V
V
vasRmba2015-07-31 13:06:19
openvpn
vasRmba, 2015-07-31 13:06:19

OpenVPN client not connecting to server, what's wrong?

On Win 7 server 64
config
dev tun
proto udp
port 1194
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
topology subnet
server 10.8.0.0 255.255.255.0
cipher AES-128-CBC
comp-lzo
mssfix
keepalive 10 120
verb 3
On Win7 client 32
config
port 1194
client
dev tun
proto udp
remote 10.8.0.1 1194
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
nobind
comp-lzo
persist-key
persist-tun
status C:\\OpenVPN\\log\\openvpn-status.log
log C:\\OpenVPN\\log\\openvpn.log
verb 3
client log
Fri Jul 31 13:04:07 2015 MANAGEMENT: >STATE:1438337047, RECONNECTING,tls-error,,
Fri Jul 31 13:04:07 2015 Restart pause, 2 second(s)
Fri Jul 31 13:04:09 2015 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Fri Jul 31 13:04:09 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 31 13:04:09 2015 UDPv4 link local: [undef]
Fri Jul 31 13:04 :09 2015 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Fri Jul 31 13:04:09 2015 MANAGEMENT: >STATE:1438337049,WAIT,,,
Fri Jul 31 13:05:09 2015 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jul 31 13:05:09 2015 TLS Error: TLS handshake failed
Fri Jul 31 13:05:09 2015 SIGUSR1[soft,tls-error] received, process restarting
Fri Jul 31 13:05:09 2015 MANAGEMENT: >STATE:1438337109,RECONNECTING,tls-error,,
Fri Jul 31 13:05:09 2015 Restart pause, 2 second (s)
Fri Jul 31 13:05:11 2015 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Fri Jul 31 13:05:11 2015 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 31 13:05:11 2015 UDPv4 link local: [undef]
Fri Jul 31 13:05:11 2015 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Fri Jul 31 13:05:11 2015 MANAGEMENT: >STATE:1438337111,WAIT ,,,
run as admin

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sergey, 2015-07-31
@vasRmba

Isn't that clearly an indication of an error?
"Fri Jul 31 13:04:09 2015 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info."
Did you follow the link? Did you try to fix?

V
Viktor, 2020-08-14
@awsswa59

Google clearly leads to this article. Let's add a working version for history.
Server:
cat /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 172.16.31.0 255.255.255.0
ifconfig-pool-persist ipp.txt 0
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
tls-server
status openvpn-status.log
verb 3
client-to-client
client-config-dir /etc/openvpn/ccd
reneg-sec 0 ; do not disconnect every hour to update the key "not secure"
Add if necessary
push "route 192.168.0.0 255.255.255.0" ; tell clients what network is behind the server, so that they add a route to the routing
push "explicit-exit-notify 3"
If we need networks behind openvpn clients, add
route 192.168.115.0 255.255.255.0 172.16.31.1 ; tell the server what kind of networks the clients (office1) have to know the routing
route 192.168.33.0 255.255.255.0 172.16.31.1 ; there can be a lot of them (office2)
Settings so that clients always receive the same VPN address
office1, office2 names are taken from the key name when you create a client certificate
Office1 client with an internal network 192.168.115.X
cat /etc/openvpn/ccd/ office1
ifconfig-push 172.16.31.2 172.16.31.1
iroute 192.168.115.0 255.255.255.0
Client 2 with internal network 192.168.33.X
cat /etc/openvpn/ccd/office2
ifconfig-push 172.16.31.3 172.16.31.1 iroute
192.168.33.0 255.25 . client.conf client dev tun proto udp remote X.X.X.X 1194 # Server external address resolv-retry infinite nobind persist-key persist-tun ns-cert-type server ca /etc/openvpn/ca.crt # Server key cert /etc/openvpn/office1.crt # Client keys key /etc/openvpn/office1.key # Client keys comp-lzo verb 3 mute 20
#tun-mtu 1380 # if there is ping and nothing is downloading inside the network, reduce mtu

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question