настроил, работало, потом через какое-то время перестали устанавливаться подключения... у сертефикатов делал expireв через 10лет...
конфиг клиента(винда):
Код: Выделить всё
client
dev tun
proto tcp
#proto udp
remote my.host 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca my.host/ca-cert.pem
cert my.host/SBaranov/client_SBaranov.cert
key my.host/SBaranov/client_SBaranov.key
tls-auth ta.key 1
cipher AES-128-CBC # AES
comp-lzo
verb 3
mute 10
tls-client
dh dh1024.pem
ping 10
Код: Выделить всё
proto tcp-server
dev tun0
port 1194
# TLS parms
tls-server
tls-timeout 180
tls-auth /data/ad0/ssl/ta.key 0
ca /data/ad0/ssl/ca-cert.pem
cert /data/ad0/ssl/ugmet_gw.cert
key /data/ad0/ssl/ugmet_gw.key
dh /data/ad0/ssl/dh1024.pem
#mode server
server 172.16.14.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway 172.16.14.1"
push "dhcp-option DNS 192.168.1.1"
duplicate-cn
hand-window 160
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
key-method 2
cipher AES-128-CBC # AES
user nobody
group nobody
persist-key
persist-tun
comp-lzo
keepalive 10 120
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 3
Код: Выделить всё
Wed Aug 29 15:22:17 2007 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Wed Aug 29 15:22:17 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Aug 29 15:22:17 2007 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed Aug 29 15:22:17 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Aug 29 15:22:17 2007 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Aug 29 15:22:17 2007 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 29 15:22:17 2007 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Aug 29 15:22:17 2007 LZO compression initialized
Wed Aug 29 15:22:17 2007 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Aug 29 15:22:17 2007 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Aug 29 15:22:17 2007 Local Options hash (VER=V4): '0bdd0804'
Wed Aug 29 15:22:17 2007 Expected Remote Options hash (VER=V4): 'a642654b'
Wed Aug 29 15:22:17 2007 Attempting to establish TCP connection with <сервер>IP:1194
Wed Aug 29 15:22:18 2007 TCP connection established with <сервер>IP:1194
Wed Aug 29 15:22:18 2007 TCPv4_CLIENT link local: [undef]
Wed Aug 29 15:22:18 2007 TCPv4_CLIENT link remote: <сервер>IP:1194
Wed Aug 29 15:22:19 2007 TLS: Initial packet from <сервер>IP:1194, sid=e78691f9 9306928b
Wed Aug 29 15:22:57 2007 VERIFY OK: depth=1, /C=RU/ST=Rostov_region/L=Rostov-on-Don/O=MyOrg_Ltd/CN=Sergey_Baranov/emailAddress=sef@MyOrg.ru
Wed Aug 29 15:22:57 2007 VERIFY OK: depth=0, /C=RU/ST=Rostov_region/O=MyOrg_Ltd/CN=Sergey_Baranov/emailAddress=sef@MyOrg.ru
Wed Aug 29 15:23:14 2007 Connection reset, restarting [0]
Wed Aug 29 15:23:14 2007 TCP/UDP: Closing socket
Wed Aug 29 15:23:14 2007 SIGUSR1[soft,connection-reset] received, process restarting
Wed Aug 29 15:23:14 2007 Restart pause, 5 second(s)
Код: Выделить всё
Wed Aug 29 15:22:19 2007 MULTI: multi_create_instance called
Wed Aug 29 15:22:19 2007 Re-using SSL/TLS context
Wed Aug 29 15:22:19 2007 LZO compression initialized
Wed Aug 29 15:22:19 2007 Control Channel MTU parms [ L:1592 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Aug 29 15:22:19 2007 Data Channel MTU parms [ L:1592 D:1450 EF:60 EB:135 ET:32 EL:0 AF:3/1 ]
Wed Aug 29 15:22:19 2007 Local Options hash (VER=V4): '99a77f44'
Wed Aug 29 15:22:19 2007 Expected Remote Options hash (VER=V4): '73a58edd'
Wed Aug 29 15:22:19 2007 TCP connection established with 217.74.245.35:4488
Wed Aug 29 15:22:19 2007 TCPv4_SERVER link local: [undef]
Wed Aug 29 15:22:19 2007 TCPv4_SERVER link remote: 217.74.245.35:4488
Wed Aug 29 15:22:19 2007 217.74.245.35:4488 TLS: Initial packet from 217.74.245.35:4488, sid=34253ecf 251de4d8
Wed Aug 29 15:23:14 2007 217.74.245.35:4488 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Aug 29 15:23:14 2007 217.74.245.35:4488 TLS Error: incoming packet authentication failed from 217.74.245.35:4488
Wed Aug 29 15:23:14 2007 217.74.245.35:4488 Fatal TLS error (check_tls_errors_co), restarting
Wed Aug 29 15:23:14 2007 217.74.245.35:4488 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Aug 29 15:23:14 2007 TCP/UDP: Closing socket