Установил OpenVPN. Настраивал по различным инструкциям. Но ни раз не получилось поднять VPN канал. Все тесты проводил в локальной сети.
Помогите пожалуйста настроить VPN.
Конфиг с сервера /etc/openvpn/server.conf :
local 192.168.21.30
port 1194
proto udp
dev tun0
tun-mtu 1500
ca /etc/openvpn/.key/ca.crt
cert /etc/openvpn/.key/server.crt
key /etc/openvpn/.key/server.key
dh /etc/openvpn/.key/dh2048.pem
server 10.10.20.0 255.255.255.0
daemon
mode server
tls-server
ifconfig-pool-persist /etc/openvpn/ip.sv
push "route 192.168.21.0 255.255.255.0"
push "dhcp-option DNS 192.168.21.3"
keepalive 10 120
tls-auth /etc/openvpn/.tls/ta.key 0
cipher AES-256-CBC
auth SHA512
comp-lzo
max-clients 20
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 5
mute 20
Конфиг с клиента:
client
tls-client
dev tun
proto udp
remote 192.168.21.30 1194
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAOsRqUXrS2+RMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYD
VQQGEwJLRzELMAkGA1UECBMCQkkxEDAOBgNVBAcTB0Jpc2hrZWsxDTALBgNVBAoT
BE1vYmkxCzAJBgNVBAsTAklUMQ8wDQYDVQQDEwZzZXJ2ZXIxDzANBgNVBCkTBnNl
cnZlcjEhMB8GCSqGSIb3DQEJARYSaWxpYXNAaWxpYW5hcHJvLnJ1MB4XDTEzMTIy
MzE4MzcwMFoXDTIzMTIyMTE4MzcwMFowgY0xCzAJBgNVBAYTAktHMQswCQYDVQQI
EwJCSTEQMA4GA1UEBxMHQmlzaGtlazENMAsGA1UEChMETW9iaTELMAkGA1UECxMC
SVQxDzANBgNVBAMTBnNlcnZlcjEPMA0GA1UEKRMGc2VydmVyMSEwHwYJKoZIhvcN
AQkBFhJpbGlhc0BpbGlhbmFwcm8ucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQCphsALCrcI8vnWDl4ggw+hXQc4IE4k5lry82dmlhf/xh7+U5/6oKVE
aOrfCGU88S4mtwvKa3NafGljM/Ml2eBROduQIdURFSe+8Rd/A3/UCsolTjR4t8nn
49Q0dgUtGuW/eYhmUiiYp0ZyvFlr5botRjqrt5sOwGvyxG3k8NjKuPenz7b/XQr/
A7z8ttK8f2eGPBzReyYYHMRjU2Ywn8XHMQgEO2rT0UNeoUHsePx3Q3I5GELfCL7B
ypWwYis9fPfkIxAuPCDp/e5x35M/EB8ZoeAcrFkhnxlKV3UV7uRaBxeQp+9i27iO
sl1sZEWwXnHXDSOANn2EbCpDZWq3JtkfAgMBAAGjgfUwgfIwHQYDVR0OBBYEFGkt
h1tGFZf9r99wGl6tNKUTBTNlMIHCBgNVHSMEgbowgbeAFGkth1tGFZf9r99wGl6t
NKUTBTNloYGTpIGQMIGNMQswCQYDVQQGEwJLRzELMAkGA1UECBMCQkkxEDAOBgNV
BAcTB0Jpc2hrZWsxDTALBgNVBAoTBE1vYmkxCzAJBgNVBAsTAklUMQ8wDQYDVQQD
EwZzZXJ2ZXIxDzANBgNVBCkTBnNlcnZlcjEhMB8GCSqGSIb3DQEJARYSaWxpYXNA
aWxpYW5hcHJvLnJ1ggkA6xGpRetLb5EwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
AQUFAAOCAQEAQQckD+1R9ogLRVdzqkZiy+myjAcKRF55nIkM+OnmUGi4VzG6GwfV
YUPxW8qrOaKBbmvmXfMozKFc/QHGa14cKR0kcBfZaCw9pT95yfiHTDXYw0FWNSqA
S5uRXfxNKIz3ewj7+WARwNVoB3tiBr5z5qAKcTrnLJLzjIumbCZTqiiMUojwAyyo
9+zAYqYRYweC5cm/pEzr5Ih7IggymCc/YrjQxp6DTCI1NIi8WAANcTjsM4eSneIn
