OpenVPN отказывается работать на Linux Fedora 41

0

1

Помогите разобраться в чем может быть дело и почему не проходит подключение

client
remote {host} {port}
proto udp
dev tap
cipher BF-CBC

comp-lzo
pull

tls-client
ca ca.crt
cert    client.crt
key     client.key

tls-auth        ta.key 1
auth-nocache

verb 3
persist-key
persist-tun
route-method exe
explicit-exit-notify

Вывод после команды sudo openvpn --config client.ovpn

2025-01-15 22:41:34 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2025-01-15 22:41:34 DEPRECATED OPTION: --cipher set to 'BF-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2025-01-15 22:41:34 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2025-01-15 22:41:34 OpenVPN 2.6.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-01-15 22:41:34 library versions: OpenSSL 3.2.2 4 Jun 2024, LZO 2.10
2025-01-15 22:41:34 DCO version: N/A
2025-01-15 22:41:34 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2025-01-15 22:41:34 TCP/UDP: Preserving recently used remote address: [AF_INET]{host}:{port}
2025-01-15 22:41:34 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-01-15 22:41:34 UDPv4 link local: (not bound)
2025-01-15 22:41:34 UDPv4 link remote: [AF_INET]82.137.166.102:1194
2025-01-15 22:41:34 TLS: Initial packet from [AF_INET]82.137.166.102:1194, sid=9cc7d8d8 906ec878
2025-01-15 22:41:34 VERIFY OK: depth=1, CN=ovpn
2025-01-15 22:41:34 VERIFY OK: depth=0, CN=ovpn
2025-01-15 22:41:34 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 384 bits ECsecp384r1, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-01-15 22:41:34 [ovpn] Peer Connection Initiated with [AF_INET]{host}:{port}
2025-01-15 22:41:34 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-01-15 22:41:34 TLS: tls_multi_process: initial untrusted session promoted to trusted
2025-01-15 22:41:35 SENT CONTROL [ovpn]: 'PUSH_REQUEST' (status=1)
2025-01-15 22:41:35 WARNING: Received control with invalid characters: 50555348 5f524550 4c592c73 6e646275 66200909 09333933 3231362c 72637662 75662009 09093339 33323136 2c726f75 74652d64 656c6179 20332c72 6f757465 20313732 2e31372e 302e3020 3235352e 3235352e 302e302c 726f7574 65203137 322e3234 2e313238 2e302032 353[more...]
2025-01-15 22:41:40 SENT CONTROL [ovpn]: 'PUSH_REQUEST' (status=1)

Гуглеж отдельных ворнингов особых результатов не принес. Также этот же конфиг вполне работает на TileOS где в основе debian/

←	Отсутствует устройства вывода (звук), после установки arch linux на ноутбук (audio pipware)

OpenSource-аналог HeyGen

→

Сертификатов нет скорее сего

anonymous
(15.01.25 22:59:11 MSK)

А с сервера конфиг есть?

MagicMirror ★★
(15.01.25 23:14:21 MSK)

В конфиг клиента добавить remote-cert-tls server

Shprot ★★
(15.01.25 23:15:35 MSK)

Ответ на: комментарий от MagicMirror 15.01.25 23:14:21 MSK

К сожалению к серверу доступа нет

sabbraxcaddabra
(16.01.25 19:48:39 MSK) автор топика

Ответ на: комментарий от Shprot 15.01.25 23:15:35 MSK

К сожалению подключения не случилось, но вывод теперь такой

2025-01-16 19:53:19 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2025-01-16 19:53:19 DEPRECATED OPTION: --cipher set to 'BF-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2025-01-16 19:53:19 Note: '--allow-compression' is not set to 'no', disabling data channel offload.
2025-01-16 19:53:19 OpenVPN 2.6.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-01-16 19:53:19 library versions: OpenSSL 3.2.2 4 Jun 2024, LZO 2.10
2025-01-16 19:53:19 DCO version: N/A
2025-01-16 19:53:19 TCP/UDP: Preserving recently used remote address: [AF_INET]82.137.166.102:1194
2025-01-16 19:53:19 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-01-16 19:53:19 UDPv4 link local: (not bound)
2025-01-16 19:53:19 UDPv4 link remote: [AF_INET]82.137.166.102:1194
2025-01-16 19:53:19 TLS: Initial packet from [AF_INET]82.137.166.102:1194, sid=db3560f7 3645cfc8
2025-01-16 19:53:19 VERIFY OK: depth=1, CN=ovpn
2025-01-16 19:53:19 VERIFY KU OK
2025-01-16 19:53:19 Validating certificate extended key usage
2025-01-16 19:53:19 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-01-16 19:53:19 VERIFY EKU OK
2025-01-16 19:53:19 VERIFY OK: depth=0, CN=ovpn
2025-01-16 19:53:19 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 384 bits ECsecp384r1, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-01-16 19:53:19 [ovpn] Peer Connection Initiated with [AF_INET]82.137.166.102:1194
2025-01-16 19:53:19 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-01-16 19:53:19 TLS: tls_multi_process: initial untrusted session promoted to trusted
2025-01-16 19:53:20 SENT CONTROL [ovpn]: 'PUSH_REQUEST' (status=1)
2025-01-16 19:53:20 WARNING: Received control with invalid characters: 50555348 5f524550 4c592c73 6e646275 66200909 09333933 3231362c 72637662 75662009 09093339 33323136 2c726f75 74652d64 656c6179 20332c72 6f757465 20313732 2e31372e 302e3020 3235352e 3235352e 302e302c 726f7574 65203137 322e3234 2e313238 2e302032 353[more...]

sabbraxcaddabra
(16.01.25 19:56:04 MSK) автор топика

Ответ на: комментарий от sabbraxcaddabra 16.01.25 19:48:39 MSK

Обращайся туда. Новые версии openvpn могут более строго проверять параметры.

MagicMirror ★★
(16.01.25 20:30:28 MSK)

←	Отсутствует устройства вывода (звук), после установки arch linux на ноутбук (audio pipware)

General

OpenSource-аналог HeyGen

→

Похожие темы