LINUX.ORG.RU

Проблема с OpenVPN

 ,


0

1

Не могу понять где допустил ошибку при конфигурации VPN сервера

Сервер - Centos 7 Клиент - windows 10

server.conf

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key  
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
remote-cert-eku "TLS Web Client Authentication"
tls-crypt myvpn.tlsauth

client.ovpn

client
tls-client
ca "d:\\Documents\\keys\\ca.crt"
cert "d:\\Documents\\keys\\client.crt"
key "d:\\Documents\\keys\\client.key"
tls-crypt "d:\\Documents\\keys\\myvpn.tlsauth"
remote-cert-eku "TLS Web Client Authentication"
proto udp
remote 11.22.33.44 1194 udp
dev tun
topology subnet
pull
user nobody
group nobody

при попытке подключиться:

Thu Aug 08 14:16:13 2019 NOTE: --user option is not implemented on Windows
Thu Aug 08 14:16:13 2019 NOTE: --group option is not implemented on Windows
Thu Aug 08 14:16:13 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 25 2019
Thu Aug 08 14:16:13 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Aug 08 14:16:13 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Thu Aug 08 14:16:13 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]11.22.33.44:1194
Thu Aug 08 14:16:13 2019 UDP link local (bound): [AF_INET][undef]:1194
Thu Aug 08 14:16:13 2019 UDP link remote: [AF_INET]11.22.33.44:1194
Thu Aug 08 14:16:13 2019 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Thu Aug 08 14:16:13 2019 TLS_ERROR: BIO read tls_read_plaintext error
Thu Aug 08 14:16:13 2019 TLS Error: TLS object -> incoming plaintext read error
Thu Aug 08 14:16:13 2019 TLS Error: TLS handshake failed
Thu Aug 08 14:16:13 2019 SIGUSR1[soft,tls-error] received, process restarting

На практике лучше инжектить сертификаты и ключи в конфиг клиента через <ca>...</ca>, <cert>...</cert> и <key>...</key> - тогда не будет проблем с путями к файлам и сгенерированные конфиги не будут гвоздями прибиты к каталогам

Nastishka ★★★★ ()