jul 23 09:28:07 2012 us=782000 LZO compression initialized
Mon Jul 23 09:28:07 2012 us=782000 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Jul 23 09:28:07 2012 us=782000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Jul 23 09:28:07 2012 us=782000 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 09:28:07 2012 us=782000 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Jul 23 09:28:07 2012 us=782000 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Jul 23 09:28:07 2012 us=782000 Local Options hash (VER=V4): '5b243d85'
Mon Jul 23 09:28:07 2012 us=782000 Expected Remote Options hash (VER=V4): '0b024030'
Mon Jul 23 09:28:07 2012 us=782000 UDPv4 link local: [undef]
Mon Jul 23 09:28:07 2012 us=782000 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Mon Jul 23 09:28:07 2012 us=782000 MANAGEMENT: >STATE:1343053687,WAIT,,,
server.conf
Code: Select all
push "redirect-gateway def1"
push "dhcp-option DNS 10.8.0.1"
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 0
client.conf
Code: Select all
client
dev tun
proto udp
remote XXX.XXX.XXX.XXX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 5
My server has pretty good specs, it shouldn't be too slow for such a thing. From the research I have been trying to do, it seems to have something to do with my TCP configuration, or tls-auth requires it? I checked with my server administration and they say there is no firewalls or anything blocking anything.