Помогите! Что делаю не так?
Сервер
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 127.0.0.1"
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
<ca>
-----BEGIN CERTIFICATE-----
******************
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ChangeMe
Validity
Not Before: Aug 28 12:57:22 2017 GMT
Not After : Aug 26 12:57:22 2027 GMT
Subject: CN=server
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:f8:bc:d3:b7:1c:fe:2d:9f:45:3d:96:d9:05:
ec:39:63:4e:54:f8:22:76:1f:5f:c9:fa:02:f8:49:
5d:a7:08:fc:1d:7b:ff:6c:30:ba:e8:70:cf:d4:ee:
c7:b3:09:91:a0:49:0b:7b:22:f4:26:bf:91:64:15:
79:72:83:4c:e2:66:71:14:ed:a9:b0:5f:84:9d:18:
c8:87:98:1c:f6:bd:53:a5:4e:10:76:dd:cb:c2:ab:
be:8f:32:7a:68:e1:67:f0:8c:d5:7c:90:40:5a:9f:
5e:d3:cc:2a:44:04:72:ff:9d:3f:8d:f6:2d:8f:bf:
47:7b:be:05:e0:10:b2:c2:0d:74:a8:7a:c0:44:1e:
ca:ac:bc:5c:34:7b:ca:b4:63:89:4f:9e:bf:97:44:
61:86:1c:6c:66:85:ae:7e:c7:c7:5a:85:17:ec:ce:
90:1c:0a:fc:32:0f:4c:2f:fd:04:18:68:d7:cf:d9:
20:ea:e9:c9:45:7b:89:c5:1f:5d:fc:06:1b:ff:3f:
f7:d7:ce:b3:f5:1d:b4:42:e0:c5:a1:28:24:03:2a:
38:f0:df:0f:cb:3a:15:8a:fd:9f:eb:8e:d1:a7:b5:
20:8e:9d:45:57:1d:85:f5:ff:59:a1:46:5e:6c:05:
fc:37:38:2e:cc:af:dc:52:ef:5d:d6:9c:63:f6:65:
4f:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
CA:FD:4D:08:CD:F1:07:81:5B:29:64:AB:40:09:16:01:7D:22:FA:59
X509v3 Authority Key Identifier:
keyid:DA:02:DC:04:7F:07:FE:F1:78:69:43:9E:92:6C:2E:5C:AA:DF:C5:4B
DirName:/CN=ChangeMe
serial:96:55:60:02:53:7D:2F:EE
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
24:70:e1:6c:e5:b0:3f:6a:39:09:85:a3:5b:2e:dd:7d:57:7c:
f3:e0:cc:bd:69:35:5e:df:0c:77:0f:da:94:b8:b7:3c:f3:ab:
cc:13:e5:ba:fe:51:2f:78:cf:4d:56:27:42:06:bc:28:3b:21:
a4:d4:3a:7b:f6:30:14:b9:03:41:0e:f5:6e:25:19:c7:bc:46:
6c:23:62:e0:3a:f7:0d:88:1e:3e:0e:94:41:40:f7:4e:c0:9b:
c9:6d:43:2c:1d:c9:ff:3d:61:f3:51:9d:74:f1:ec:c7:0a:9b:
db:ba:67:0d:be:b6:ff:6d:81:15:b7:c8:e1:8f:37:97:22:2c:
1b:54:fb:d9:af:45:86:8f:6e:e2:51:9e:12:e2:d4:60:d0:12:
a1:6a:92:36:da:2d:50:16:81:de:60:e4:40:f0:55:54:de:86:
e8:af:c2:1f:a7:4e:35:71:91:22:77:fe:2d:0b:da:0a:e2:ed:
b0:de:4a:1f:3e:75:fa:08:5b:5e:7d:62:c4:91:e1:e4:e6:0d:
23:26:a9:3d:dd:15:fc:74:4d:f0:45:f3:90:ac:6e:cd:aa:74:
57:79:63:af:09:56:ae:ab:66:87:f4:0b:f7:e8:58:65:6b:68:
39:72:be:4f:78:d9:4c:01:3d:9d:57:2e:ea:4b:45:51:ee:94:
05:3c:01:50
-----BEGIN CERTIFICATE-----
*******************
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
*************************
-----END PRIVATE KEY-----
</key>
<dh>
-----BEGIN DH PARAMETERS-----
************************
-----END DH PARAMETERS-----
</dh>
Клиент
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote *.*.*.* 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
******************
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ChangeMe
