What is the problem with connecting via OpenVPN?

M

Maxim2014-08-28 22:45:03

linux

Maxim, 2014-08-28 22:45:03

The client cannot connect to the server.
Centos 6.5
server config

local 192.168.1.5
port 1194
proto udp
dev tun

cd /etc/openvpn

persist-key
persist-tun

tls-server
tls-timeout 120
ca /etc/openvpn/.keys/ca.crt
cert /etc/openvpn/.keys/server.crt
key /etc/openvpn/.keys/server.key 
dh /etc/openvpn/.keys/dh2048.pem
tls-auth /etc/openvpn/.keys/ta.key 0
cipher AES-128-CBC   # AES

server 192.168.3.0 255.255.255.0
client-to-client
topology subnet

max-clients 5

push "route 192.168.1.0 255.255.255.0"

comp-lzo

keepalive 10 120

status /etc/openvpn/openvpn-status.log 1
status-version 3

log-append  /etc/openvpn/openvpn.log
verb 3
mute 20

client config

dev tun
proto udp
remote ***.***.***.*** 1194
client
resolv-retry infinite
ca "ca.crt"
cert "***.crt"
key "***.key"
tls-auth "ta.key" 1
remote-cert-tls server
cipher AES-128-CBC   # AES
persist-key
persist-tun
comp-lzo
verb 3

Fri Aug 29 00:52:59 2014 OpenVPN 2.3.3 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Apr 14 2014
Enter Management Password:
Fri Aug 29 00:52:59 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Fri Aug 29 00:52:59 2014 Need hold release from management interface, waiting...
Fri Aug 29 00:52:59 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Fri Aug 29 00:52:59 2014 MANAGEMENT: CMD 'state on'
Fri Aug 29 00:52:59 2014 MANAGEMENT: CMD 'log all on'
Fri Aug 29 00:52:59 2014 MANAGEMENT: CMD 'hold off'
Fri Aug 29 00:52:59 2014 MANAGEMENT: CMD 'hold release'
Fri Aug 29 00:53:00 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Aug 29 00:53:00 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 29 00:53:00 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Aug 29 00:53:00 2014 Socket Buffers: R=[516096->516096] S=[172032->172032]
Fri Aug 29 00:53:00 2014 UDPv4 link local (bound): [undef]
Fri Aug 29 00:53:00 2014 UDPv4 link remote: [AF_INET]###.###.###.###:1194
Fri Aug 29 00:53:00 2014 MANAGEMENT: >STATE:1409259180,WAIT,,,
Fri Aug 29 00:53:40 2014 SIGTERM[hard,] received, process exiting
Fri Aug 29 00:53:40 2014 MANAGEMENT: >STATE:1409259220,EXITING,SIGTERM,,

the port on the router is forwarded.
wrote this in iptables

iptables -A INPUT -p udp -m udp --dport 1194 -j ACCEPT

such sensation that the client does not see the server. or the server silently cuts everything.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Igor, 2014-08-28
@maxpointn2point

1. Yes, you can. The difference between tun and tap is that one of them works at the second layer of the OSI model, and the other at the third.
2. Most likely yes, but I could be wrong.
3. It seems that it is not necessary to prescribe both in the config, since there are default values.
In general, I recommend reading the article:
habrahabr.ru/post/233971
In it, the author painted everything in great detail. And most importantly, it is fresh with current versions of configs and directives.