Достался мне роутер под ubuntu 14.04.
Копирую на него 100% рабочий конфиг с серверов под CentOS. Пытаюсь подключиться - не хочет «TLS handshake failed». Причём в логе на сервере нет записей о том, что я пытался к нему подключиться.
Время на серверах совпадает. Сертификаты, ключи правильные - созданы сегодня утром. Порт на бубунте открыт. В CentOS контекст у файлов выставлен корректный.
Куда ещё посмотреть, что ещё проверить - не могу сообразить. Посоветуйте, пожалуйста. Может глаз замылился, проблема на поверхности?
server.log:
Sat Jul 23 21:31:11 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
Sat Jul 23 21:31:11 2016 Diffie-Hellman initialized with 2048 bit key
Sat Jul 23 21:31:11 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jul 23 21:31:11 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 23 21:31:11 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 23 21:31:11 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Sat Jul 23 21:31:11 2016 TUN/TAP device tun1 opened
Sat Jul 23 21:31:11 2016 TUN/TAP TX queue length set to 100
Sat Jul 23 21:31:11 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Jul 23 21:31:11 2016 /sbin/ip link set dev tun1 up mtu 1500
Sat Jul 23 21:31:11 2016 /sbin/ip addr add dev tun1 10.0.1.1/24 broadcast 10.0.1.255
Sat Jul 23 21:31:11 2016 GID set to nogroup
Sat Jul 23 21:31:11 2016 UID set to nobody
Sat Jul 23 21:31:11 2016 UDPv4 link local (bound): [undef]
Sat Jul 23 21:31:11 2016 UDPv4 link remote: [undef]
Sat Jul 23 21:31:11 2016 MULTI: multi_init called, r=256 v=256
Sat Jul 23 21:31:11 2016 IFCONFIG POOL: base=10.0.1.1 size=252, ipv6=0
Sat Jul 23 21:31:11 2016 IFCONFIG POOL LIST
Sat Jul 23 21:31:11 2016 Initialization Sequence Completed
Sat Jul 23 22:31:51 2016 OpenVPN 2.3.11 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on May 10 2016
Sat Jul 23 22:31:51 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Sat Jul 23 22:31:51 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Jul 23 22:31:51 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 23 22:31:51 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Jul 23 22:31:51 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jul 23 22:31:51 2016 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Sat Jul 23 22:31:51 2016 UDPv4 link local: [undef]
Sat Jul 23 22:31:51 2016 UDPv4 link remote: [AF_INET]8.8.8.8:1194
Sat Jul 23 22:32:51 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jul 23 22:32:51 2016 TLS Error: TLS handshake failed
Sat Jul 23 22:32:51 2016 SIGUSR1[soft,tls-error] received, process restarting
Sat Jul 23 22:32:51 2016 Restart pause, 2 second(s)
Sat Jul 23 22:32:53 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jul 23 22:32:53 2016 UDPv4 link local: [undef]
Sat Jul 23 22:32:53 2016 UDPv4 link remote: [AF_INET]8.8.8.8:1194
Sat Jul 23 22:33:53 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Jul 23 22:33:53 2016 TLS Error: TLS handshake failed
Sat Jul 23 22:33:53 2016 SIGUSR1[soft,tls-error] received, process restarting
server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
tls-auth ta.key 0
crl-verify crl.pem
tls-server
tls-timeout 120
cipher AES-256-CBC
server 10.0.1.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
ccd-exclusive
client-to-client
topology subnet
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/server-status.log 1
status-version 3
log-append /var/log/openvpn/server.log
verb 3
mute 20
client
dev tun
proto udp
remote 8.8.8.8 1194
resolv-retry infinite
float
nobind
keepalive 10 120
persist-key
persist-tun
comp-lzo
cipher AES-254-CBC
ca ca.crt
dh dh.pem
cert client.crt
key client.key
tls-client
tls-auth ta.key 1
remote-cert-tls server
user nobody
group nobody
status /var/log/openvpn/client-status.log 1
status-version 3
log-append /var/log/openvpn/client.log
verb 3