Не могу подключиться к своему OpenVPN серверу из OpenVPN Connect для android
Форум — General
Недавно запустил свой сервер OpenVPN. Клиенты на linux подключаются успешно. Для android сделал .ovpn по инструкции. Подключение устанавливается, в логах сервера ничего криминального, но пакеты не идут. Логи сервера:
MULTI: multi_create_instance called
<IP>:60909 Re-using SSL/TLS context
<IP>:60909 LZO compression initializing
<IP>:60909 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
<IP>:60909 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
<IP>:60909 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
<IP>:60909 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
<IP>:60909 TLS: Initial packet from [AF_INET]<IP>:60909, sid=716c5eb3 f867e3dc
<IP>:60909 VERIFY OK: depth=1, <...>
<IP>:60909 VERIFY OK: depth=0, <...>
<IP>:60909 peer info: IV_GUI_VER=net.openvpn.connect.android_1.1.17-76
<IP>:60909 peer info: IV_VER=3.0.12
<IP>:60909 peer info: IV_PLAT=android
<IP>:60909 peer info: IV_NCP=2
<IP>:60909 peer info: IV_TCPNL=1
<IP>:60909 peer info: IV_PROTO=2
<IP>:60909 peer info: IV_LZO=1
<IP>:60909 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
<IP>:60909 [sai] Peer Connection Initiated with [AF_INET]<IP>:60909
sai/<IP>:60909 MULTI_sva: pool returned IPv4=10.8.0.4, IPv6=(Not enabled)
sai/<IP>:60909 MULTI: Learn: 10.8.0.4 -> sai/<IP>:60909
sai/<IP>:60909 MULTI: primary virtual IP for sai/<IP>:60909: 10.8.0.4
sai/<IP>:60909 PUSH: Received control message: 'PUSH_REQUEST'
sai/<IP>:60909 SENT CONTROL [sai]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.4 255.255.255.0,peer-id 3,cipher AES-256-GCM' (status=1)
sai/<IP>:60909 Data Channel: using negotiated cipher 'AES-256-GCM'
sai/<IP>:60909 Data Channel MTU parms [ L:1550 D:1450 EF:50 EB:406 ET:0 EL:3 ]
sai/<IP>:60909 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
sai/<IP>:60909 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Конфиг сервера:
port <PORT>
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/cert.crt
key /etc/openvpn/key.key # This file should be kept secret
dh /etc/openvpn/dh2048.pem
server 10.8.0.0 255.255.255.0
topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 4
Конфиг клиента:
client
dev tun0
proto udp
remote <IP> <PORT>
user nobody
group nobody
persist-key
persist-tun
comp-lzo
key-direction 1
<tls-auth>
...
</tls-auth>
<key>
...
</key>
<cert>
...
</cert>
<ca>
...
</ca>