Пытаюсь установить клиент openvpn на centos7.
# systemctl status openvpn@openvpn.service пишет что запущен и активен.
конфиг:
client
nobind
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
#dh /etc/openvpn/keys/dh1024.pem
cert /etc/openvpn/keys/usererp.crt
key /etc/openvpn/keys/usererp.key
remote *.*.*.*:*
cipher DES-CBC
#user nobody
#group nogroup
verb 3
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
status /var/log/openvpn-status.log
log /var/log/openvpn.log
resolv-retry infinite
#remote-cert-tls server
в логе:
Wed Jul 15 19:15:56 2015 OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 9 2015
Wed Jul 15 19:15:56 2015 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Wed Jul 15 19:15:56 2015 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Wed Jul 15 19:15:56 2015 WARNING: file '/etc/openvpn/keys/usererp.key' is group or others accessible
Wed Jul 15 19:15:56 2015 Socket Buffers: R=[212992->131072] S=[212992->131072]
Wed Jul 15 19:15:56 2015 UDPv4 link local: [undef]
Wed Jul 15 19:15:56 2015 UDPv4 link remote: [AF_INET]*.*.*.*:*
Wed Jul 15 19:15:56 2015 TLS: Initial packet from [AF_INET]*.*.*.*:*, sid=ae4bc67d 3ae49a58
Wed Jul 15 19:15:56 2015 VERIFY OK: depth=1, C=RU, ST=citytest, L=citytest, O=test_org, OU=test, CN=test, name=test, emailAddress=support@ruhotline.ru
Wed Jul 15 19:15:56 2015 VERIFY ERROR: depth=0, error=certificate signature failure: C=RU, ST=citytest, L=citytest, O=test_org, OU=test, CN=test, name=test, emailAddress=support@ruhotline.ru
Wed Jul 15 19:15:56 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Jul 15 19:15:56 2015 TLS Error: TLS object -> incoming plaintext read error
Wed Jul 15 19:15:56 2015 TLS Error: TLS handshake failed
Wed Jul 15 19:15:56 2015 SIGUSR1[soft,tls-error] received, process restarting
Wed Jul 15 19:15:56 2015 Restart pause, 2 second(s)