На VPS с Ubuntu Server 12.04 установлен OpenVPN (2.2.1), настройки сервера такие:
port 443
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
server 10.9.8.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
tls-server
tls-auth keys/ta.key 0
auth SHA1
cipher BF-CBC
keepalive 10 180
comp-lzo
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 4
Настройки клиента (windows, openvpn gui; либо osx, tunnelblick):
dev tun
proto tcp
remote ip
port 443
client
resolv-retry infinite
ca ca.crt
cert homepc.crt
key homepc.key
tls-client
tls-auth ta.key 1
auth SHA1
cipher BF-CBC
ns-cert-type server
comp-lzo
persist-key
persist-tun
verb 3
При подключении происходит ошибка (сервер):
Thu May 8 21:24:00 2014 us=149866 80.83.238.95:42039 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu May 8 21:24:00 2014 us=150216 80.83.238.95:42039 TLS Error: TLS handshake failed
Если поменять протокол на upd, то все работает нормально.
Настройки iptables:
Chain INPUT (policy ACCEPT)
ACCEPT tcp — anywhere anywhere tcp dpt:https
ACCEPT udp — anywhere anywhere udp dpt:https
Chain OUTPUT (policy ACCEPT)
ACCEPT tcp — anywhere anywhere tcp spt:https
ACCEPT udp — anywhere anywhere udp spt:https
Chain FORWARD (policy ACCEPT)
ACCEPT all — 10.9.8.0/24 anywhere
ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