gXbdNR1rM6iuB79jdG6LS0EPyExrN/nKzi22ysdxh0JUnF03u5ZBL9i1qWWUQI/V
xCx98FBNeiqgQg8HSdnE0yWHTf4s9gvs7g==
-----END CERTIFICATE-----
</ca>
<dh>
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEA8aIDQ9dps8FArISZ7C3xYwCBnijiqZNtuJOjHRcUZEZ/r/Ytrq9B
sGEEKEZWbj2J+p4ivqfkoe3ydmAx0E6KQmIHUg9JyOi9sZ/QX5cQpp7VScyYeDDw
1cXE0UXzXQnmVMK6fpfnJ8/ckelNoqvjvYPyx2iXDH9JKpFJKd+KQR/vLQ2gTIJh
DtaoKXX8UVI0h8C9uu2EOErFtZ9uO2c9eTN8i6XbLushyQDnN5oW5q1qDxHm5rFT
Wa4VKV0lW5Q4xMSYDshXivh83VS4Yf8Ytt1No5jSBDZRfABAFOVmKgFrtzbJKPGC
6Zy0gRQS3LuxB2JH35JRTMwC3Dwbzu7jUwIBAg==
-----END DH PARAMETERS-----
</dh>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=KG, ST=BI, L=Bishkek, O=Mobi, OU=IT, CN=server/name=server/emailAddress=ilias@ilianapro.ru
Validity
Not Before: Dec 23 18:39:04 2013 GMT
Not After : Dec 21 18:39:04 2023 GMT
Subject: C=KG, ST=BI, L=Bishkek, O=Mobi, OU=IT, CN=velowup/name=server/emailAddress=ilias@ilianapro.ru
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cb:fa:e8:16:6c:42:58:b0:f5:04:9a:f8:65:3e:
72:f8:3c:aa:b5:1a:e5:42:2a:d5:b3:96:03:f9:d9:
e0:05:f5:d5:00:aa:0c:6a:d1:c8:33:38:d2:a2:a4:
e7:04:b6:a8:eb:74:94:db:55:f0:a7:cc:9b:d2:d8:
98:21:cc:00:78:c6:c0:a6:ff:bb:ac:73:dc:98:13:
f3:89:2b:43:77:c2:24:1e:ce:37:2f:94:b6:82:d5:
85:0c:00:8c:1d:ca:4f:83:bb:36:5c:5d:ea:76:f7:
72:aa:6d:8b:09:d8:53:b3:12:6c:8a:cb:5b:75:17:
b9:b7:bf:03:db:48:6f:df:0d:d0:3a:0e:15:8b:57:
31:03:eb:ab:ea:97:ee:e1:2c:15:53:fb:20:dd:3b:
93:6b:bc:c7:53:5e:79:67:0b:79:26:3b:85:46:c6:
51:8f:3e:0c:60:3f:bb:f8:af:03:18:b4:a8:19:f8:
35:de:17:5d:69:3f:8a:ae:3f:10:78:66:27:2a:7d:
ac:a0:da:3b:50:ad:84:c3:d8:65:87:bf:37:53:ef:
bb:b9:1e:95:0d:15:41:e6:be:f6:ca:d5:3c:1e:b4:
44:36:9e:ae:a1:93:4c:aa:d3:42:a2:89:29:02:d0:
c1:8e:cf:b3:77:80:72:59:eb:2c:e3:ce:3d:f0:ef:
01:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
96:FA:D4:68:BD:55:E4:C5:88:20:F3:F1:4A:58:50:B8:74:AF:7E:BA
X509v3 Authority Key Identifier:
keyid:69:2D:87:5B:46:15:97:FD:AF:DF:70:1A:5E:AD:34:A5:13:05:33:65
DirName:/C=KG/ST=BI/L=Bishkek/O=Mobi/OU=IT/CN=server/name=server/emailAddress=ilias@ilianapro.ru
serial:EB:11:A9:45:EB:4B:6F:91
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha1WithRSAEncryption
6f:82:be:00:31:1d:0b:11:b7:1e:08:1c:a0:50:0e:d5:b9:d1:
7c:1b:4b:36:e0:7f:42:cd:0f:a3:68:b0:84:e7:c5:7b:8e:da:
be:f4:b7:db:30:df:2c:04:4f:d6:0a:95:9d:10:30:2f:87:76:
b8:9b:71:e9:d4:aa:a6:47:b5:8b:f6:8f:d6:a6:d4:6b:b3:7d:
