Killertechno
Posts: 205
Joined: Wed Jan 02, 2013 8:28 am

[OpenVPN] Help with client configuration

Fri Jan 17, 2020 3:47 pm

Hi to all users.
I would like to set Raspberry as OpenVPN client, to be connected to VPN server.
I already have a client connected to server using following configuration:

- Server IP: 2.194.75.64 (I set it manually every time due it's not static)
- port: 1194
- protocol: TCP
- LZO: disabled
- mode: TUN
- encryption: AES-256/CBC-256
- authentication: TLS+password
- TLS cipher: all
- user: OVPN_Raspberry_test
- password: raspberry
- HMAC authentication algorithm: SHA1
- certificates:
ca.crt
OVPN_Raspberry_test.crt
OVPN_Raspberry_test.key

Here my configuration file /etc/client/client.conf:


Code: Select all

client
cipher AES-256-CBC

dev tun
port 1194
proto tcp
remote 2.194.75.64
resolv-retry infinite
keepalive 5 10
nobind
ca /etc/openvpn/ca.crt
cert /etc/openvpn/OVPN_Raspberry_tes.crt
key /etc/openvpn/OVPN_Raspberry_tes.key
comp-lzo no
persist-key
persist-tun
verb 3
auth-user-pass login.conf

remote-cert-tls server
#log-append /var/log/openvpn.log

On login.conf:

Code: Select all

OVPN_Raspberry_test
password
When I generate certificates I set same password I insert starting OpenVPN (can I avoid to type it every time?).

Here results:

Code: Select all

pi@raspberrypi:/etc/openvpn/client $ sudo openvpn client.conf 
Fri Jan 17 15:37:49 2020 WARNING: file 'login.conf' is group or others accessible
Fri Jan 17 15:37:49 2020 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 14 2018
Fri Jan 17 15:37:49 2020 library versions: OpenSSL 1.0.2r  26 Feb 2019, LZO 2.08
Enter Private Key Password: **********
Fri Jan 17 15:37:52 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 17 15:37:52 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]2.194.75.64:1194
Fri Jan 17 15:37:52 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]
Fri Jan 17 15:37:52 2020 Attempting to establish TCP connection with [AF_INET]2.194.75.64:1194 [nonblock]
Fri Jan 17 15:37:54 2020 TCP connection established with [AF_INET]2.194.75.64:1194
Fri Jan 17 15:37:54 2020 TCP_CLIENT link local: (not bound)
Fri Jan 17 15:37:54 2020 TCP_CLIENT link remote: [AF_INET]2.194.75.64:1194
Fri Jan 17 15:38:04 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Fri Jan 17 15:38:04 2020 SIGUSR1[soft,ping-restart] received, process restarting
Fri Jan 17 15:38:04 2020 Restart pause, 5 second(s)
^CFri Jan 17 15:38:09 2020 SIGINT[hard,init_instance] received, process exiting
pi@raspberrypi:/etc/openvpn/client $ 
On server I can see connections from my public IP but client doesn't get registered on server, so I suppose I have wrong client settings.
What's wrong on my configuration file?
Thanks.

castletonroad
Posts: 135
Joined: Sat Jul 25, 2015 11:23 pm

Re: [OpenVPN] Help with client configuration

Sat Jan 18, 2020 7:24 pm

Your certificates are incorrectly spelt:

Code: Select all

cert /etc/openvpn/OVPN_Raspberry_tes.crt
key /etc/openvpn/OVPN_Raspberry_tes.key
...should be...

Code: Select all

cert /etc/openvpn/OVPN_Raspberry_test.crt
key /etc/openvpn/OVPN_Raspberry_test.key
Raspberry Pi 4 Model B | Raspberry Pi 3 Model B | Raspberry Pi 2 Model B

Killertechno
Posts: 205
Joined: Wed Jan 02, 2013 8:28 am

Re: [OpenVPN] Help with client configuration

Mon Jan 20, 2020 9:06 am

Sorry, my fault but mistake has been writing request on forum, on configuration file certificates are correct.

Return to “Networking and servers”