Validity
Not Before: Aug 28 12:57:28 2017 GMT
Not After : Aug 26 12:57:28 2027 GMT
Subject: CN=client2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d1:37:10:12:ae:9f:f3:25:87:18:7c:d9:38:e0:
c4:49:82:d6:cb:f9:c5:24:0b:a3:bd:7c:55:cd:ff:
7b:5c:f0:fb:78:fb:ab:3e:f1:a9:f7:37:08:0b:0e:
aa:dc:b8:fa:11:ee:00:e4:38:ab:e9:3b:d2:ed:d7:
e3:f5:7e:e7:4c:21:63:de:99:22:d5:d4:73:e1:7e:
da:eb:55:40:ae:0e:97:b7:8e:4f:59:41:3e:ac:52:
e5:36:77:40:f3:96:dd:d9:45:bf:a3:ee:6e:4f:2b:
59:8b:02:04:97:0b:30:e9:32:a8:27:05:61:7e:31:
1c:05:7c:06:23:37:c3:3c:e1:31:72:51:9a:95:d2:
06:72:c8:12:95:91:79:f9:07:81:c0:7e:0f:e9:76:
46:dc:d5:00:9f:ae:c9:5c:7d:42:97:4a:e7:9f:6e:
f5:9b:f3:a4:9b:2b:5f:12:32:fd:f6:b8:93:33:7f:
f0:ed:61:f4:10:8d:22:96:9b:77:91:f7:5c:4f:62:
bf:00:c3:21:98:79:0c:cf:c8:22:7b:de:31:df:5b:
78:47:04:b7:8d:d0:cb:c7:78:27:31:66:33:c7:9a:
06:f2:63:1a:f1:71:df:cb:df:aa:06:7d:cf:cd:de:
90:85:5e:91:a1:ad:bc:6a:f4:ad:fa:4f:dc:1e:5c:
f4:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
8F:AB:56:BE:DC:84:82:82:F0:3E:C5:1C:9C:9D:EC:CE:85:26:3C:39
X509v3 Authority Key Identifier:
keyid:DA:02:DC:04:7F:07:FE:F1:78:69:43:9E:92:6C:2E:5C:AA:DF:C5:4B
DirName:/CN=ChangeMe
serial:96:55:60:02:53:7D:2F:EE
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
e4:cd:bf:a0:f7:5d:fa:7b:54:6c:4d:d0:5e:a1:8f:cb:44:4f:
52:bd:45:08:ac:b6:71:50:ed:ff:ab:22:d6:e8:57:40:b8:97:
45:8a:27:b5:e4:b0:8b:39:5a:7b:dd:0e:98:8f:e8:d3:8d:51:
7d:d8:ed:aa:2e:32:85:34:17:f6:c5:c6:f6:0e:91:a7:3f:e0:
5c:d8:14:76:98:d2:ae:c8:68:ef:0b:ca:bd:80:2a:84:02:92:
4c:37:7a:e1:a5:eb:56:e8:57:82:71:1c:57:1a:b4:29:40:95:
da:b8:55:61:28:5c:54:ef:35:e1:54:e0:6e:d0:97:48:89:ce:
b9:ff:c8:57:62:6d:86:a1:7f:ed:94:79:84:4f:3c:4d:4e:7f:
bb:40:64:27:1a:84:ca:a3:77:70:bc:67:d9:aa:ff:d2:94:d4:
6f:f9:08:c1:65:f6:46:60:5e:c9:a6:b6:d5:db:ea:e7:4d:b8:
c3:2d:f7:72:28:4a:62:a8:55:e7:c3:16:ad:5b:92:25:41:88:
d0:fe:96:6c:dd:94:1d:3a:38:5b:a4:3c:17:8e:fe:9c:16:af:
db:21:f4:44:16:f5:35:73:fb:2b:4d:53:60:b4:60:fd:39:9e:
aa:61:2a:c2:2d:12:d0:a9:1c:d8:9b:61:72:67:a2:3d:82:6b:
7a:be:6b:81
-----BEGIN CERTIFICATE-----
************************
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
*******************
-----END PRIVATE KEY-----
</key>
Лог Сервер
Aug 28 19:07:25OpenVPN0OpenVPN 2.4.3 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Aug 28 19:07:25OpenVPN0library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Aug 28 19:07:25OpenVPN0Diffie-Hellman initialized with 2048 bit key
Aug 28 19:07:25OpenVPN0TUN/TAP device tun0 opened
Aug 28 19:07:25OpenVPN0TUN/TAP TX queue length set to 100
Aug 28 19:07:25OpenVPN0do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 28 19:07:25ndmNetwork::Interface::IP: "OpenVPN0": IP address is 10.8.0.1/24.