f2:eb:70:7a:b4:95:d0:1e:9c:d8:25:bf:f6:e4:63:f5:b9:26:
99:41:1b:e6:5a:dd:cc:bf:f4:e2:61:56:de:9e:f8:41:46:88:
48:58:b9:67:7a:e3:a0:b1:3c:1f:fc:07:9e:8d:6c:1d:63:9d:
dd:86:5e:82:97:f3:8e:ff:52:94:b9:61:db:23:c7:4f:61:9a:
da:d8:37:44:89:e1:5b:b9:f8:db:ff:d1:c2:73:22:a0:5c:71:
cb:ac:ca:f5:de:68:e0:ad:0d:ce:b6:8c:e1:d9:49:51:f6:e3:
dd:8a:03:37:e6:9c:d2:3b:da:84:2d:61:5b:25:79:d1:9b:5e:
15:99:fe:5b:82:2c:7e:ea:f1:dc:6c:e3:77:cf:cc:8c:db:55:
e9:26:fa:73:4d:c6:5a:25:85:0e:11:3f:f6:9b:a1:06:cd:ec:
a2:af:0f:98:1d:ac:b1:02:5b:cb:a4:1c:4c:f2:32:8c:76:e8:
b4:27:d9:5a
-----BEGIN CERTIFICATE-----
MIIE3jCCA8agAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCS0cx
CzAJBgNVBAgTAkJJMRAwDgYDVQQHEwdCaXNoa2VrMQ0wCwYDVQQKEwRNb2JpMQsw
CQYDVQQLEwJJVDEPMA0GA1UEAxMGc2VydmVyMQ8wDQYDVQQpEwZzZXJ2ZXIxITAf
BgkqhkiG9w0BCQEWEmlsaWFzQGlsaWFuYXByby5ydTAeFw0xMzEyMjMxODM5MDRa
Fw0yMzEyMjExODM5MDRaMIGOMQswCQYDVQQGEwJLRzELMAkGA1UECBMCQkkxEDAO
BgNVBAcTB0Jpc2hrZWsxDTALBgNVBAoTBE1vYmkxCzAJBgNVBAsTAklUMRAwDgYD
VQQDEwd2ZWxvd3VwMQ8wDQYDVQQpEwZzZXJ2ZXIxITAfBgkqhkiG9w0BCQEWEmls
aWFzQGlsaWFuYXByby5ydTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMv66BZsQliw9QSa+GU+cvg8qrUa5UIq1bOWA/nZ4AX11QCqDGrRyDM40qKk5wS2
qOt0lNtV8KfMm9LYmCHMAHjGwKb/u6xz3JgT84krQ3fCJB7ONy+UtoLVhQwAjB3K
T4O7Nlxd6nb3cqptiwnYU7MSbIrLW3UXube/A9tIb98N0DoOFYtXMQPrq+qX7uEs
FVP7IN07k2u8x1NeeWcLeSY7hUbGUY8+DGA/u/ivAxi0qBn4Nd4XXWk/iq4/EHhm
Jyp9rKDaO1CthMPYZYe/N1Pvu7kelQ0VQea+9srVPB60RDaerqGTTKrTQqKJKQLQ
wY7Ps3eAclnrLOPOPfDvAdcCAwEAAaOCAUQwggFAMAkGA1UdEwQCMAAwLQYJYIZI
AYb4QgENBCAWHkVhc3ktUlNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E
FgQUlvrUaL1V5MWIIPPxSlhQuHSvfrowgcIGA1UdIwSBujCBt4AUaS2HW0YVl/2v
33AaXq00pRMFM2WhgZOkgZAwgY0xCzAJBgNVBAYTAktHMQswCQYDVQQIEwJCSTEQ
MA4GA1UEBxMHQmlzaGtlazENMAsGA1UEChMETW9iaTELMAkGA1UECxMCSVQxDzAN
BgNVBAMTBnNlcnZlcjEPMA0GA1UEKRMGc2VydmVyMSEwHwYJKoZIhvcNAQkBFhJp
bGlhc0BpbGlhbmFwcm8ucnWCCQDrEalF60tvkTATBgNVHSUEDDAKBggrBgEFBQcD
AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQEFBQADggEBAG+CvgAxHQsRtx4IHKBQ
DtW50XwbSzbgf0LND6NosITnxXuO2r70t9sw3ywET9YKlZ0QMC+HdribcenUqqZH
tYv2j9am1GuzffLrcHq0ldAenNglv/bkY/W5JplBG+Za3cy/9OJhVt6e+EFGiEhY
uWd646CxPB/8B56NbB1jnd2GXoKX847/UpS5Ydsjx09hmtrYN0SJ4Vu5+Nv/0cJz
IqBcccusyvXeaOCtDc62jOHZSVH2492KAzfmnNI72oQtYVsledGbXhWZ/luCLH7q
8dxs43fPzIzbVekm+nNNxlolhQ4RP/aboQbN7KKvD5gdrLECW8ukHEzyMox26LQn
2Vo=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDL+ugWbEJYsPUE
