Есть CentOS 6.5, на нём стоит OpenServer 2.3.2 в комплекте с Easy-RSA 2.0. Суть в том, что сервер запускается нормально, то есть в логе я вижу «Initialization Sequence Completed». Далее я на удалённой машине пытаюсь подключиться к серверу с клиента XP SP3 (через OpenVPN-GUI 2.0.9). Схема работы такая:
Клиент -> Роутер с NAT (1194->1194 сервера) -> Сервер
Wed Dec 04 12:52:21 2013 us=109151 VERIFY ERROR: depth=1, error=certificate signature failure: /C=RU/ST=RO/L=*****/O=*****/OU=*****/CN=NITELaB_CA/name=EasyRSA/emailAddress=*****
Wed Dec 04 12:52:21 2013 us=111888 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Dec 04 12:52:21 2013 us=113361 TLS Error: TLS object -> incoming plaintext read error
Wed Dec 04 12:52:21 2013 us=114200 TLS Error: TLS handshake failed
Через некоторое время
Wed Dec 04 12:52:25 2013 us=739951 TLS Error: Unroutable control packet received from IP_SERVER:1194 (si=3 op=P_CONTROL_V1)
Wed Dec 04 12:52:25 2013 us=740888 TLS Error: Unroutable control packet received from IP_SERVER:1194 (si=3 op=P_CONTROL_V1)
Wed Dec 04 12:52:26 2013 us=977402 TLS Error: Unroutable control packet received from IP_SERVER:1194 (si=3 op=P_CONTROL_V1)
Wed Dec 04 12:52:26 2013 us=978382 TLS Error: Unroutable control packet received from IP_SERVER:1194 (si=3 op=P_CONTROL_V1)
Wed Dec 4 12:54:20 2013 us=466053 IP_CLIENT:29011 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Dec 4 12:54:20 2013 us=466122 IP_CLIENT:29011 TLS Error: TLS handshake failed
Wed Dec 4 12:54:20 2013 us=466250 IP_CLIENT:29011 SIGUSR1[soft,tls-error] received, client-instance restarting
На сервере в IPTABLES открыт UDP 1194, SeLinux отключен. Конфиг сервера
port 1194
proto udp
dev tun0
ca "/etc/openvpn/keys/ca.crt"
cert "/etc/openvpn/keys/server.crt"
key "/etc/openvpn/keys/server.key"
dh "/etc/openvpn/keys/dh1024.pem"
server 10.70.80.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
keepalive 10 60
tls-auth "/etc/openvpn/keys/ta.key" 0
cipher AES-128-CBC
comp-lzo
max-clients 5
user nobody
group nobody
persist-key
persist-tun
status "/var/log/openvpn/openvpn-status.log"
log "/var/log/openvpn/openvpn.log"
log-append "/var/log/openvpn/openvpn.log"
verb 4
client
proto udp
dev tun
dev-node TAP-Win32 Adapter V8 //Название адаптера в диспетчере
remote IP_SERVER
resolv-retry infinite
ca "C:\\OpenVPN\\ssl\\ca.crt"
cert "C:\\OpenVPN\\ssl\\nlbout.crt"
key "C:\\OpenVPN\\ssl\\nlbout.key"
ns-cert-type server
tls-auth "C:\\OpenVPN\\ssl\\ta.key" 1
cipher AES-128-CBC
comp-lzo
verb 4