Jump to content
Максим Галамай

Проблемы с клиентом OpenVPN на Keenetic Giga

Recommended Posts

Доброго времени суток, форумчане!
Имею проблемы с подключением openvpn на роутере к Keenetic Giga к серверу OpenVpn, через нативный клиент всё подключается и работает.
Конфиг:

  Hide contents

client
dev tap
proto tcp
remote x.x.x.x 443
nobind
persist-key
persist-tun
cipher BF-CBC
comp-lzo
verb 5
mute 20
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
</key>

Регистрируемые в логе ошибки, дальше по кругу просто идёт одно и тоже:

  Hide contents

Мар 18 21:30:27 ndm
Core::Syslog: the system log has been cleared.
Мар 18 21:30:50 ndm
Network::Interface::Base: "OpenVPN0": interface is up.
Мар 18 21:30:50 ndm
Core::ConfigurationSaver: saving configuration...
Мар 18 21:30:52 OpenVPN0
OpenVPN 2.4.6 [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [AEAD]
Мар 18 21:30:52 OpenVPN0
library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Мар 18 21:30:52 OpenVPN0
Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Мар 18 21:30:52 OpenVPN0
Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Мар 18 21:30:52 OpenVPN0
Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Мар 18 21:30:52 OpenVPN0
Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Мар 18 21:30:52 OpenVPN0
LZO compression initializing
Мар 18 21:30:52 OpenVPN0
Control Channel MTU parms [ L:1656 D:1154 EF:96 EB:0 ET:0 EL:3 ]
Мар 18 21:30:52 OpenVPN0
Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Мар 18 21:30:52 OpenVPN0
Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Мар 18 21:30:52 OpenVPN0
Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Мар 18 21:30:52 OpenVPN0
Socket Buffers: R=[87380->87380] S=[16384->16384]
Мар 18 21:30:52 OpenVPN0
Attempting to establish TCP connection with [AF_INET]x.x.x.x:443 [nonblock]
Мар 18 21:30:53 ndm
Core::ConfigurationSaver: configuration saved.
Мар 18 21:30:53 OpenVPN0
TCP connection established with [AF_INET]x.x.x.x:443
Мар 18 21:30:53 OpenVPN0
TCP_CLIENT link local: (not bound)
Мар 18 21:30:53 OpenVPN0
TCP_CLIENT link remote: [AF_INET]x.x.x.x:443
Мар 18 21:30:53 OpenVPN0
NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Мар 18 21:30:54 OpenVPN0
Connection reset, restarting [0]
Мар 18 21:30:54 OpenVPN0
TCP/UDP: Closing socket
Мар 18 21:30:54 OpenVPN0
SIGTERM[soft,connection-reset] received, process exiting
Мар 18 21:30:54 ndm
Service: "OpenVPN0": unexpectedly stopped.

Прошу помощи, товарищи!

Share this post


Link to post
Share on other sites

Здравствуйте.

Была такая же ерунда.

Заменил <tls-crypt> на <tls-auth> и </tls-crypt> на </tls-auth>.

После </tls-auth> добавил строку

key-direction 1

И заработало. 

Наверное, надо изучать документацию. Но где взять время, если это не по специальности...

Надеюсь поможет

Share this post


Link to post
Share on other sites

  

22 hours ago, techno said:

Здравствуйте.

Была такая же ерунда.

Заменил <tls-crypt> на <tls-auth> и </tls-crypt> на </tls-auth>.

После </tls-auth> добавил строку

key-direction 1

И заработало. 

Наверное, надо изучать документацию. Но где взять время, если это не по специальности...

Надеюсь поможет

Доброго времени суток!

Спасибо за ответ! Проблема уже решена. только деректива по ключу была добавлена вместо key-direction 1 tls-auth ta.key 0.

Приведу пример конфига, может кому-то будет полезным:

-------------------------------------------------------------------------------------

client

dev tap
proto tcp
remote xxx.xxx.xxx.xxx 443
nobind
persist-key
persist-tun
tls-auth ta.key 0 
cipher BF-CBC
comp-lzo
verb 5
mute 20
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

------------------------------------------------------------------------------------

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...