mvhlPnL4PKq1GuVCKtWzlgP52eAF9dUAqgxq0cgzONKipOcEtqjrdJTbVfCnzJvS
2JghzAB4xsCm/7usc9yYE/OJK0N3wiQezjcvlLaC1YUMAIwdyk+DuzZcXep293Kq
bYsJ2FOzEmyKy1t1F7m3vwPbSG/fDdA6DhWLVzED66vql+7hLBVT+yDdO5NrvMdT
XnlnC3kmO4VGxlGPPgxgP7v4rwMYtKgZ+DXeF11pP4quPxB4Zicqfayg2jtQrYTD
2GWHvzdT77u5HpUNFUHmvvbK1TwetEQ2nq6hk0yq00KiiSkC0MGOz7N3gHJZ6yzj
zj3w7wHXAgMBAAECggEAauzBkE97j+Zi6eEaaGgN+FZE3d6VYtP1ZcgzmVs+daFh
4JFDJROGsGMO9zcd6nidn59jEH7CQhOdcy8awEyhyq3U+zV++W1aq1V6CeNl4Hci
XAuZHhYEfhzTO3FmAY+1ksYmPtD0QRyBPRljEuwVI/96al8jOAQR1GIK8X3NNsyl
T8UlALpps3S/7yhU80vM/c7cmMigAET6zYpfpaJBGiaKxFVXPqAiEDBXFDGBQthy
t4Eb+xKQA0G7mBE/ccgw6Fdy2jI+CX5m6QAdHQ7xFa9gVGcBJKlbDpOB9mQlraUT
AsSPyrhPrXOEJ6HX0kOXDs2oCevT5gln0P5mufLyAQKBgQDmGszTStadQjzl8iJW
JkpRZeDxRgw/Or8KRTpUbURTNP6/xPhdhxY21i6NumMzsRSOtVZeBUZrq4NKE39q
Cq0CTUtlO4FV5fd7caCHdHfISGya+M5YBOOqh0bSsuGac7+Go86li8Ugmz8stkPe
cxUxK28hp0bZ66hwWM+tU4jPVwKBgQDi73htJUcTYKRFUqtO/VEX7hLV27uJXGXv
0/5HwsEfJKwrYcLHVggk0whJ4rlIE7hSJYQ7wni4tMuJg777q3jFHnjDpnfRymtG
1T5VtoxRP3aBIoDumLnAzjqhLj8ppnbjo3plGwz5Hzfo1LFvq7YR0s52e7UWosV8
wJnoYTxRgQKBgBGwUbqUcDcalm/e00DoJKJpQIeLqPlbXMA/XiKLW8tBsauwSp91
+QEyKdX/VAzvOfNWgVMs+KLiRm91XEAcnfwlUPxxPJoL2aCFtZ90Fpkw6BhptAMU
LSQ4zfr4gVtMNpb1FLepLPg6tvqK8GCzXBexjRN7NnkeIo6wZRaf6051AoGBAKfn
ODnBEAJlSYVE8hyiTiKfce4rAmlSJNW6CvQ7QznwnzYFweBMZgAg54wLJL0QYhrd
SSYR79HxanqXMHHyX4uwzPctLo/Y7WBeHB28z7q5cst+pNhjxWPC8hwZJICDeolY
hhFSX1ne4DXzUEjoSfCMAVgmlUhnLCjuM7F8Z+2BAoGBAMJ6vrP/2Mj81mPpLo26
tHNwLdZu756r7dARvF8YkzWpIUZZA9huN6bMFlnv805pu33ofnJPKJEHGBJm2OEW
Jx8b+avscCTGgBWUHLcw4JkKeLgj7sq0svvLzvORtLBMeP4jyxl1U4gziutQHjEf
9M/Akv//1F/RYPELhQNgrA71
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
edd1b1ebbaded82bc669c67db93fa043
fc6e1ce76b30307d1ded32069fabadd3
d3616daaf18900c444195781be4f97b6
47138e23da54db777ab7ff0d9e2f7fc0
de0806e0d49c43a4d2675d88f1c5731c
7ccb5afa5bea290a48aad969ef639397
5749340afe8d0e0db5f2780a7cce4788
344d8eea394aae71c025612659765941
29b8f646b62bb267c2d5dcaec65e9bb9
9f9faded4794a145fb6dfcea839a8ad2
0f9840703220cda671dba042ec994ff5
fc77601d9252aae72665146916272a5b
d6f8d269b491589b43de40ff16111d5c
20732d53eb9dd4f26438b6f14e7ef059
86e03be0905c7e4b1ce092fbeba5e542
c7517224779b1fe0a40ae7a08bd99a39
-----END OpenVPN Static key V1-----
</tls-auth>
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 4
mute 20
user nobody
group nogroup
log-append openvpn_client.log
status status_client.log
tun-mtu 1500