Aug 28 19:07:25OpenVPN0Could not determine IPv4/IPv6 protocol. Using AF_INET6
Aug 28 19:07:25OpenVPN0Socket Buffers: R=[155648->155648] S=[155648->155648]
Aug 28 19:07:25OpenVPN0setsockopt(IPV6_V6ONLY=0)
Aug 28 19:07:25OpenVPN0UDPv6 link local (bound): [AF_INET6][undef]:1194
Aug 28 19:07:25OpenVPN0UDPv6 link remote: [AF_UNSPEC]
Aug 28 19:07:25OpenVPN0GID set to nobody
Aug 28 19:07:25OpenVPN0UID set to nobody
Aug 28 19:07:25OpenVPN0MULTI: multi_init called, r=256 v=256
Aug 28 19:07:25OpenVPN0IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Aug 28 19:07:25OpenVPN0Initialization Sequence Completed
Aug 28 19:07:26ndmCore::ConfigurationSaver: configuration saved.
Aug 28 19:07:29ndhcpcGigabitEthernet0/Vlan40: received ACK for *.*.*.* from *.*.*.*.
Aug 28 19:08:09wmondWifiMaster0/AccessPoint0: (RT2860) STA(*:*:*:*:*:*) had disassociated.
Aug 28 19:09:00OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:39902, sid=f5097f9d 87c43951
Aug 28 19:09:05OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:58124, sid=a2190dd4 6517f580
Aug 28 19:09:14OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:60226, sid=415e0067 026d011e
Aug 28 19:09:19OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:52433, sid=2aceac8c cb3f73d9
Aug 28 19:09:24OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:40792, sid=27b1ca7b b53c8105
Aug 28 19:09:37OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:48955, sid=45321181 f6f0fd23
Aug 28 19:10:00OpenVPN0*.*.*.* TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Aug 28 19:10:00OpenVPN0*.*.*.* TLS Error: TLS handshake failed
Aug 28 19:10:00OpenVPN0*.*.*.* SIGUSR1[soft,tls-error] received, client-instance restarting
Aug 28 19:10:03OpenVPN0*.*.*.* TLS: Initial packet from [AF_INET6]::ffff:*.*.*.*:58879, sid=73d923c3 0e8b2189
Aug 28 19:10:05OpenVPN0*.*.*.* TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Aug 28 19:10:05OpenVPN0*.*.*.* TLS Error: TLS handshake failed
Aug 28 19:10:05OpenVPN0*.*.*.* SIGUSR1[soft,tls-error] received, client-instance restarting
Лог Клиент
Aug 18 02:57:58OpenVPN0SIGUSR1[soft,tls-error] received, process restarting
Aug 18 02:57:58OpenVPN0Restart pause, 10 second(s)
Aug 18 02:58:08OpenVPN0TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:1194
Aug 18 02:58:08OpenVPN0Socket Buffers: R=[155648->155648] S=[155648->155648]
Aug 18 02:58:08OpenVPN0UDP link local: (not bound)
Aug 18 02:58:08OpenVPN0UDP link remote: [AF_INET]*.*.*.*:1194
Aug 18 02:58:13OpenVPN0TLS: Initial packet from [AF_INET]*.*.*.*:1194, sid=e9d9834e 4905a11e
Aug 18 02:58:14OpenVPN0VERIFY ERROR: depth=1, error=certificate is not yet valid: CN=ChangeMe
Aug 18 02:58:14OpenVPN0OpenSSL: error:14090086:lib(20):func(144):reason(134)
Aug 18 02:58:14OpenVPN0TLS_ERROR: BIO read tls_read_plaintext error
Aug 18 02:58:14OpenVPN0TLS Error: TLS object -> incoming plaintext read error
Aug 18 02:58:14OpenVPN0TLS Error: TLS handshake failed
Скорей бы уже официальная серверная часть