tun-mtu-extra 32
mssfix
При попытке подключиться к OpenVPN с Windows 7 OpenVPN Client на сервере пишутся следующий лог:
==> /var/log/openvpn/openvpn.log <==
WWWWWMon Dec 23 20:11:28 2013 us=289353 MULTI: multi_create_instance called
Mon Dec 23 20:11:28 2013 us=289426 192.168.21.55:61845 Re-using SSL/TLS context
Mon Dec 23 20:11:28 2013 us=289473 192.168.21.55:61845 LZO compression initialized
Mon Dec 23 20:11:28 2013 us=289569 192.168.21.55:61845 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Mon Dec 23 20:11:28 2013 us=289602 192.168.21.55:61845 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 23 20:11:28 2013 us=289752 192.168.21.55:61845 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Dec 23 20:11:28 2013 us=289778 192.168.21.55:61845 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Dec 23 20:11:28 2013 us=289833 192.168.21.55:61845 Local Options hash (VER=V4): '14d315e7'
Mon Dec 23 20:11:28 2013 us=289870 192.168.21.55:61845 Expected Remote Options hash (VER=V4): 'a5d50645'
RMon Dec 23 20:11:28 2013 us=289931 192.168.21.55:61845 TLS: Initial packet from [AF_INET]192.168.21.55:61845, sid=308cca2b 5ce8c5ad
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWWWWWWWMon Dec 23 20:11:30 2013 us=335279 MULTI: multi_create_instance called
Mon Dec 23 20:11:30 2013 us=335354 192.168.21.55:61849 Re-using SSL/TLS context
Mon Dec 23 20:11:30 2013 us=335401 192.168.21.55:61849 LZO compression initialized
Mon Dec 23 20:11:30 2013 us=335497 192.168.21.55:61849 Control Channel MTU parms [ L:1602 D:210 EF:110 EB:0 ET:0 EL:0 ]
Mon Dec 23 20:11:30 2013 us=335530 192.168.21.55:61849 Data Channel MTU parms [ L:1602 D:1450 EF:102 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 23 20:11:30 2013 us=335681 192.168.21.55:61849 Local Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Mon Dec 23 20:11:30 2013 us=335707 192.168.21.55:61849 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Mon Dec 23 20:11:30 2013 us=335749 192.168.21.55:61849 Local Options hash (VER=V4): '14d315e7'
Mon Dec 23 20:11:30 2013 us=335786 192.168.21.55:61849 Expected Remote Options hash (VER=V4): 'a5d50645'
RMon Dec 23 20:11:30 2013 us=335847 192.168.21.55:61849 TLS: Initial packet from [AF_INET]192.168.21.55:61849, sid=fe55955e 3d83b9f4
WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWWW^C
Уже пару дней вкуриваю и не могу понять где проблема.
Заранее благодарен.